Ahoj,
mé síly na vyřešení tohoto problému již nestačí a obracím se tedy s prosbou na Vás.
Včera z ničeho nic, se mi začala extrémně sekat stránka facebooku, až tak, že je nepoužitelná. To se vyskytuje ve Firefoxu, Chrome i Exploreru.
Ostatní stránky jedou bez problému. Jen Internet Explorer mi navíc seká a blbne snad u všeho a patrně s tím asi souvisí adresa www2.delta-search.com.
Zkoušel jsem různé programy na odstranění malware, spyware apod., přeinstalovat flash, javu, ccleaner a čištění registrů, ale stále je to stejné. Nevím v čem může být problém.
Děkuji za rady a ochotu řešit můj problém.
Zde je výpis:
Logfile of random's system information tool 1.08 (written by random/random)
Run by MARSHALX at 2013-06-28 22:40:25
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 7 GB (13%) free of 51 GB
Total RAM: 8140 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:33, on 28.6.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\MARSHALX.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://seznam.cz/?clid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/?clid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C3B28A191B8F63467BD522CC2281DD78] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 11 Gravity (CobianBackup11) - Luis Cobian, CobianSoft - C:\Program Files (x86)\Cobian Backup 11\cbService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11070 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
"C:\Users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\CNAB4RPD.EXE
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\Zune\ZuneLauncher.exe"
"C:\Windows\SysWOW64\HsMgr.exe" Envoke
"C:\Windows\system\HsMgr64.exe" Envoke
KHALMNPR.EXE /API
"C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3216.0.1095480025\863816661" --supports-dual-gpus=false --gpu-vendor-id=0x1002 --gpu-device-id=0x6819 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=9.12.0.0 --ignored=" --type=renderer " /prefetch:822062411
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxSearchSuggestTrialStarted2013Q1/7/OneClickSignIn/Standard/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_31/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --channel="3216.1.68904463\485960907" /prefetch:673131151
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1257473412-3043363552-226881840-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1257473412-3043363552-226881840-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\totalcmd\TOTALCMD64.EXE"
taskeng.exe {599A82E9-F435-41B9-8EE1-6924BE545A3F}
C:\Windows\SYSTEM32\ie4uinit.EXE -IECleanup
"C:\Windows\System32\cmd.exe" /c "C:\Windows\System32\dism.exe" /online /get-packages /format:table /english 1>C:\Users\MARSHALX\AppData\Local\Temp\SCS6863.tmp
\??\C:\Windows\system32\conhost.exe "-1851768756-1027096899294113984169990067-593433116-20144941-19127750951319997905
C:\Windows\System32\dism.exe /online /get-packages /format:table /english
"D:\Download\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2012-08-16 6670496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-28 553896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 689040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-28 211880]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-28 463272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
DefaultTab Browser Helper - C:\Users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [2013-05-08 433272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-28 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-07-27 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-07-27 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-07-27 440640]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1744152]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552]
"Cmaudio8788"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
"Cmaudio8788GX"=C:\Windows\syswow64\HsMgr.exe [2008-07-11 200704]
"Cmaudio8788GX64"=C:\Windows\system\HsMgr64.exe [2008-07-11 282112]
"Ad-Aware Browsing Protection"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"OscarEditor"=C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe [2012-08-17 3345408]
"GoogleChromeAutoLaunch_C3B28A191B8F63467BD522CC2281DD78"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2013-06-15 825808]
"SpyEmergency"=C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
C:\Program Files\BOINC\boincmgr.exe /a /s []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
C:\Program Files\BOINC\boinctray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 11 interface]
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [2012-12-06 4407808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-03-27 291608]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-07-25 439296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 68376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2012-08-16 6670496]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2013-06-28 22:27:35 ----A---- C:\AdwCleaner[R1].txt
2013-06-28 22:22:40 ----D---- C:\rsit
2013-06-28 22:22:40 ----D---- C:\Program Files\trend micro
2013-06-28 21:57:30 ----HD---- C:\Windows\msdownld.tmp
2013-06-28 21:40:19 ----D---- C:\Users\MARSHALX\AppData\Roaming\Anvisoft
2013-06-28 21:40:13 ----D---- C:\ProgramData\Anvisoft
2013-06-28 21:40:10 ----D---- C:\Program Files (x86)\Anvisoft
2013-06-28 21:35:03 ----D---- C:\Program Files\GridinSoft Trojan Killer
2013-06-28 21:17:01 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-06-28 21:16:59 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-06-28 21:16:59 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-06-28 21:16:59 ----A---- C:\Windows\SYSWOW64\java.exe
2013-06-28 21:15:07 ----A---- C:\Windows\system32\npDeployJava1.dll
2013-06-28 21:15:07 ----A---- C:\Windows\system32\javaws.exe
2013-06-28 21:15:07 ----A---- C:\Windows\system32\deployJava1.dll
2013-06-28 21:15:05 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2013-06-28 21:15:05 ----A---- C:\Windows\system32\javaw.exe
2013-06-28 21:15:05 ----A---- C:\Windows\system32\java.exe
2013-06-28 21:15:00 ----D---- C:\Program Files\Java
2013-06-27 22:36:02 ----D---- C:\Users\MARSHALX\AppData\Roaming\Malwarebytes
2013-06-27 22:35:39 ----D---- C:\ProgramData\Malwarebytes
2013-06-27 22:34:10 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-06-25 23:07:42 ----D---- C:\ProgramData\GFI Software
2013-06-23 22:34:18 ----D---- C:\ProgramData\Lavasoft
2013-06-23 22:34:15 ----D---- C:\Program Files (x86)\Ad-Aware Antivirus
2013-06-23 22:33:35 ----D---- C:\Users\MARSHALX\AppData\Roaming\Ad-Aware Antivirus
2013-06-16 21:40:36 ----D---- C:\ProgramData\Apple Computer
