VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Virus policie ČR a následné problémy 2 (staré téma uzamčeno)

https://forum.viry.cz:443/viewtopic.php?t=132168

Stránka 1 z 3

Virus policie ČR a následné problémy 2 (staré téma uzamčeno)

Napsal: 17 srp 2013 22:00
od Bloodylama
Asi tři dny všechno šlapalo jak má, ale potom návrat problémů. Oproti minule přibyly další: nešlo updatovat Wokna, AVG hlásilo po startu OS chybu (AVG diagex- neočekávaná chyba), další hláška ASCTray.exe systémová chyba chybí rtl120.bpl, šílené zpomalení všeho a hlavně ani po opakovaném pokusu udělat log COMBOFIXem se to nepodařilo, Combofix udělal sken a po restartování počítače to hodilo po přihlášení k účtu bleděmodrou obrazovku, kde kromě kurzoru nic nebylo ani po třech hodinách čekání, jednou se to dostalo do stadia "nevypínejte počítač, připravuji log" a tím to skončilo, po dvou hodinách čekání jsem to vypnul. Po samostudiu na zdejším webu se mi povedlo udělat log pomocí FRST a ten přikládám:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
Ran by bartozrout (administrator) on 17-08-2013 22:28:55
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
MountPoints2: {1a10add7-095b-11e1-b142-88ae1d6c5fc7} - E:\autorun.exe
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [258560 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2285232 2013-07-30] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-01-15] ()
HKU\Guest\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKU\Guest\...\Run: [Advanced SystemCare 5] - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [620376 2011-12-29] (IObit)
HKU\Guest\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk
ShortcutTarget: VideoWebCamera.exe.lnk -> C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe ()
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute:

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/?clid=2
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://seznam.cz/?clid=2
URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKCU - DefaultScope {A13C05CC-50D1-4F80-AC31-0D368D498E31} URL = http://search.seznam.cz/?q={searchTerms ... ckSearch_2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTer ... ac4c77d794
SearchScopes: HKCU - {7809BD2D-7CEF-4AF4-8F9A-FA73980C5183} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D1AC ... 2011-12-04 11:25:29&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A13C05CC-50D1-4F80-AC31-0D368D498E31} URL = http://search.seznam.cz/?q={searchTerms ... ckSearch_2
SearchScopes: HKCU - {F82652EE-B3B5-4CBC-B7A4-778EB34EFE6C} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKCU - {F974D22B-3A4C-409F-B07B-0659435417BF} URL = http://websearch.ask.com/redirect?clien ... 93E009E44B&
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Chatvibes Browser Helper - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Chatvibes Browser Helper Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: No Name - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name - {BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} - No File
BHO-x32: No Name - {C8625893-2C0F-4484-8C18-52B00D5A8BB9} - No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler-x32: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

==================== Services (Whitelisted) =================

S2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [497496 2011-12-29] (IObit)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
S2 AMD FusionUtility Service; C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [275832 2010-04-14] (Advanced Micro Devices, Inc.)
S2 AMD Reservation Manager; C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [140160 2010-04-14] (Advanced Micro Devices)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [866336 2010-03-17] (Acer Incorporated)
S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4619192 2012-06-24] (INCA Internet Co., Ltd.)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-08] ()
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-30] (AVG Secure Search)
S2 0096211368037508mcinstcleanup; C:\Users\BARTOZ~1\AppData\Local\Temp\0096211368037508mcinst.exe -cleanup -nolog [x]
S3 DaumCleanerService; "C:\Program Files\Daum\Cleaner\DaumCleanerService.exe" [x]
S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service [x]