2013-06-16 21:40:36 ----D---- C:\Program Files (x86)\QuickTime
2013-06-16 00:15:19 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-06-16 00:15:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-06-16 00:15:18 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-06-16 00:15:18 ----A---- C:\Windows\system32\urlmon.dll
2013-06-16 00:15:18 ----A---- C:\Windows\system32\iertutil.dll
2013-06-16 00:15:17 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-06-16 00:15:17 ----A---- C:\Windows\system32\ieui.dll
2013-06-16 00:15:16 ----A---- C:\Windows\system32\ieframe.dll
2013-06-16 00:15:15 ----A---- C:\Windows\system32\mshtml.dll
2013-06-16 00:15:14 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-06-13 00:35:44 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-06-13 00:35:44 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-06-13 00:35:44 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-06-13 00:35:44 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-06-13 00:35:44 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-13 00:35:44 ----A---- C:\Windows\system32\iesysprep.dll
2013-06-13 00:35:44 ----A---- C:\Windows\system32\iesetup.dll
2013-06-13 00:35:44 ----A---- C:\Windows\system32\iernonce.dll
2013-06-13 00:35:44 ----A---- C:\Windows\system32\ie4uinit.exe
2013-06-13 00:35:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-06-13 00:35:43 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-06-13 00:35:43 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-13 00:35:43 ----A---- C:\Windows\system32\jscript9.dll
2013-06-13 00:35:43 ----A---- C:\Windows\system32\jscript.dll
2013-06-13 00:35:42 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-06-13 00:35:41 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-06-13 00:35:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-06-13 00:35:41 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-13 00:35:40 ----A---- C:\Windows\system32\wininet.dll
2013-06-12 17:48:59 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-06-12 17:48:35 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-06-12 17:48:35 ----A---- C:\Windows\system32\win32spl.dll
2013-06-12 17:48:33 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2013-06-12 17:48:33 ----A---- C:\Windows\system32\cryptdlg.dll
2013-06-12 17:48:32 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-06-12 17:48:31 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-06-12 17:48:30 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-06-12 17:48:30 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-06-12 17:48:30 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-06-12 17:48:30 ----A---- C:\Windows\SYSWOW64\certutil.exe
2013-06-12 17:48:30 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-12 17:48:30 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-12 17:48:30 ----A---- C:\Windows\system32\crypt32.dll
2013-06-12 17:48:30 ----A---- C:\Windows\system32\certutil.exe
2013-06-12 17:48:30 ----A---- C:\Windows\system32\certenc.dll
2013-06-12 17:48:29 ----A---- C:\Windows\SYSWOW64\certenc.dll
2013-06-12 17:48:26 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2013-06-12 17:48:26 ----A---- C:\Windows\system32\d3d11.dll
2013-06-09 19:57:34 ----D---- C:\Program Files\CCleaner
======List of files/folders modified in the last 1 months======
2013-06-28 22:37:54 ----D---- C:\Windows\system32\config
2013-06-28 22:36:50 ----A---- C:\Windows\SYSWOW64\log.txt
2013-06-28 22:35:40 ----D---- C:\Windows\Temp
2013-06-28 22:34:28 ----D---- C:\Program Files
2013-06-28 22:33:37 ----D---- C:\Windows\system32\drivers
2013-06-28 22:33:25 ----HD---- C:\ProgramData
2013-06-28 21:57:31 ----RD---- C:\Program Files (x86)
2013-06-28 21:57:31 ----D---- C:\Program Files\Internet Explorer
2013-06-28 21:57:30 ----D---- C:\Windows
2013-06-28 21:17:08 ----SHD---- C:\Windows\Installer
2013-06-28 21:17:08 ----D---- C:\Program Files (x86)\Common Files
2013-06-28 21:17:01 ----D---- C:\Windows\SysWOW64
2013-06-28 21:16:55 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2013-06-28 21:16:55 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2013-06-28 21:16:39 ----SHD---- C:\System Volume Information
2013-06-28 21:15:07 ----D---- C:\Windows\System32
2013-06-28 21:08:19 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-06-28 20:58:22 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 22:34:19 ----D---- C:\Windows\Prefetch
2013-06-27 22:02:31 ----D---- C:\Windows\system32\Tasks
2013-06-25 23:10:44 ----D---- C:\Windows\SYSWOW64\drivers
2013-06-23 22:46:25 ----D---- C:\Program Files (x86)\OApps
2013-06-23 18:12:46 ----D---- C:\Windows\system32\catroot2
2013-06-22 19:21:04 ----D---- C:\Windows\inf
2013-06-22 19:20:45 ----D---- C:\Windows\Logs
2013-06-22 19:15:36 ----D---- C:\Program Files (x86)\JDownloader
2013-06-22 19:11:08 ----D---- C:\Users\MARSHALX\AppData\Roaming\DAEMON Tools Lite
2013-06-20 20:27:22 ----D---- C:\Windows\Minidump
2013-06-17 22:11:08 ----D---- C:\Users\MARSHALX\AppData\Roaming\KeePass
2013-06-17 21:58:48 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2013-06-16 10:20:05 ----D---- C:\Windows\winsxs
2013-06-16 10:19:37 ----D---- C:\Program Files (x86)\Internet Explorer
2013-06-16 00:15:25 ----D---- C:\Windows\system32\catroot
2013-06-13 19:20:54 ----D---- C:\Windows\rescache
2013-06-13 18:44:01 ----D---- C:\Windows\Panther
2013-06-13 18:42:21 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-06-13 18:42:21 ----D---- C:\Windows\system32\cs-CZ
2013-06-13 00:36:12 ----D---- C:\Windows\debug
2013-06-13 00:36:10 ----A---- C:\Windows\system32\MRT.exe
2013-06-12 23:08:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-10 20:43:30 ----D---- C:\Users\MARSHALX\AppData\Roaming\Media Player Classic
2013-06-09 20:03:56 ----D---- C:\ProgramData\LogMeIn
2013-06-09 20:03:56 ----D---- C:\Program Files (x86)\PDFCreator
2013-06-09 19:39:40 ----D---- C:\Program Files (x86)\Elecard
2013-06-09 19:37:27 ----D---- C:\Program Files (x86)\MSU VQMT
2013-06-09 19:37:21 ----D---- C:\Program Files\MSU VQMT
2013-06-09 19:36:42 ----D---- C:\Program Files (x86)\MSU VQMT Demo
2013-06-09 19:36:15 ----D---- C:\Program Files (x86)\FreeTime
2013-06-09 19:34:59 ----D---- C:\Program Files (x86)\XMedia Recode
2013-06-09 19:32:59 ----D---- C:\Users\MARSHALX\AppData\Roaming\Adobe
2013-06-09 19:32:29 ----RSD---- C:\Windows\assembly
2013-06-09 19:32:27 ----D---- C:\ProgramData\CodeMeter
2013-06-09 19:31:13 ----D---- C:\ProgramData\DivX
2013-06-09 19:31:11 ----D---- C:\Program Files (x86)\DivX
2013-06-09 19:31:08 ----D---- C:\Program Files\DivX
2013-05-29 10:24:51 ----D---- C:\Windows\Microsoft.NET
2013-05-29 00:06:02 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-09 283200]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2012-11-29 72216]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 552960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
R3 cmudaxp;ASUS Xonar Essence STX Audio Interface; C:\Windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2012-11-29 11552]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-02 62784]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-07-25 8982208]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-12 4060560]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 66840]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 60696]
S3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 MSICDSetup;MSICDSetup; \??\F:\CDriver64.sys []
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 240640]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CobianBackup11;Cobian Backup 11 Gravity; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2012-12-06 1131008]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DefaultTabUpdate;DefaultTabUpdate; C:\Users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-05-08 107520]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-17 165760]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-17 276864]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-12-01 76888]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 364416]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
S2 DefaultTabSearch;DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-02-11 572928]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-28 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-07-27 276288]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 116648]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 359192]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 50899608]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-06-27 117144]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-04 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400]
S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2011-08-05 8277728]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 467680]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-09 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zasekávání prohlížeče, převážně stránka facebooku
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zasekávání prohlížeče, převážně stránka facebooku
Zdravím!
Poprosím o log ComboFix:
Poprosím o log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zasekávání prohlížeče, převážně stránka facebooku
LOG z COMBOFIX:
ComboFix 13-06-28.02 - MARSHALX 29.06.2013 21:59:02.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8140.5846 [GMT 2:00]
Spuštěný z: c:\users\MARSHALX\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DefaultTab
c:\program files (x86)\DefaultTab\DefaultTab.crx
c:\program files (x86)\DefaultTab\DefaultTabSearch.exe
c:\program files (x86)\DefaultTab\uid
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabSearch
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-28 do 2013-06-29 )))))))))))))))))))))))))))))))
.
.
2013-06-28 20:22 . 2013-06-28 20:40 -------- d-----w- C:\rsit
2013-06-28 20:22 . 2013-06-28 20:40 -------- d-----w- c:\program files\trend micro
2013-06-28 19:57 . 2013-06-28 19:57 -------- d--h--w- c:\windows\msdownld.tmp
2013-06-28 19:40 . 2013-06-28 20:32 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Anvisoft
2013-06-28 19:40 . 2013-06-28 19:40 -------- d-----w- c:\programdata\Anvisoft
2013-06-28 19:40 . 2013-06-28 20:32 -------- d-----w- c:\program files (x86)\Anvisoft
2013-06-28 19:35 . 2013-06-28 20:33 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2013-06-28 19:17 . 2013-06-28 19:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-28 19:16 . 2013-06-28 19:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-28 19:15 . 2013-06-28 19:15 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-28 19:15 . 2013-06-28 19:15 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-28 19:15 . 2013-06-28 19:15 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-28 19:15 . 2013-06-28 19:15 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-28 19:15 . 2013-06-28 19:15 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-28 19:15 . 2013-06-28 19:15 188840 ----a-w- c:\windows\system32\java.exe
2013-06-28 19:15 . 2013-06-28 19:15 -------- d-----w- c:\program files\Java
2013-06-28 19:09 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D893E4B-493E-4EFB-BBEA-A111518D3C85}\mpengine.dll
2013-06-27 20:36 . 2013-06-27 20:36 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Malwarebytes
2013-06-27 20:35 . 2013-06-27 20:35 -------- d-----w- c:\programdata\Malwarebytes
2013-06-27 17:13 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-25 21:07 . 2013-06-25 21:07 -------- d-----w- c:\programdata\GFI Software
2013-06-23 20:34 . 2013-06-23 20:34 -------- d-----w- c:\programdata\Lavasoft
2013-06-23 20:34 . 2013-06-25 21:10 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-06-23 20:34 . 2013-06-23 20:34 -------- d-----w- c:\users\MARSHALX\AppData\Local\Downloaded Installations
2013-06-23 20:33 . 2013-06-23 22:29 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Ad-Aware Antivirus
2013-06-22 09:06 . 2013-06-22 09:06 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36F27490-9E6B-4DD4-B1C0-C34B55B2CB9C}\gapaengine.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-16 19:40 . 2013-06-16 19:40 -------- d-----w- c:\program files (x86)\QuickTime
2013-06-16 19:40 . 2013-06-16 19:40 -------- d-----w- c:\programdata\Apple Computer
2013-06-12 22:35 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 15:48 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-09 17:57 . 2013-06-09 17:58 -------- d-----w- c:\program files\CCleaner
2013-06-09 17:17 . 2013-06-09 17:17 -------- d-----w- c:\program files (x86)\Common Files\PDF Architect