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-30] (AVG Technologies)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-11-07] (Duplex Secure Ltd.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 21:08 - 2013-08-17 21:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 20:32 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-17 20:32 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-17 20:29 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-17 20:27 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-17 20:27 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-17 20:26 - 2013-08-17 20:26 - 00000000 ____D C:\d2cd51adc4a0ee8217b30f
2013-08-17 20:21 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-17 14:27 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-17 14:27 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-17 14:07 - 2013-08-18 06:09 - 00000000 ____D C:\960a7126d060f7b83cd8f1e60a0372
2013-08-17 12:52 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-17 12:52 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-17 12:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-17 12:52 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-17 12:52 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-17 12:52 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-17 12:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-17 12:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-17 12:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-17 12:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-17 12:21 - 2013-08-18 06:09 - 00000000 ____D C:\ComboFix
2013-08-16 17:23 - 2013-08-16 17:23 - 00005412 _____ C:\Users\bartozrout\Documents\startup 16.8..txt
2013-08-14 21:13 - 2013-08-17 13:49 - 00000000 ____D C:\Program Files\CCleaner
2013-08-13 16:03 - 2013-08-13 16:03 - 00004077 _____ C:\Users\bartozrout\Documents\CFScript.txt
2013-08-12 19:23 - 2013-08-17 15:29 - 00000000 ____D C:\Windows\erdnt
2013-08-12 19:23 - 2013-08-17 15:17 - 00000000 ____D C:\Qoobox
2013-08-12 18:37 - 2013-08-12 18:37 - 00015618 _____ C:\Users\bartozrout\Documents\hijackthis.log
2013-08-12 18:33 - 2013-08-12 18:33 - 00015618 _____ C:\Users\bartozrout\Documents\Svině v počítači.txt
2013-08-12 17:42 - 2013-08-17 22:12 - 00000336 _____ C:\Windows\setupact.log
2013-08-12 17:42 - 2013-08-17 22:11 - 00117720 _____ C:\Windows\PFRO.log
2013-08-12 17:42 - 2013-08-12 17:42 - 00000000 _____ C:\Windows\setuperr.log
2013-08-12 16:50 - 2013-08-12 16:56 - 00000246 _____ C:\Windows\system32\avgrep.txt
2013-08-12 16:31 - 2013-08-12 16:31 - 81653760 _____ C:\Windows\system32\config\software.iobit
2013-08-12 16:31 - 2013-08-12 16:31 - 50835456 _____ C:\Windows\system32\config\components.iobit
2013-08-12 16:31 - 2013-08-12 16:31 - 33435648 _____ C:\Windows\system32\config\system.iobit
2013-08-12 16:31 - 2013-08-12 16:31 - 01024000 _____ C:\Windows\system32\config\default.iobit
2013-08-12 16:31 - 2013-08-12 16:31 - 00028672 _____ C:\Windows\system32\config\security.iobit
2013-08-12 16:31 - 2013-08-12 16:31 - 00024576 _____ C:\Windows\system32\config\sam.iobit
2013-08-12 13:21 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-08-12 13:21 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-12 12:59 - 2013-02-17 01:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-08-12 12:53 - 2013-08-12 12:53 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-12 12:53 - 2013-08-12 12:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-12 12:53 - 2013-08-12 12:53 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-12 12:53 - 2013-08-12 12:53 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-12 12:53 - 2013-08-12 12:53 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-12 12:53 - 2013-08-12 12:53 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-12 12:53 - 2013-08-12 12:53 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-12 12:53 - 2013-08-12 12:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-12 12:53 - 2013-08-12 12:53 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-12 12:53 - 2013-08-12 12:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-12 12:53 - 2013-08-12 12:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-12 12:51 - 2013-08-12 12:51 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 11:59 - 2013-08-12 11:59 - 00002440 _____ C:\Users\bartozrout\Videos\Desktop\RKreport[0]_D_08122013_115950.txt
2013-08-12 11:57 - 2013-08-12 11:57 - 00002395 _____ C:\Users\bartozrout\Videos\Desktop\RKreport[0]_S_08122013_115758.txt
2013-08-12 11:55 - 2013-08-12 12:32 - 00000000 ____D C:\Users\bartozrout\Videos\Desktop\RK_Quarantine
2013-08-12 02:22 - 2013-08-12 02:22 - 01029451 _____ C:\Users\BARTOZ~1\AppData\Local\2433f433
2013-08-11 12:05 - 2013-08-11 12:05 - 00401013 _____ C:\Users\bartozrout\Documents\Soupisy poddaných dle víry z r. 1651.txt
2013-08-11 11:33 - 2013-08-11 11:33 - 00047505 _____ C:\Users\bartozrout\Documents\Augustin Lednický (1924–1954) - Ústav pro studium totalitních režimů.htm
2013-08-11 11:33 - 2013-08-11 11:33 - 00000000 ____D C:\Users\bartozrout\Documents\Augustin Lednický (1924–1954) - Ústav pro studium totalitních režimů_soubory
2013-08-10 23:57 - 2013-08-11 00:07 - 00000000 ____D C:\Users\bartozrout\AppData\Roaming\MyHeritage
2013-08-10 23:57 - 2013-08-11 00:03 - 00000000 ____D C:\Users\bartozrout\Documents\MyHeritage
2013-08-10 23:57 - 2013-08-11 00:01 - 00000000 ____D C:\ProgramData\MyHeritage
2013-08-10 23:56 - 2013-08-10 23:56 - 00001107 _____ C:\Users\bartozrout\Videos\Desktop\MyHeritage Family Tree Builder.lnk
2013-08-10 23:56 - 2013-08-10 23:56 - 00000000 ____D C:\Users\bartozrout\AppData\Roaming\The Complete Genealogy Reporter - FTB
2013-08-10 23:56 - 2013-08-10 23:56 - 00000000 ____D C:\Users\bartozrout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com
2013-08-10 23:56 - 2013-08-10 23:56 - 00000000 ____D C:\Program Files (x86)\MyHeritage
2013-08-10 23:56 - 2012-08-02 08:56 - 00606208 _____ (Lorenzi Davide) C:\Windows\SysWOW64\HexUniRTFBox.ocx
2013-08-10 23:56 - 2010-06-17 19:49 - 02029056 _____ (Bytescout) C:\Windows\SysWOW64\PDFDocScout.DLL
2013-08-10 23:56 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2013-08-10 23:56 - 2003-07-06 14:07 - 00372736 _____ (Intel Corporation) C:\Windows\SysWOW64\ijl15.dll
2013-08-10 23:56 - 2002-03-07 01:19 - 00454656 _____ () C:\Windows\SysWOW64\PaintX.dll
2013-08-10 23:56 - 2000-05-22 17:58 - 00608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2013-08-10 23:56 - 2000-03-14 00:00 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2013-08-10 23:56 - 1998-06-24 01:00 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmapi32.ocx
2013-08-10 22:06 - 2013-08-10 22:06 - 00000000 ____D C:\Users\BARTOZ~1\AppData\Local\{84659492-E6AC-4350-A863-520F8F5C9BDE}
2013-08-10 21:51 - 2013-08-10 21:51 - 01007718 _____ C:\Users\bartozrout\Documents\Seznam německých názvů obcí a osad v Česku S – Wikipedie.mht
2013-08-10 00:39 - 2013-08-10 00:39 - 00047466 _____ C:\Users\bartozrout\Documents\Soubor_Frans_Luycx_002.htm
2013-08-10 00:38 - 2013-08-10 00:38 - 00033036 _____ C:\Users\bartozrout\Documents\Soubor_Kaiser-Leopold1.htm
2013-08-06 17:38 - 2013-08-06 17:38 - 00152154 _____ C:\Users\bartozrout\Documents\morčata.bmp
2013-08-05 07:43 - 2013-08-05 07:43 - 00002190 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-03 16:27 - 2013-08-03 16:27 - 00000000 ____D C:\Users\BARTOZ~1\AppData\Local\{2D61597A-EF14-4709-B373-9F264EC7175F}