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-28 19:16 . 2012-09-06 17:56 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-28 19:16 . 2012-09-06 17:56 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-28 19:08 . 2012-09-03 19:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-28 19:08 . 2012-09-03 19:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-17 19:58 . 2012-11-15 20:23 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-17 19:58 . 2012-11-15 20:00 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-12 22:36 . 2012-09-03 20:45 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-21 13:37 . 2012-10-03 17:42 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2012-09-03 18:58 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-30 16:21 . 2013-04-30 16:21 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 16:21 . 2013-04-30 16:21 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 16:21 . 2013-04-30 16:21 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 16:21 . 2013-04-30 16:21 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 16:21 . 2013-04-30 16:21 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 16:21 . 2013-04-30 16:21 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 16:21 . 2013-04-30 16:21 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 16:21 . 2013-04-30 16:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 16:21 . 2013-04-30 16:21 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 16:21 . 2013-04-30 16:21 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 16:21 . 2013-04-30 16:21 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 16:21 . 2013-04-30 16:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 16:21 . 2013-04-30 16:21 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 16:21 . 2013-04-30 16:21 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 16:21 . 2013-04-30 16:21 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 16:21 . 2013-04-30 16:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 16:21 . 2013-04-30 16:21 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 16:21 . 2013-04-30 16:21 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 16:21 . 2013-04-30 16:21 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 16:21 . 2013-04-30 16:21 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 16:21 . 2013-04-30 16:21 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 16:21 . 2013-04-30 16:21 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 16:21 . 2013-04-30 16:21 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 16:21 . 2013-04-30 16:21 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 16:21 . 2013-04-30 16:21 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 16:21 . 2013-04-30 16:21 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 16:21 . 2013-04-30 16:21 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 16:21 . 2013-04-30 16:21 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 16:21 . 2013-04-30 16:21 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 16:21 . 2013-04-30 16:21 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 16:21 . 2013-04-30 16:21 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 16:21 . 2013-04-30 16:21 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 16:21 . 2013-04-30 16:21 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 16:21 . 2013-04-30 16:21 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 16:21 . 2013-04-30 16:21 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-30 16:21 . 2013-04-30 16:21 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 16:21 . 2013-04-30 16:21 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 16:21 . 2013-04-30 16:21 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 16:21 . 2013-04-30 16:21 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 16:21 . 2013-04-30 16:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 16:21 . 2013-04-30 16:21 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 16:21 . 2013-04-30 16:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 16:21 . 2013-04-30 16:21 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 16:21 . 2013-04-30 16:21 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 16:21 . 2013-04-30 16:21 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 16:21 . 2013-04-30 16:21 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 16:21 . 2013-04-30 16:21 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 16:21 . 2013-04-30 16:21 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 16:21 . 2013-04-30 16:21 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-13 05:49 . 2013-05-15 09:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 09:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 09:11 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 09:11 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 09:11 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 09:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 22:30 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 09:11 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 09:11 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 09:11 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 13:13 . 2013-05-20 13:32 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2012-08-17 3345408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSICDSetup;MSICDSetup;f:\cdriver64.sys;f:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;f:\ntiolib_x64.sys;f:\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 20:49 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 19:08]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 22:30]
.
2013-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 22:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-27 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-27 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-27 440640]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/?clid=2
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.108.34.2 212.65.242.210
FF - ProfilePath - c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - ExtSQL: 2013-05-08 20:55; firefogg@firefogg.org; c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\extensions\firefogg@firefogg.org
FF - ExtSQL: 2013-05-08 23:11; {F6F2FD49-E549-4B75-B2A8-D018289D2C13}; c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\extensions\{F6F2FD49-E549-4B75-B2A8-D018289D2C13}
user_pref(extensions.dntp.origin,'yotamfull_amo');
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
HKLM-Run-Ad-Aware Browsing Protection - (no file)
AddRemove-DefaultTab - c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-06-29 22:19:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-29 20:19
.
Před spuštěním: 6 640 496 640
Po spuštění: 6 705 709 056
.
- - End Of File - - E248CD8AE8AA3CD32887B670F467878C
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 13-06-28.02 - MARSHALX 29.06.2013 21:59:02.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8140.5846 [GMT 2:00]
Spuštěný z: c:\users\MARSHALX\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DefaultTab
c:\program files (x86)\DefaultTab\DefaultTab.crx
c:\program files (x86)\DefaultTab\DefaultTabSearch.exe
c:\program files (x86)\DefaultTab\uid
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabSearch
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-28 do 2013-06-29 )))))))))))))))))))))))))))))))
.
.
2013-06-28 20:22 . 2013-06-28 20:40 -------- d-----w- C:\rsit
2013-06-28 20:22 . 2013-06-28 20:40 -------- d-----w- c:\program files\trend micro
2013-06-28 19:57 . 2013-06-28 19:57 -------- d--h--w- c:\windows\msdownld.tmp
2013-06-28 19:40 . 2013-06-28 20:32 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Anvisoft
2013-06-28 19:40 . 2013-06-28 19:40 -------- d-----w- c:\programdata\Anvisoft
2013-06-28 19:40 . 2013-06-28 20:32 -------- d-----w- c:\program files (x86)\Anvisoft
2013-06-28 19:35 . 2013-06-28 20:33 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2013-06-28 19:17 . 2013-06-28 19:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-28 19:16 . 2013-06-28 19:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-28 19:15 . 2013-06-28 19:15 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-28 19:15 . 2013-06-28 19:15 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-28 19:15 . 2013-06-28 19:15 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-28 19:15 . 2013-06-28 19:15 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-28 19:15 . 2013-06-28 19:15 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-28 19:15 . 2013-06-28 19:15 188840 ----a-w- c:\windows\system32\java.exe
2013-06-28 19:15 . 2013-06-28 19:15 -------- d-----w- c:\program files\Java
2013-06-28 19:09 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D893E4B-493E-4EFB-BBEA-A111518D3C85}\mpengine.dll
2013-06-27 20:36 . 2013-06-27 20:36 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Malwarebytes
2013-06-27 20:35 . 2013-06-27 20:35 -------- d-----w- c:\programdata\Malwarebytes
2013-06-27 17:13 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-25 21:07 . 2013-06-25 21:07 -------- d-----w- c:\programdata\GFI Software
2013-06-23 20:34 . 2013-06-23 20:34 -------- d-----w- c:\programdata\Lavasoft
2013-06-23 20:34 . 2013-06-25 21:10 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-06-23 20:34 . 2013-06-23 20:34 -------- d-----w- c:\users\MARSHALX\AppData\Local\Downloaded Installations
2013-06-23 20:33 . 2013-06-23 22:29 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Ad-Aware Antivirus
2013-06-22 09:06 . 2013-06-22 09:06 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36F27490-9E6B-4DD4-B1C0-C34B55B2CB9C}\gapaengine.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-16 19:40 . 2013-06-16 19:40 -------- d-----w- c:\program files (x86)\QuickTime
2013-06-16 19:40 . 2013-06-16 19:40 -------- d-----w- c:\programdata\Apple Computer
2013-06-12 22:35 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 15:48 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-09 17:57 . 2013-06-09 17:58 -------- d-----w- c:\program files\CCleaner
2013-06-09 17:17 . 2013-06-09 17:17 -------- d-----w- c:\program files (x86)\Common Files\PDF Architect
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-28 19:16 . 2012-09-06 17:56 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-28 19:16 . 2012-09-06 17:56 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-28 19:08 . 2012-09-03 19:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-28 19:08 . 2012-09-03 19:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-17 19:58 . 2012-11-15 20:23 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-17 19:58 . 2012-11-15 20:00 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-12 22:36 . 2012-09-03 20:45 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-21 13:37 . 2012-10-03 17:42 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2012-09-03 18:58 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-30 16:21 . 2013-04-30 16:21 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 16:21 . 2013-04-30 16:21 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 16:21 . 2013-04-30 16:21 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 16:21 . 2013-04-30 16:21 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 16:21 . 2013-04-30 16:21 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 16:21 . 2013-04-30 16:21 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 16:21 . 2013-04-30 16:21 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 16:21 . 2013-04-30 16:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 16:21 . 2013-04-30 16:21 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 16:21 . 2013-04-30 16:21 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 16:21 . 2013-04-30 16:21 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 16:21 . 2013-04-30 16:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 16:21 . 2013-04-30 16:21 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 16:21 . 2013-04-30 16:21 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 16:21 . 2013-04-30 16:21 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 16:21 . 2013-04-30 16:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 16:21 . 2013-04-30 16:21 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 16:21 . 2013-04-30 16:21 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 16:21 . 2013-04-30 16:21 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 16:21 . 2013-04-30 16:21 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 16:21 . 2013-04-30 16:21 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 16:21 . 2013-04-30 16:21 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 16:21 . 2013-04-30 16:21 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 16:21 . 2013-04-30 16:21 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 16:21 . 2013-04-30 16:21 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 16:21 . 2013-04-30 16:21 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 16:21 . 2013-04-30 16:21 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 16:21 . 2013-04-30 16:21 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 16:21 . 2013-04-30 16:21 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 16:21 . 2013-04-30 16:21 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 16:21 . 2013-04-30 16:21 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 16:21 . 2013-04-30 16:21 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 16:21 . 2013-04-30 16:21 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 16:21 . 2013-04-30 16:21 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 16:21 . 2013-04-30 16:21 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-30 16:21 . 2013-04-30 16:21 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 16:21 . 2013-04-30 16:21 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 16:21 . 2013-04-30 16:21 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 16:21 . 2013-04-30 16:21 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 16:21 . 2013-04-30 16:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 16:21 . 2013-04-30 16:21 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 16:21 . 2013-04-30 16:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 16:21 . 2013-04-30 16:21 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 16:21 . 2013-04-30 16:21 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 16:21 . 2013-04-30 16:21 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 16:21 . 2013-04-30 16:21 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 16:21 . 2013-04-30 16:21 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 16:21 . 2013-04-30 16:21 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 16:21 . 2013-04-30 16:21 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-13 05:49 . 2013-05-15 09:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 09:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 09:11 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 09:11 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 09:11 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 09:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 22:30 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 09:11 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 09:11 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 09:11 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 13:13 . 2013-05-20 13:32 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2012-08-17 3345408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSICDSetup;MSICDSetup;f:\cdriver64.sys;f:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;f:\ntiolib_x64.sys;f:\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 20:49 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 19:08]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 22:30]
.
2013-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 22:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-27 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-27 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-27 440640]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/?clid=2
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.108.34.2 212.65.242.210
FF - ProfilePath - c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - ExtSQL: 2013-05-08 20:55; firefogg@firefogg.org; c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\extensions\firefogg@firefogg.org
FF - ExtSQL: 2013-05-08 23:11; {F6F2FD49-E549-4B75-B2A8-D018289D2C13}; c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\extensions\{F6F2FD49-E549-4B75-B2A8-D018289D2C13}
user_pref(extensions.dntp.origin,'yotamfull_amo');
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
HKLM-Run-Ad-Aware Browsing Protection - (no file)
AddRemove-DefaultTab - c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-06-29 22:19:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-29 20:19
.
Před spuštěním: 6 640 496 640
Po spuštění: 6 705 709 056
.
- - End Of File - - E248CD8AE8AA3CD32887B670F467878C
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zasekávání prohlížeče, převážně stránka facebooku
Ještě dočistíme. Otevřte poznámkový nlok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zasekávání prohlížeče, převážně stránka facebooku
Facebook stále seká.