==================== One Month Modified Files and Folders =======

2013-08-18 06:10 - 2013-01-23 12:21 - 00000000 ____D C:\Users\Guest
2013-08-18 06:10 - 2011-02-19 15:01 - 00000000 ____D C:\Users\bartozrout\AppData\Roaming\GHISLER
2013-08-18 06:09 - 2013-08-17 14:07 - 00000000 ____D C:\960a7126d060f7b83cd8f1e60a0372
2013-08-18 06:09 - 2013-08-17 12:21 - 00000000 ____D C:\ComboFix
2013-08-18 06:09 - 2012-03-09 23:08 - 00000000 ____D C:\Program Files (x86)\BrowserCompanion
2013-08-18 06:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-17 22:27 - 2013-08-17 22:27 - 00000000 ____D C:\FRST
2013-08-17 22:24 - 2010-09-05 04:22 - 00666874 _____ C:\Windows\system32\perfh005.dat
2013-08-17 22:24 - 2010-09-05 04:22 - 00140312 _____ C:\Windows\system32\perfc005.dat
2013-08-17 22:24 - 2009-07-14 07:13 - 01579034 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-17 22:12 - 2013-08-12 17:42 - 00000336 _____ C:\Windows\setupact.log
2013-08-17 22:12 - 2011-02-10 17:25 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-17 22:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-17 22:11 - 2013-08-12 17:42 - 00117720 _____ C:\Windows\PFRO.log
2013-08-17 22:10 - 2010-09-05 03:36 - 01434888 _____ C:\Windows\WindowsUpdate.log
2013-08-17 21:42 - 2011-02-10 17:25 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-17 21:36 - 2012-09-23 21:36 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-08-17 21:33 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 21:33 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 21:28 - 2013-06-21 21:36 - 00015420 _____ C:\autoupdate.log
2013-08-17 21:25 - 2013-06-03 16:42 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-17 21:17 - 2012-04-06 09:22 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-17 21:15 - 2013-08-17 21:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 21:07 - 2011-02-13 15:19 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-17 20:42 - 2012-08-26 11:30 - 00000000 ____D C:\Windows\pss
2013-08-17 20:26 - 2013-08-17 20:26 - 00000000 ____D C:\d2cd51adc4a0ee8217b30f
2013-08-17 20:12 - 2011-02-10 12:29 - 00000000 ____D C:\Users\bartozrout
2013-08-17 15:30 - 2009-07-14 04:34 - 81653760 _____ C:\Windows\system32\config\software.bak
2013-08-17 15:30 - 2009-07-14 04:34 - 33554432 _____ C:\Windows\system32\config\system.bak
2013-08-17 15:30 - 2009-07-14 04:34 - 01024000 _____ C:\Windows\system32\config\default.bak
2013-08-17 15:30 - 2009-07-14 04:34 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-08-17 15:30 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\sam.bak
2013-08-17 15:29 - 2013-08-12 19:23 - 00000000 ____D C:\Windows\erdnt
2013-08-17 15:17 - 2013-08-12 19:23 - 00000000 ____D C:\Qoobox
2013-08-17 14:05 - 2011-03-15 11:37 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-08-17 13:50 - 2013-04-28 08:49 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-17 13:50 - 2013-02-03 17:52 - 00000000 ____D C:\Program Files (x86)\Smart File Advisor
2013-08-17 13:50 - 2012-12-03 13:26 - 00000000 ____D C:\Users\bartozrout\AppData\Roaming\vlc
2013-08-17 13:50 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-08-17 13:50 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-17 13:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-17 13:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-17 13:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-17 13:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-17 13:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-17 13:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-17 13:49 - 2013-08-14 21:13 - 00000000 ____D C:\Program Files\CCleaner
2013-08-17 13:49 - 2012-09-10 11:08 - 00000000 ____D C:\ProgramData\IObit
2013-08-17 13:49 - 2012-09-10 10:59 - 00000000 ____D C:\Program Files (x86)\IObit
2013-08-17 13:49 - 2011-12-04 12:25 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-08-17 13:49 - 2010-05-06 14:59 - 00000000 ____D C:\ProgramData\Norton
2013-08-17 13:49 - 2010-05-06 14:57 - 00000000 ____D C:\ProgramData\Symantec
2013-08-17 13:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-17 13:49 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-17 13:42 - 2011-02-20 18:56 - 00000000 ____D C:\Users\bartozrout\AppData\Roaming\SoftGrid Client
2013-08-17 13:42 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-17 13:38 - 2010-05-06 14:50 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-17 12:41 - 2011-02-10 13:24 - 00000000 ____D C:\Users\BARTOZ~1\AppData\Local\Google
2013-08-17 01:19 - 2011-02-16 19:25 - 00000000 ____D C:\Users\BARTOZ~1\AppData\Local\CrashDumps
2013-08-16 17:23 - 2013-08-16 17:23 - 00005412 _____ C:\Users\bartozrout\Documents\startup 16.8..txt
2013-08-16 17:16 - 2012-04-19 10:31 - 00000000 ____D C:\Users\BARTOZ~1\AppData\Local\AVG Secure Search
2013-08-16 14:18 - 2011-02-10 13:09 - 00000000 ____D C:\Users\BARTOZ~1\AppData\Local\Adobe
2013-08-14 22:23 - 2011-02-12 15:19 - 00000000 ___DC C:\Users\BARTOZ~1\AppData\Local\MigWiz
2013-08-14 22:23 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-08-13 16:03 - 2013-08-13 16:03 - 00004077 _____ C:\Users\bartozrout\Documents\CFScript.txt
2013-08-12 18:37 - 2013-08-12 18:37 - 00015618 _____ C:\Users\bartozrout\Documents\hijackthis.log
2013-08-12 18:33 - 2013-08-12 18:33 - 00015618 _____ C:\Users\bartozrout\Documents\Svině v počítači.txt