ComboFix 13-06-28.02 - MARSHALX 29.06.2013 23:20:11.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8140.6559 [GMT 2:00]
Spuštěný z: c:\users\MARSHALX\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\MARSHALX\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-28 do 2013-06-29 )))))))))))))))))))))))))))))))
.
.
2013-06-29 21:35 . 2013-06-29 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-29 20:32 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FC8FEEE-D9ED-430C-B401-69AAC5818CD2}\mpengine.dll
2013-06-29 20:21 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-28 20:22 . 2013-06-28 20:40 -------- d-----w- C:\rsit
2013-06-28 20:22 . 2013-06-28 20:40 -------- d-----w- c:\program files\trend micro
2013-06-28 19:57 . 2013-06-28 19:57 -------- d--h--w- c:\windows\msdownld.tmp
2013-06-28 19:40 . 2013-06-28 20:32 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Anvisoft
2013-06-28 19:40 . 2013-06-28 19:40 -------- d-----w- c:\programdata\Anvisoft
2013-06-28 19:40 . 2013-06-28 20:32 -------- d-----w- c:\program files (x86)\Anvisoft
2013-06-28 19:35 . 2013-06-28 20:33 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2013-06-28 19:17 . 2013-06-28 19:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-28 19:16 . 2013-06-28 19:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-28 19:15 . 2013-06-28 19:15 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-28 19:15 . 2013-06-28 19:15 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-28 19:15 . 2013-06-28 19:15 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-28 19:15 . 2013-06-28 19:15 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-28 19:15 . 2013-06-28 19:15 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-28 19:15 . 2013-06-28 19:15 188840 ----a-w- c:\windows\system32\java.exe
2013-06-28 19:15 . 2013-06-28 19:15 -------- d-----w- c:\program files\Java
2013-06-27 20:36 . 2013-06-27 20:36 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Malwarebytes
2013-06-27 20:35 . 2013-06-27 20:35 -------- d-----w- c:\programdata\Malwarebytes
2013-06-25 21:07 . 2013-06-25 21:07 -------- d-----w- c:\programdata\GFI Software
2013-06-23 20:34 . 2013-06-23 20:34 -------- d-----w- c:\programdata\Lavasoft
2013-06-23 20:34 . 2013-06-25 21:10 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-06-23 20:34 . 2013-06-23 20:34 -------- d-----w- c:\users\MARSHALX\AppData\Local\Downloaded Installations
2013-06-23 20:33 . 2013-06-23 22:29 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Ad-Aware Antivirus
2013-06-22 09:06 . 2013-06-22 09:06 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36F27490-9E6B-4DD4-B1C0-C34B55B2CB9C}\gapaengine.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-16 19:40 . 2013-06-16 19:40 -------- d-----w- c:\program files (x86)\QuickTime
2013-06-16 19:40 . 2013-06-16 19:40 -------- d-----w- c:\programdata\Apple Computer
2013-06-12 22:35 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 15:48 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-09 17:57 . 2013-06-09 17:58 -------- d-----w- c:\program files\CCleaner
2013-06-09 17:17 . 2013-06-09 17:17 -------- d-----w- c:\program files (x86)\Common Files\PDF Architect
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-28 19:16 . 2012-09-06 17:56 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-28 19:16 . 2012-09-06 17:56 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-28 19:08 . 2012-09-03 19:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-28 19:08 . 2012-09-03 19:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-17 19:58 . 2012-11-15 20:23 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-17 19:58 . 2012-11-15 20:00 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-12 22:36 . 2012-09-03 20:45 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-21 13:37 . 2012-10-03 17:42 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2012-09-03 18:58 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-30 16:21 . 2013-04-30 16:21 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 16:21 . 2013-04-30 16:21 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 16:21 . 2013-04-30 16:21 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 16:21 . 2013-04-30 16:21 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 16:21 . 2013-04-30 16:21 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 16:21 . 2013-04-30 16:21 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 16:21 . 2013-04-30 16:21 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 16:21 . 2013-04-30 16:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 16:21 . 2013-04-30 16:21 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 16:21 . 2013-04-30 16:21 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 16:21 . 2013-04-30 16:21 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 16:21 . 2013-04-30 16:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 16:21 . 2013-04-30 16:21 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 16:21 . 2013-04-30 16:21 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 16:21 . 2013-04-30 16:21 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 16:21 . 2013-04-30 16:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 16:21 . 2013-04-30 16:21 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 16:21 . 2013-04-30 16:21 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 16:21 . 2013-04-30 16:21 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 16:21 . 2013-04-30 16:21 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 16:21 . 2013-04-30 16:21 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 16:21 . 2013-04-30 16:21 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 16:21 . 2013-04-30 16:21 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 16:21 . 2013-04-30 16:21 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 16:21 . 2013-04-30 16:21 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 16:21 . 2013-04-30 16:21 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 16:21 . 2013-04-30 16:21 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 16:21 . 2013-04-30 16:21 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 16:21 . 2013-04-30 16:21 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 16:21 . 2013-04-30 16:21 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 16:21 . 2013-04-30 16:21 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 16:21 . 2013-04-30 16:21 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 16:21 . 2013-04-30 16:21 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 16:21 . 2013-04-30 16:21 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 16:21 . 2013-04-30 16:21 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-30 16:21 . 2013-04-30 16:21 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 16:21 . 2013-04-30 16:21 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 16:21 . 2013-04-30 16:21 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 16:21 . 2013-04-30 16:21 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 16:21 . 2013-04-30 16:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 16:21 . 2013-04-30 16:21 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 16:21 . 2013-04-30 16:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 16:21 . 2013-04-30 16:21 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 16:21 . 2013-04-30 16:21 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 16:21 . 2013-04-30 16:21 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 16:21 . 2013-04-30 16:21 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 16:21 . 2013-04-30 16:21 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 16:21 . 2013-04-30 16:21 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 16:21 . 2013-04-30 16:21 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-13 05:49 . 2013-05-15 09:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 09:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 09:11 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 09:11 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 09:11 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 09:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 22:30 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 09:11 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 09:11 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 09:11 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 13:13 . 2013-05-20 13:32 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2012-08-17 3345408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSICDSetup;MSICDSetup;f:\cdriver64.sys;f:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;f:\ntiolib_x64.sys;f:\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 20:49 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 19:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-27 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-27 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-27 440640]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Ad-Aware Browsing Protection"="" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/?clid=2
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.108.34.2 212.65.242.210
FF - ProfilePath - c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - ExtSQL: 2013-05-08 20:55; firefogg@firefogg.org; c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\extensions\firefogg@firefogg.org
FF - ExtSQL: 2013-05-08 23:11; {F6F2FD49-E549-4B75-B2A8-D018289D2C13}; c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\extensions\{F6F2FD49-E549-4B75-B2A8-D018289D2C13}
user_pref(extensions.dntp.origin,'yotamfull_amo');
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-DefaultTab - c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-06-29 23:39:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-29 21:39
ComboFix2.txt 2013-06-29 20:19
.
Před spuštěním: 6 534 254 592
Po spuštění: 6 461 554 688
.
- - End Of File - - 524C3A84D8CD367693A2238184C13A2C
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 13-06-28.02 - MARSHALX 29.06.2013 23:20:11.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8140.6559 [GMT 2:00]
Spuštěný z: c:\users\MARSHALX\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\MARSHALX\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-28 do 2013-06-29 )))))))))))))))))))))))))))))))
.
.
2013-06-29 21:35 . 2013-06-29 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-29 20:32 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FC8FEEE-D9ED-430C-B401-69AAC5818CD2}\mpengine.dll
2013-06-29 20:21 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-28 20:22 . 2013-06-28 20:40 -------- d-----w- C:\rsit
2013-06-28 20:22 . 2013-06-28 20:40 -------- d-----w- c:\program files\trend micro
2013-06-28 19:57 . 2013-06-28 19:57 -------- d--h--w- c:\windows\msdownld.tmp
2013-06-28 19:40 . 2013-06-28 20:32 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Anvisoft
2013-06-28 19:40 . 2013-06-28 19:40 -------- d-----w- c:\programdata\Anvisoft
2013-06-28 19:40 . 2013-06-28 20:32 -------- d-----w- c:\program files (x86)\Anvisoft
2013-06-28 19:35 . 2013-06-28 20:33 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2013-06-28 19:17 . 2013-06-28 19:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-28 19:16 . 2013-06-28 19:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-28 19:15 . 2013-06-28 19:15 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-28 19:15 . 2013-06-28 19:15 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-28 19:15 . 2013-06-28 19:15 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-28 19:15 . 2013-06-28 19:15 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-28 19:15 . 2013-06-28 19:15 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-28 19:15 . 2013-06-28 19:15 188840 ----a-w- c:\windows\system32\java.exe
2013-06-28 19:15 . 2013-06-28 19:15 -------- d-----w- c:\program files\Java
2013-06-27 20:36 . 2013-06-27 20:36 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Malwarebytes
2013-06-27 20:35 . 2013-06-27 20:35 -------- d-----w- c:\programdata\Malwarebytes
2013-06-25 21:07 . 2013-06-25 21:07 -------- d-----w- c:\programdata\GFI Software
2013-06-23 20:34 . 2013-06-23 20:34 -------- d-----w- c:\programdata\Lavasoft
2013-06-23 20:34 . 2013-06-25 21:10 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-06-23 20:34 . 2013-06-23 20:34 -------- d-----w- c:\users\MARSHALX\AppData\Local\Downloaded Installations
2013-06-23 20:33 . 2013-06-23 22:29 -------- d-----w- c:\users\MARSHALX\AppData\Roaming\Ad-Aware Antivirus
2013-06-22 09:06 . 2013-06-22 09:06 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36F27490-9E6B-4DD4-B1C0-C34B55B2CB9C}\gapaengine.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-16 19:40 . 2013-06-16 19:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-16 19:40 . 2013-06-16 19:40 -------- d-----w- c:\program files (x86)\QuickTime
2013-06-16 19:40 . 2013-06-16 19:40 -------- d-----w- c:\programdata\Apple Computer
2013-06-12 22:35 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 15:48 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-09 17:57 . 2013-06-09 17:58 -------- d-----w- c:\program files\CCleaner
2013-06-09 17:17 . 2013-06-09 17:17 -------- d-----w- c:\program files (x86)\Common Files\PDF Architect
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-28 19:16 . 2012-09-06 17:56 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-28 19:16 . 2012-09-06 17:56 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-28 19:08 . 2012-09-03 19:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-28 19:08 . 2012-09-03 19:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-17 19:58 . 2012-11-15 20:23 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-17 19:58 . 2012-11-15 20:00 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-12 22:36 . 2012-09-03 20:45 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-21 13:37 . 2012-10-03 17:42 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2012-09-03 18:58 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-30 16:21 . 2013-04-30 16:21 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 16:21 . 2013-04-30 16:21 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 16:21 . 2013-04-30 16:21 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 16:21 . 2013-04-30 16:21 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 16:21 . 2013-04-30 16:21 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 16:21 . 2013-04-30 16:21 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 16:21 . 2013-04-30 16:21 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 16:21 . 2013-04-30 16:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 16:21 . 2013-04-30 16:21 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 16:21 . 2013-04-30 16:21 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 16:21 . 2013-04-30 16:21 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 16:21 . 2013-04-30 16:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 16:21 . 2013-04-30 16:21 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 16:21 . 2013-04-30 16:21 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 16:21 . 2013-04-30 16:21 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 16:21 . 2013-04-30 16:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 16:21 . 2013-04-30 16:21 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 16:21 . 2013-04-30 16:21 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 16:21 . 2013-04-30 16:21 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 16:21 . 2013-04-30 16:21 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 16:21 . 2013-04-30 16:21 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 16:21 . 2013-04-30 16:21 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 16:21 . 2013-04-30 16:21 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 16:21 . 2013-04-30 16:21 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 16:21 . 2013-04-30 16:21 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 16:21 . 2013-04-30 16:21 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 16:21 . 2013-04-30 16:21 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 16:21 . 2013-04-30 16:21 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 16:21 . 2013-04-30 16:21 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 16:21 . 