2013-08-12 17:42 - 2013-08-12 17:42 - 00000000 _____ C:\Windows\setuperr.log
2013-08-12 16:56 - 2013-08-12 16:50 - 00000246 _____ C:\Windows\system32\avgrep.txt
2013-08-12 16:42 - 2013-06-24 17:54 - 00000000 ____D C:\Users\bartozrout\AppData\Roaming\DAEMON Tools Ultra
2013-08-12 16:31 - 2013-08-12 16:31 - 81653760 _____ C:\Windows\system32\config\software.iobit
2013-08-12 16:31 - 2013-08-12 16:31 - 50835456 _____ C:\Windows\system32\config\components.iobit
2013-08-12 16:31 - 2013-08-12 16:31 - 33435648 _____ C:\Windows\system32\config\system.iobit
2013-08-12 16:31 - 2013-08-12 16:31 - 01024000 _____ C:\Windows\system32\config\default.iobit
2013-08-12 16:31 - 2013-08-12 16:31 - 00028672 _____ C:\Windows\system32\config\security.iobit
2013-08-12 16:31 - 2013-08-12 16:31 - 00024576 _____ C:\Windows\system32\config\sam.iobit
2013-08-12 16:10 - 2011-02-10 12:33 - 00001409 _____ C:\Users\bartozrout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-12 12:59 - 2012-03-09 23:04 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-12 12:53 - 2013-08-12 12:53 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-12 12:53 - 2013-08-12 12:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-12 12:53 - 2013-08-12 12:53 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-12 12:53 - 2013-08-12 12:53 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-12 12:53 - 2013-08-12 12:53 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-12 12:53 - 2013-08-12 12:53 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-12 12:53 - 2013-08-12 12:53 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-12 12:53 - 2013-08-12 12:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-12 12:53 - 2013-08-12 12:53 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-12 12:53 - 2013-08-12 12:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-12 12:53 - 2013-08-12 12:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-12 12:53 - 2013-08-12 12:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-12 12:53 - 2013-08-12 12:53 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-12 12:51 - 2013-08-12 12:51 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 12:51 - 2013-08-12 12:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 12:32 - 2013-08-12 11:55 - 00000000 ____D C:\Users\bartozrout\Videos\Desktop\RK_Quarantine
2013-08-12 11:59 - 2013-08-12 11:59 - 00002440 _____ C:\Users\bartozrout\Videos\Desktop\RKreport[0]_D_08122013_115950.txt
2013-08-12 11:57 - 2013-08-12 11:57 - 00002395 _____ C:\Users\bartozrout\Videos\Desktop\RKreport[0]_S_08122013_115758.txt
2013-08-12 02:22 - 2013-08-12 02:22 - 01029451 _____ C:\Users\BARTOZ~1\AppData\Local\2433f433
2013-08-11 12:05 - 2013-08-11 12:05 - 00401013 _____ C:\Users\bartozrout\Documents\Soupisy poddaných dle víry z r. 1651.txt
2013-08-11 11:33 - 2013-08-11 11:33 - 00047505 _____ C:\Users\bartozrout\Documents\Augustin Lednický (1924–1954) - Ústav pro studium totalitních režimů.htm
2013-08-11 11:33 - 2013-08-11 11:33 - 00000000 ____D C:\Users\bartozrout\Documents\Augustin Lednický (1924–1954) - Ústav pro studium totalitních režimů_soubory
2013-08-11 00:07 - 2013-08-10 23:57 - 00000000 ____D C:\Users\bartozrout\AppData\Roaming\MyHeritage
2013-08-11 00:03 - 2013-08-10 23:57 - 00000000 ____D C:\Users\bartozrout\Documents\MyHeritage
2013-08-11 00:01 - 2013-08-10 23:57 - 00000000 ____D C:\ProgramData\MyHeritage
2013-08-10 23:56 - 2013-08-10 23:56 - 00001107 _____ C:\Users\bartozrout\Videos\Desktop\MyHeritage Family Tree Builder.lnk
2013-08-10 23:56 - 2013-08-10 23:56 - 00000000 ____D C:\Users\bartozrout\AppData\Roaming\The Complete Genealogy Reporter - FTB
2013-08-10 23:56 - 2013-08-10 23:56 - 00000000 ____D C:\Users\bartozrout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com
2013-08-10 23:56 - 2013-08-10 23:56 - 00000000 ____D C:\Program Files (x86)\MyHeritage
2013-08-10 22:06 - 2013-08-10 22:06 - 00000000 ____D C:\Users\BARTOZ~1\AppData\Local\{84659492-E6AC-4350-A863-520F8F5C9BDE}
2013-08-10 21:51 - 2013-08-10 21:51 - 01007718 _____ C:\Users\bartozrout\Documents\Seznam německých názvů obcí a osad v Česku S – Wikipedie.mht
2013-08-10 15:51 - 2012-03-10 22:22 - 00000412 ____H C:\Windows\Tasks\Norton Security Scan for bartozrout.job
2013-08-10 00:39 - 2013-08-10 00:39 - 00047466 _____ C:\Users\bartozrout\Documents\Soubor_Frans_Luycx_002.htm
2013-08-10 00:38 - 2013-08-10 00:38 - 00033036 _____ C:\Users\bartozrout\Documents\Soubor_Kaiser-Leopold1.htm
2013-08-06 17:38 - 2013-08-06 17:38 - 00152154 _____ C:\Users\bartozrout\Documents\morčata.bmp
2013-08-05 07:43 - 2013-08-05 07:43 - 00002190 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 12:41 - 2009-07-14 07:08 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-03 17:40 - 2012-07-19 08:53 - 00054156 ____H C:\Windows\QTFont.qfn
2013-08-03 16:27 - 2013-08-03 16:27 - 00000000 ____D C:\Users\BARTOZ~1\AppData\Local\{2D61597A-EF14-4709-B373-9F264EC7175F}
2013-07-30 09:36 - 2012-07-11 15:27 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-25 11:25 - 2013-08-17 20:27 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-17 20:27 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-19 03:58 - 2013-08-17 12:52 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-17 12:52 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