2013-04-30 16:21 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 16:21 . 2013-04-30 16:21 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 16:21 . 2013-04-30 16:21 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 16:21 . 2013-04-30 16:21 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 16:21 . 2013-04-30 16:21 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 16:21 . 2013-04-30 16:21 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-30 16:21 . 2013-04-30 16:21 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 16:21 . 2013-04-30 16:21 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 16:21 . 2013-04-30 16:21 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 16:21 . 2013-04-30 16:21 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 16:21 . 2013-04-30 16:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 16:21 . 2013-04-30 16:21 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 16:21 . 2013-04-30 16:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 16:21 . 2013-04-30 16:21 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 16:21 . 2013-04-30 16:21 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 16:21 . 2013-04-30 16:21 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 16:21 . 2013-04-30 16:21 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 16:21 . 2013-04-30 16:21 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 16:21 . 2013-04-30 16:21 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 16:21 . 2013-04-30 16:21 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-13 05:49 . 2013-05-15 09:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 09:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 09:11 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 09:11 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 09:11 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 09:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 22:30 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 09:11 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 09:11 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 09:11 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 13:13 . 2013-05-20 13:32 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2012-08-17 3345408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSICDSetup;MSICDSetup;f:\cdriver64.sys;f:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;f:\ntiolib_x64.sys;f:\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 20:49 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 19:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-27 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-27 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-27 440640]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Ad-Aware Browsing Protection"="" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/?clid=2
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.108.34.2 212.65.242.210
FF - ProfilePath - c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - ExtSQL: 2013-05-08 20:55; firefogg@firefogg.org; c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\extensions\firefogg@firefogg.org
FF - ExtSQL: 2013-05-08 23:11; {F6F2FD49-E549-4B75-B2A8-D018289D2C13}; c:\users\MARSHALX\AppData\Roaming\Mozilla\Firefox\Profiles\888dz6ni.default\extensions\{F6F2FD49-E549-4B75-B2A8-D018289D2C13}
user_pref(extensions.dntp.origin,'yotamfull_amo');
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-DefaultTab - c:\users\MARSHALX\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-06-29 23:39:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-29 21:39
ComboFix2.txt 2013-06-29 20:19
.
Před spuštěním: 6 534 254 592
Po spuštění: 6 461 554 688
.
- - End Of File - - 524C3A84D8CD367693A2238184C13A2C
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zasekávání prohlížeče, převážně stránka facebooku
Zkuste Startmenu>přík. řádek>(napsat) cmd>Enter. Do otevřeného okna napište:
a odentrujte. nechte běžet min. 1min. Odezva by měla být rovnoměrná, neměla by přesahovat 50ms a pakety by neměly vypadávat.ping www.facebook.com -t
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zasekávání prohlížeče, převážně stránka facebooku
Vše se pohybuje kolem 35ms.
Uvažuju, jestli nebude lepší reinstall Windows.
Uvažuju, jestli nebude lepší reinstall Windows.
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zasekávání prohlížeče, převážně stránka facebooku
Zkuste nejdříve reinstalovat prohlížeč.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zasekávání prohlížeče, převážně stránka facebooku
Po reinstalu prohlížeče se www.facebook.com chová stejně. A to i na přihlašovací uvodní stránce.
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zasekávání prohlížeče, převážně stránka facebooku
Pouze FB, nebo i jiné weby?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zasekávání prohlížeče, převážně stránka facebooku
Pouze facebook, sám to nechápu. Možná je to znamení opustit facebook 
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zasekávání prohlížeče, převážně stránka facebooku
Zajímavé, tohle jsme tu ještě neměli, aby se jeden jediný web sekal a ostatní byly OK. Na zkoušku nainstalujte nějaký alternativní prohlížeč a vyzkoušejte připojení.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
OndrejMoravec
- Návštěvník
- Příspěvky: 1
- Registrován: 01 črc 2013 21:13
Re: Zasekávání prohlížeče, převážně stránka facebooku
Mám ten samý problém, cca poslední 3 dny. Jak v Exploreru, tak v Chrome. Windows 8 Pro
Kouše se jen Facebook, vše ostatní OK. Antivir nic nenašel, McAfee, ani AVG
Není to problém na straně Facebooku, z jiného PC funguje bez problémů i na stejné Wifi...
Fakt nechápu
Další pokus, při přihlášení pod účtem GUEST chodí normálně, nebo minimálně o dost lépe, na stejném PC
Kouše se jen Facebook, vše ostatní OK. Antivir nic nenašel, McAfee, ani AVG
Není to problém na straně Facebooku, z jiného PC funguje bez problémů i na stejné Wifi...
Fakt nechápu
Další pokus, při přihlášení pod účtem GUEST chodí normálně, nebo minimálně o dost lépe, na stejném PC
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zasekávání prohlížeče, převážně stránka facebooku
2OndrejMoravec: Založte si, prosím, vlastní topic. Děkujeme.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zasekávání prohlížeče, převážně stránka facebooku
Stávající nainstalované prohlížeče (Explorer, Firefox, Chrome) stále sekají při facebooku.
Nově nainstalovná Opera již neseká.
Nově nainstalovná Opera již neseká.
Přispějete na provoz fóra?