Files to move or delete:
====================
C:\Users\bartozrout\AppData\Roaming\msconfig.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-13 22:51

==================== End Of Log ============================

Předem děkuji Bloodylama

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 17 srp 2013 22:07
od Rudy
Zdravím!
Zkuste ten CF v nouz. režimu.

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 17 srp 2013 22:33
od Bloodylama
To jsem zkoušel, ale neumím v něm vypnout AVG, protože se neobjeví už. rozhraní, ale jen nějaké provizorium a v něm to neumím vypnout. Combofix hlásí že AVG antispyware a firewall jsou zapnuty a pak, že je vypne, ale poté hlásí, že to nejde a že je riziko pokud budu pokračovat. To jsem sice udělal, s tím, že AVG případně přeinstaluju, ale po restartu OS programem CF to spadlo do té modré obrazovky a nic už se nedělo, kromě toho, že se tři hodiny kroutilo to modré načítací kolečko. Teď mě napadá, neměl jsem po tom restartu přejít znovu přes F8 do nouzáku? Nouzový režim s i bez sítě totiž fungoval normálně...
Jdu to zkusit....

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 17 srp 2013 23:46
od Bloodylama
Tak se to povedlo, ale přes to AVG. Zakázal jsem ho sice zpouštět po strtu, restartoval, ale po zapnutí nouz. režimu mi CF hlásil, že stejně běží. Tak jsem to pustil přes AVG.

ComboFix 13-08-16.03 - bartozrout 18.08.2013 0:17.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4091.2969 [GMT 2:00]
Spuštěný z: c:\users\bartozrout\Videos\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\BCHelper.exe
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\sqlite3.dll
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\sqlite3.dll
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk
c:\users\bartozrout\AppData\Roaming\msconfig.ini
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-17 do 2013-08-17 )))))))))))))))))))))))))))))))
.
.
2013-08-17 20:27 . 2013-08-17 20:27 -------- d-----w- C:\FRST
2013-08-17 19:08 . 2013-08-17 19:15 -------- d-----w- c:\windows\system32\MRT
2013-08-17 18:32 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-17 18:32 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-17 18:29 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-17 18:27 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-17 18:27 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-17 18:26 . 2013-08-17 18:26 -------- d-----w- C:\d2cd51adc4a0ee8217b30f
2013-08-17 18:21 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-17 12:27 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-17 12:27 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-08-17 12:07 . 2013-08-18 04:09 -------- d-----w- C:\960a7126d060f7b83cd8f1e60a0372
2013-08-17 10:52 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-17 10:52 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-17 10:52 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-17 10:52 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-17 10:52 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-17 10:52 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-17 10:52 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-17 10:52 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-17 10:52 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-17 10:52 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-14 19:13 . 2013-08-17 11:49 -------- d-----w- c:\program files\CCleaner
2013-08-12 11:21 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-08-12 11:21 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-08-12 10:59 . 2013-02-16 23:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-08-12 10:51 . 2013-08-12 10:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-10 21:57 . 2013-08-10 22:07 -------- d-----w- c:\users\bartozrout\AppData\Roaming\MyHeritage
2013-08-10 21:57 . 2013-08-10 22:01 -------- d-----w- c:\programdata\MyHeritage
2013-08-10 21:56 . 2013-08-10 21:56 -------- d-----w- c:\users\bartozrout\AppData\Roaming\The Complete Genealogy Reporter - FTB
2013-08-10 21:56 . 2012-08-02 06:56 606208 ----a-w- c:\windows\SysWow64\HexUniRTFBox.ocx
2013-08-10 21:56 . 2010-06-17 17:49 2029056 ----a-w- c:\windows\SysWow64\PDFDocScout.DLL
2013-08-10 21:56 . 2004-12-07 09:11 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2013-08-10 21:56 . 2003-07-06 12:07 372736 ----a-w- c:\windows\SysWow64\ijl15.dll
2013-08-10 21:56 . 2002-03-06 23:19 454656 ----a-w- c:\windows\SysWow64\PaintX.dll
2013-08-10 21:56 . 2000-05-22 15:58 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx
2013-08-10 21:56 . 2000-03-13 22:00 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2013-08-10 21:56 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\msmapi32.ocx
2013-08-10 21:56 . 2013-08-10 21:56 -------- d-----w- c:\program files (x86)\MyHeritage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-17 19:07 . 2011-02-13 13:19 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-30 07:36 . 2012-07-11 13:27 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-16 21:05 . 2013-07-16 21:05 930336 ----a-w- c:\windows\SysWow64\FTBSaver.scr
2013-07-15 08:05 . 2013-07-15 08:05 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-15 08:04 . 2013-07-15 08:04 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-15 08:04 . 2013-07-15 08:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-06-18 00:06 . 2013-06-18 00:06 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-18 00:06 . 2013-06-18 00:06 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-18 00:05 . 2013-06-18 00:05 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-18 00:05 . 2013-06-18 00:05 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-18 00:05 . 2013-06-18 00:05 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-18 00:05 . 2013-06-18 00:05 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-18 00:05 . 2013-06-18 00:05 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-18 00:05 . 2013-06-18 00:05 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-18 00:05 . 2013-06-18 00:05 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-18 00:05 . 2013-06-18 00:05 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 12:17 . 2012-04-06 07:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 12:17 . 2011-06-30 06:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-19 23:39 . 2013-05-19 23:39 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-19 23:39 . 2013-05-19 23:39 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-19 23:39 . 2013-05-19 23:39 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-19 23:30 . 2013-05-19 23:30 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-19 23:30 . 2013-05-19 23:30 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-19 23:30 . 2013-05-19 23:30 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-19 23:30 . 2013-05-19 23:30 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-19 23:30 . 2013-05-19 23:30 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-19 23:30 . 2013-05-19 23:30 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-19 23:28 . 2013-05-19 23:28 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-19 23:28 . 2013-05-19 23:28 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-19 23:27 . 2013-05-19 23:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-05-19 23:27 . 2013-05-19 23:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-05-19 23:27 . 2013-05-19 23:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-05-19 23:27 . 2013-05-19 23:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-05-19 23:27 . 2013-05-19 23:27 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-05-19 23:27 . 2013-05-19 23:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-19 12:24 . 2011-03-19 12:24 249 ----a-w- c:\program files (x86)\0DU4JBP6.bat
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
c:\program files (x86)\BrowserCompanion\jsloader.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-07-30 07:36 3086512 ----a-w- c:\program files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll" [2013-07-30 3086512]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-03-08 258560]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-07-30 2285232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
R2 0096211368037508mcinstcleanup;McAfee Application Installer Cleanup (0096211368037508);c:\users\BARTOZ~1\AppData\Local\Temp\0096211368037508mcinst.exe;c:\users\BARTOZ~1\AppData\Local\Temp\0096211368037508mcinst.exe [x]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [x]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
R2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSFilter.Sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DaumCleanerService;DaumCleanerService;c:\program files\Daum\Cleaner\DaumCleanerService.exe;c:\program files\Daum\Cleaner\DaumCleanerService.exe [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater(558).job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 12:17]
.
2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 12:17]
.
2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 15:25]
.
2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 15:25]
.
2013-08-10 c:\windows\Tasks\Norton Security Scan for bartozrout.job
- c:\progra~2\NORTON~2\Engine\371~1.4\Nss.exe [2012-03-10 01:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-03-17 860704]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/?clid=2
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Google Search - c:\program files (x86)\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files (x86)\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files (x86)\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files (x86)\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files (x86)\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files (x86)\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files (x86)\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-spwawv820Public - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{00CBB66B-1D3B-46D3-9577-323A336ACB50}"=hex:51,66,7a,6c,4c,1d,38,12,05,b5,d8,
04,09,53,bd,03,ea,61,71,7a,36,34,8f,44
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{963B125B-8B21-49A2-A3A8-E37092276531}"=hex:51,66,7a,6c,4c,1d,38,12,35,11,28,
92,13,c5,cc,0c,dc,be,a0,30,97,79,21,25
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{0E0ADD34-AF8E-47FA-A99B-3E7556FAF54C}"=hex:51,66,7a,6c,4c,1d,38,12,5a,de,19,
0a,bc,e1,94,02,d6,8d,7d,35,53,a4,b1,58
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ca,d0,28,9a,55,1d,cd,01
.
[HKEY_USERS\S-1-5-21-3354843159-4132810355-1659967712-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3354843159-4132810355-1659967712-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3354843159-4132810355-1659967712-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,e0,ea,06,6c,7b,e4,73,fd,0f,dd,3a,83,52,93,fe,42,05,59,f5,81,01,aa,
7b,c0,cf,2b,08,99,6b,60,6e,df,fa,ef,17,2e,41,58,10,a6,9c,18,9c,ba,26,5d,ea,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38
.
[HKEY_USERS\S-1-5-21-3354843159-4132810355-1659967712-1000\Software\SecuROM\License information*]
"datasecu"=hex:a9,bc,26,00,57,9f,9e,d0,1c,db,b5,01,4b,04,80,5c,53,8a,d1,87,1a,
96,23,81,a4,4a,bb,01,33,d7,89,45,30,32,39,fc,cc,4d,c3,f3,85,58,c4,49,6a,d5,\
"rkeysecu"=hex:a5,b5,62,72,e9,ba,17,42,e9,ab,b3,65,e3,da,0c,e4
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-08-18 00:37:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-17 22:37
ComboFix2.txt 2013-08-13 16:57
ComboFix3.txt 2013-08-13 14:32
ComboFix4.txt 2013-08-12 17:51
.
Před spuštěním: Volných bajtů: 38 516 305 920
Po spuštění: Volných bajtů: 37 996 675 072
.
- - End Of File - - 09FF5CDFA0F30CF8AF0D185EBA9FE90C
A36C5E4F47E84449FF07ED3517B43A31

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 18 srp 2013 10:09
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Folder::
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\Google\GoogleToolbarNotifier

File::
c:\program files (x86)\0DU4JBP6.bat
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job


Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

Driver::
BBSvc
BBUpdate

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\S-1-5-21-3354843159-4132810355-1659967712-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-3354843159-4132810355-1659967712-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

Regnull::
[HKEY_USERS\S-1-5-21-3354843159-4132810355-1659967712-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-3354843159-4132810355-1659967712-1000\Software\SecuROM\License information*]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 18 srp 2013 11:52
od Bloodylama
Zde je poslední log:
ComboFix 13-08-16.03 - bartozrout 18.08.2013 11:48:17.2.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4091.2944 [GMT 2:00]
Spuštěný z: c:\users\bartozrout\Videos\Desktop\ComboFix.exe
Použité ovládací přepínače :: E:\CFScript.txt
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\program files (x86)\0DU4JBP6.bat"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\0DU4JBP6.bat
c:\program files (x86)\Google\GoogleToolbarNotifier
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gth.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\Readme.url
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BBSvc
-------\Service_BBUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-18 do 2013-08-18 )))))))))))))))))))))))))))))))
.
.
2013-08-18 09:58 . 2013-08-18 09:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-08-18 09:58 . 2013-08-18 09:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-17 20:27 . 2013-08-17 20:27 -------- d-----w- C:\FRST
2013-08-17 19:08 . 2013-08-17 19:15 -------- d-----w- c:\windows\system32\MRT
2013-08-17 18:32 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-17 18:32 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-17 18:29 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-17 18:27 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-17 18:27 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-17 18:26 . 2013-08-17 18:26 -------- d-----w- C:\d2cd51adc4a0ee8217b30f
2013-08-17 18:21 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-17 12:27 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-17 12:27 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-08-17 12:07 . 2013-08-18 04:09 -------- d-----w- C:\960a7126d060f7b83cd8f1e60a0372
2013-08-17 10:52 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-17 10:52 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-17 10:52 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-17 10:52 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-17 10:52 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-17 10:52 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-17 10:52 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-17 10:52 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-17 10:52 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-17 10:52 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-14 19:13 . 2013-08-17 11:49 -------- d-----w- c:\program files\CCleaner
2013-08-12 11:21 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-08-12 11:21 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-08-12 10:59 . 2013-02-16 23:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-08-12 10:51 . 2013-08-12 10:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-10 21:57 . 2013-08-10 22:07 -------- d-----w- c:\users\bartozrout\AppData\Roaming\MyHeritage
2013-08-10 21:57 . 2013-08-10 22:01 -------- d-----w- c:\programdata\MyHeritage
2013-08-10 21:56 . 2013-08-10 21:56 -------- d-----w- c:\users\bartozrout\AppData\Roaming\The Complete Genealogy Reporter - FTB
2013-08-10 21:56 . 2012-08-02 06:56 606208 ----a-w- c:\windows\SysWow64\HexUniRTFBox.ocx
2013-08-10 21:56 . 2010-06-17 17:49 2029056 ----a-w- c:\windows\SysWow64\PDFDocScout.DLL
2013-08-10 21:56 . 2004-12-07 09:11 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2013-08-10 21:56 . 2003-07-06 12:07 372736 ----a-w- c:\windows\SysWow64\ijl15.dll
2013-08-10 21:56 . 2002-03-06 23:19 454656 ----a-w- c:\windows\SysWow64\PaintX.dll
2013-08-10 21:56 . 2000-05-22 15:58 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx
2013-08-10 21:56 . 2000-03-13 22:00 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2013-08-10 21:56 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\msmapi32.ocx
2013-08-10 21:56 . 2013-08-10 21:56 -------- d-----w- c:\program files (x86)\MyHeritage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-17 19:07 . 2011-02-13 13:19 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-30 07:36 . 2012-07-11 13:27 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-16 21:05 . 2013-07-16 21:05 930336 ----a-w- c:\windows\SysWow64\FTBSaver.scr
2013-07-15 08:05 . 2013-07-15 08:05 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-15 08:04 . 2013-07-15 08:04 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-15 08:04 . 2013-07-15 08:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-06-18 00:06 . 2013-06-18 00:06 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-18 00:06 . 2013-06-18 00:06 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-18 00:05 . 2013-06-18 00:05 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-18 00:05 . 2013-06-18 00:05 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-18 00:05 . 2013-06-18 00:05 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-18 00:05 . 2013-06-18 00:05 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-18 00:05 . 2013-06-18 00:05 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-18 00:05 . 2013-06-18 00:05 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-18 00:05 . 2013-06-18 00:05 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-18 00:05 . 2013-06-18 00:05 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 12:17 . 2012-04-06 07:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 12:17 . 2011-06-30 06:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
c:\program files (x86)\BrowserCompanion\jsloader.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-07-30 07:36 3086512 ----a-w- c:\program files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll" [2013-07-30 3086512]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-03-08 258560]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-07-30 2285232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R2 0096211368037508mcinstcleanup;McAfee Application Installer Cleanup (0096211368037508);c:\users\BARTOZ~1\AppData\Local\Temp\0096211368037508mcinst.exe;c:\users\BARTOZ~1\AppData\Local\Temp\0096211368037508mcinst.exe [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DaumCleanerService;DaumCleanerService;c:\program files\Daum\Cleaner\DaumCleanerService.exe;c:\program files\Daum\Cleaner\DaumCleanerService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSFilter.Sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater(558).job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 12:17]
.
2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 12:17]
.
2013-08-10 c:\windows\Tasks\Norton Security Scan for bartozrout.job
- c:\progra~2\NORTON~2\Engine\371~1.4\Nss.exe [2012-03-10 01:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-03-17 860704]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/?clid=2
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Google Search - c:\program files (x86)\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files (x86)\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files (x86)\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files (x86)\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files (x86)\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files (x86)\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files (x86)\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-spwawv820Public - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe
c:\114751983441bbc12bd6\Setup.exe
c:\windows\syswow64\MsiExec.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2013-08-18 12:12:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-18 10:12
ComboFix2.txt 2013-08-17 22:37
ComboFix3.txt 2013-08-13 16:57
ComboFix4.txt 2013-08-13 14:32
ComboFix5.txt 2013-08-18 09:47
.
Před spuštěním: Volných bajtů: 38 154 387 456
Po spuštění: Volných bajtů: 37 621 596 160
.
- - End Of File - - BD125EAB632B41C1BB16E4B2FB644098
A36C5E4F47E84449FF07ED3517B43A31

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 18 srp 2013 11:57
od Bloodylama
Přetrvává problém s prohlížeči. Při pokusu o spuštění naskočí normálně Seznam.cz, ale pořád se to načítá. Na horní liště se stále otáčí to modré kolečko. Google ani neukáže úvodní stránku, jen se načítá.
Systém naběhne celkem rychle, ale třeba připojení k netu trvalo cca 7 minut, mezitím několikrát vypadnuly z ikon zástupců "obrázky" a postupně naskakovaly zpátky. Jde do divně....

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 18 srp 2013 12:11
od Rudy
Log je již OK. Zkuste smazat cache prohlížeče.

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 18 srp 2013 12:18
od Bloodylama
Tak jsem to smazal a pořád nic. Prohlížeč se pořád načítá a když na něco kliknu, tak to hlásí google neodpovídá. Jede to jen v nouzový režimu se sítí. Navíc zase vyskakuje při náběhu hláška " ASCTray.exe - součást rtl120.bpl nelze najít uvedený problém odstraníte opětovnou instalací programu " a chybu hlásí i AVG. Dříve trvala kontrola celýho compu AVGčkem i 20min. dneska byla hotová za 3min a to jsem tam zaškrtal všechno, vč. kontroly archívů a maximální citlivosti...

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 18 srp 2013 15:38
od Rudy
Zkusme ještě toto:
Stáhněte Malwarebytes Anti-Rootkit http://www.malwarebytes.org/products/mbar/

Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 18 srp 2013 17:46
od Bloodylama
Sice to trvalo o dost déle, ale hlavně že je log na světě. Musel jsem restartovat sám, ten program to neudělal. Dva hajzly to našlo....

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.18.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
bartozrout :: BRETA [administrator]

18.8.2013 17:46:37
mbar-log-2013-08-18 (17-46-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 288252
Time elapsed: 43 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{52985203-746E-48BA-BF9F-4A515A93D3A3} (Adware.KorAd) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\bartozrout\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 18 srp 2013 17:48
od Rudy
Nastala nějaká změna?

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 18 srp 2013 18:07
od Bloodylama
Bohužel, avg se normálně aktualizuje, i ten program kterým jsem to teď čistil se zaktualizoval, ale prohlížeče se pořád načítají. U Seznamu to skočí do úvodní stránky, ale pokud chci cokoliv udělat, tak to hlásí, že neodpovídá. A teď jsem si všimnul, že mi to na dolní liště zase píše, že probíhá zálohování. Nic jsem nechtěl zálohovat a navíc není nač, protože tam nemám dvd a mám jen jeden disk. To jsou parabajkaly.
Ukázka načítání.jpg
Ukázka načítání.jpg (80.35 KiB) Zobrazeno 1350 x

A takhle se to bude načítat klidně do soudnýho dne.

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 18 srp 2013 18:32
od Bloodylama
Tak to zálohování se pokoušelo zálohovat ten poslední log...?????!!!
Teď se aktualizujou Wokna a trvá to podezřele dlouho...

Re: Virus policie ČR a následné problémy 2 (staré téma uzamč

Napsal: 18 srp 2013 18:33
od Rudy
OK.Zkuste toto:

Startmenu>přík. řádek>(napsat) cmd>Enter. Do otevřeného okna napište:
a odentrujte. Nechte běžet asi minutu. Odezva by neměla překročit 50ms a měla by být rovnoměrná.
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz