VIRY.CZ

Dobrý den.

Moc bych poprosil o pomoc. Mám podobný problém, který tu byl již řešený ohledně nevypínání PC a tuším neplatné aplikace WIN32/Concduit.Z - bohužel již tu hlášku nemůžu najít. Spustil jsem COMBOFIX dle instrukcí a mám zde log: Předtím mi ESET hlásil 14 vadných souborů:

Děkuji moc.

ComboFix 14-02-24.02 - Kanister 28.02.2014 1:41.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.4063.2415 [GMT 1:00]
Spuštěný z: c:\users\Kanister\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Kanister\AppData\Local\Temp\_MEI29683\_ctypes.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\_elementtree.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\_hashlib.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\_multiprocessing.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\_socket.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\_ssl.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\pyexpat.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\pysqlite2._sqlite.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\python27.dll
c:\users\Kanister\AppData\Local\Temp\_MEI29683\pythoncom27.dll
c:\users\Kanister\AppData\Local\Temp\_MEI29683\PyWinTypes27.dll
c:\users\Kanister\AppData\Local\Temp\_MEI29683\select.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\unicodedata.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32api.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32com.shell.shell.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32crypt.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32event.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32file.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32inet.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32pdh.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32pipe.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32process.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32profile.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32security.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\win32ts.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\windows._lib_cacheinvalidation.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wx._controls_.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wx._core_.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wx._gdi_.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wx._html2.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wx._misc_.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wx._windows_.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wx._wizard.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wxbase294u_net_vc90.dll
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wxbase294u_vc90.dll
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wxmsw294u_adv_vc90.dll
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wxmsw294u_core_vc90.dll
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wxmsw294u_html_vc90.dll
c:\users\Kanister\AppData\Local\Temp\_MEI29683\wxmsw294u_webview_vc90.dll
c:\windows\SysWow64\SET13EF.tmp
c:\windows\SysWow64\SET146D.tmp
c:\windows\SysWow64\SET14AC.tmp
.
Nakažená kopie c:\windows\SysWow64\user32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-28 do 2014-02-28 )))))))))))))))))))))))))))))))
.
.
2014-02-27 10:36 . 2014-02-27 10:36 -------- d-----w- c:\windows\Migration
2014-02-25 10:22 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE9CAE54-19D6-4CD2-BD00-1F607E31DD6D}\mpengine.dll
2014-02-17 19:40 . 2014-02-17 19:40 -------- d-----w- c:\program files\Microsoft Silverlight
2014-02-17 19:40 . 2014-02-17 19:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-02-13 01:10 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 01:10 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 01:09 . 2014-02-06 11:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-13 01:09 . 2014-02-06 10:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-02-13 01:09 . 2014-02-06 10:17 195584 ----a-w- c:\windows\system32\msrating.dll
2014-02-12 18:50 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 18:50 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-12 18:50 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 18:50 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-12 18:48 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 18:48 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 18:48 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-12 18:48 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-06 21:27 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-05 19:56 . 2014-02-05 19:56 -------- d-----w- c:\users\Kanister\AppData\Roaming\HyperLobby
2014-02-05 19:54 . 2014-02-05 19:54 -------- d-----w- c:\program files (x86)\HyperLobby client
2014-02-05 19:38 . 2014-02-16 19:59 -------- d-----w- c:\users\Kanister\AppData\Roaming\TS3Client
2014-02-05 19:36 . 2014-02-05 19:37 -------- d-----w- c:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 23:18 . 2012-05-05 02:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 23:18 . 2012-05-05 02:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-16 18:01 . 2012-05-04 06:33 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 05:13 . 2012-05-04 05:12 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-03 21:48 . 2013-12-03 21:48 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 21:48 . 2013-12-03 21:48 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-03 21:48 . 2013-12-03 21:48 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 21:48 . 2013-12-03 21:48 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-03 21:48 . 2013-12-03 21:48 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-03 21:48 . 2013-12-03 21:48 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 21:48 . 2013-12-03 21:48 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-03 21:48 . 2013-12-03 21:48 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-03 21:48 . 2013-12-03 21:48 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-03 21:48 . 2013-12-03 21:48 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-03 21:48 . 2013-12-03 21:48 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-03 21:48 . 2013-12-03 21:48 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-03 21:48 . 2013-12-03 21:48 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 21:48 . 2013-12-03 21:48 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-03 21:48 . 2013-12-03 21:48 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 21:48 . 2013-12-03 21:48 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 21:48 . 2013-12-03 21:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-03 21:48 . 2013-12-03 21:48 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-03 21:48 . 2013-12-03 21:48 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-03 21:48 . 2013-12-03 21:48 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 21:48 . 2013-12-03 21:48 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-03 21:48 . 2013-12-03 21:48 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 21:48 . 2013-12-03 21:48 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-03 21:48 . 2013-12-03 21:48 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 21:48 . 2013-12-03 21:48 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-03 21:48 . 2013-12-03 21:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-03 21:48 . 2013-12-03 21:48 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-03 21:48 . 2013-12-03 21:48 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-03 21:48 . 2013-12-03 21:48 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-03 21:48 . 2013-12-03 21:48 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-03 21:48 . 2013-12-03 21:48 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-03 21:48 . 2013-12-03 21:48 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-03 21:48 . 2013-12-03 21:48 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-03 21:48 . 2013-12-03 21:48 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-03 21:48 . 2013-12-03 21:48 413696 ----a-w- c:\windows\system32\html.iec
2013-12-03 21:48 . 2013-12-03 21:48 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 21:48 . 2013-12-03 21:48 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-03 21:48 . 2013-12-03 21:48 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-03 21:48 . 2013-12-03 21:48 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-03 21:48 . 2013-12-03 21:48 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-03 21:48 . 2013-12-03 21:48 235520 ----a-w- c:\windows\system32\url.dll
2013-12-03 21:48 . 2013-12-03 21:48 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-03 21:48 . 2013-12-03 21:48 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-03 21:48 . 2013-12-03 21:48 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-03 21:48 . 2013-12-03 21:48 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-03 21:48 . 2013-12-03 21:48 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-03 21:48 . 2013-12-03 21:48 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-03 21:48 . 2013-12-03 21:48 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-03 21:48 . 2013-12-03 21:48 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-03 21:48 . 2013-12-03 21:48 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-03 21:48 . 2013-12-03 21:48 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-03 21:48 . 2013-12-03 21:48 135680 ----a-w- c:\windows\system32\iepeers.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]
"Spotify Web Helper"="c:\users\Kanister\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-15 1171968]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-10-15 1673680]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\users\Kanister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0461.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 23:18]
.
2014-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 01:04]
.
2014-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 01:04]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000Core.job
- c:\users\Kanister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 04:58]
.
2014-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000UA.job
- c:\users\Kanister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 04:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP6CD033FC-C83B-4C8B-A212-EE56F30C27E7
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-PokerStars.net - c:\program files (x86)\PokerStars.NET\PokerStarsUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Celkový čas: 2014-02-28 02:01:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-28 01:01
.
Před spuštěním: 27 421 577 216 bytes free
Po spuštění: 29 290 733 568 bytes free
.
- - End Of File - - D38E66958E6A649E95228E8F91CCF1FB
A36C5E4F47E84449FF07ED3517B43A31

Muzete mi rict, proc jste spoustel ComboFix? Umite s nim zachazet?

Kdybyste si precetl pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601 , docetl byste se mimo jine toto

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

CF smaze veskere stopy pripadne nakazy. RSIT je mi tedy k nicemu a ja ted muzu tak akorat varit z vody, jak se rika

Zkusim se na to podivat, ale pokud se to bude opakovat, bude pomoc odmitnuta.
A taky upozornuji, ze se to mozna protahne a vysledek vubec neni jisty.

Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Muzu Vam to rict, jsem pako a zachazet s tim samozrejme neumim. Chtel jsem Vam usetrit praci coz se zjevne nepovedlo. Omlouvam se, mrzi me to a diky za ochotu.

No nepovedlo

Mi vlastne ani tak ne, byl bych tu tak jako tak, ale hlavne sam sobe jste tim pridal praci, protoze se bude hure hledat pricina potizi a bude potreba vic skenu, cili vic vaseho casu

No muj cas je moje blbost, to zvladnu spis ten vas. Jeste jednou se omlouvam, ja myslel ze poustim jen log bylo asi pul druhe rano a ja byl unavenej neco zjistovat.

Diky

O muj cas se nebojte, kdyz ho mam, jsem tu, kdyz ho nemam, nejsem tu

Tak uz to nechte plavat a spustte MBAM, jak jsem psal

Konecne tedy hazim log. Zadne akce jsem nedelal.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Kanister :: KANISTER-PC [administrator]

1.3.2014 16:08:26
MBAM-log-2014-03-01 (19-11-35).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 601761
Time elapsed: 2 hour(s), 53 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT33123 ... 56F30C27E7) Good: (http://www.google.com) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> No action taken.
C:\Users\Kanister\Downloads\ISIS\Laduska_ISIS\MediaPluginSetup.exe (Spyware.GamePlayLabs) -> No action taken.

(end)

Nalezy nechte odstranit, pak MBAM odinstalujte.

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

# AdwCleaner v3.020 - Report created 01/03/2014 at 21:06:28
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kanister - KANISTER-PC
# Running from : C:\Users\Kanister\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP

***** [ Files / Folders ] *****

Folder Found : C:\Users\Kanister\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Found C:\Program Files (x86)\AskPartnerNetwork
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\AskPartnerNetwork
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\Users\Kanister\AppData\Local\Conduit
Folder Found C:\Users\Kanister\AppData\Local\SearchProtect
Folder Found C:\Users\Kanister\AppData\Local\Temp\apn
Folder Found C:\Users\Kanister\AppData\LocalLow\Conduit
Folder Found C:\Windows\SysWOW64\SearchProtect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\Software\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP6CD033FC-C83B-4C8B-A212-EE56F30C27E7

-\\ Google Chrome v

[ File : C:\Users\Kanister\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2489 octets] - [01/03/2014 21:06:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2549 octets] ##########

Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

ADW Cleaner:

# AdwCleaner v3.020 - Report created 01/03/2014 at 23:46:21
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kanister - KANISTER-PC
# Running from : C:\Users\Kanister\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Kanister\AppData\Local\Conduit
Folder Deleted : C:\Users\Kanister\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Kanister\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Kanister\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kanister\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v

[ File : C:\Users\Kanister\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2637 octets] - [01/03/2014 21:06:28]
AdwCleaner[S0].txt - [2332 octets] - [01/03/2014 23:46:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2392 octets] ##########

////

Rogue Cleaner
RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kanister [Admin rights]
Mode : Scan -- Date : 03/02/2014 00:01:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MJA2500BH G1 ATA Device +++++
--- User ---
[MBR] 227647ea0a48d05f648cb1bf0ff196be
[BSP] a22906a1247c5ba75f53265f1cae5b96 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14854 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30423040 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30627840 | Size: 461984 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03022014_000136.txt >>

Diky moc.

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kanister [Admin rights]
Mode : Remove -- Date : 03/02/2014 00:21:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MJA2500BH G1 ATA Device +++++
--- User ---
[MBR] 227647ea0a48d05f648cb1bf0ff196be
[BSP] a22906a1247c5ba75f53265f1cae5b96 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14854 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30423040 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30627840 | Size: 461984 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_03022014_002119.txt >>
RKreport[0]_S_03022014_000136.txt;RKreport[0]_S_03022014_002055.txt

/////

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kanister [Admin rights]
Mode : HOSTSFix -- Date : 03/02/2014 00:22:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[0]_H_03022014_002214.txt >>
RKreport[0]_D_03022014_002119.txt;RKreport[0]_S_03022014_000136.txt;RKreport[0]_S_03022014_002055.txt

////

Ja vubec nechapu jak se v tom vyznate ale obdivuji to. Diky moc.

Stahnete novy ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=-
"Spotify Web Helper"=-
"ApplePhotoStreams"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"SwitchBoard"=-
"AdobeCS5.5ServiceManager"=-
"AirPort Base Station Agent"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
"ApnTBMon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-

Regnull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
SkypeUpdate
SwitchBoard
APNMCP

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 14-02-24.02 - Kanister 02.03.2014 7:42.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.4063.2306 [GMT 1:00]
Spuštěný z: c:\users\Kanister\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kanister\Desktop\CFSCRIPT
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kanister\AppData\Local\Temp\_MEI27762\_ctypes.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\_elementtree.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\_hashlib.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\_multiprocessing.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\_socket.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\_ssl.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\pyexpat.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\pysqlite2._sqlite.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\python27.dll
c:\users\Kanister\AppData\Local\Temp\_MEI27762\pythoncom27.dll
c:\users\Kanister\AppData\Local\Temp\_MEI27762\PyWinTypes27.dll
c:\users\Kanister\AppData\Local\Temp\_MEI27762\select.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\unicodedata.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32api.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32com.shell.shell.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32crypt.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32event.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32file.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32inet.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32pdh.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32pipe.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32process.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32profile.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32security.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\win32ts.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\windows._lib_cacheinvalidation.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wx._controls_.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wx._core_.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wx._gdi_.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wx._html2.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wx._misc_.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wx._windows_.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wx._wizard.pyd
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wxbase294u_net_vc90.dll
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wxbase294u_vc90.dll
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wxmsw294u_adv_vc90.dll
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wxmsw294u_core_vc90.dll
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wxmsw294u_html_vc90.dll
c:\users\Kanister\AppData\Local\Temp\_MEI27762\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-02 do 2014-03-02 )))))))))))))))))))))))))))))))
.
.
2014-03-02 06:47 . 2014-03-02 06:47 -------- d-----w- c:\users\postgres\AppData\Local\temp
2014-03-02 06:47 . 2014-03-02 06:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-01 20:06 . 2014-03-01 22:47 -------- d-----w- C:\AdwCleaner
2014-03-01 15:13 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9D1E57B-9643-4088-80C6-39D2F8294A56}\mpengine.dll
2014-03-01 15:05 . 2014-03-01 15:05 -------- d-----w- c:\users\Kanister\AppData\Roaming\Malwarebytes
2014-03-01 15:03 . 2014-03-01 15:03 -------- d-----w- c:\programdata\Malwarebytes
2014-03-01 15:03 . 2014-03-01 15:03 -------- d-----w- c:\users\Kanister\AppData\Local\Programs
2014-02-28 01:14 . 2014-02-28 05:55 -------- d-----w- C:\451e4699395a59716afc8d9380f9
2014-02-27 10:36 . 2014-02-27 10:36 -------- d-----w- c:\windows\Migration
2014-02-17 19:40 . 2014-02-17 19:40 -------- d-----w- c:\program files\Microsoft Silverlight
2014-02-17 19:40 . 2014-02-17 19:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-02-13 01:10 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 01:10 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 01:09 . 2014-02-06 11:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-13 01:09 . 2014-02-06 10:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-02-13 01:09 . 2014-02-06 10:17 195584 ----a-w- c:\windows\system32\msrating.dll
2014-02-12 18:50 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 18:50 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-12 18:50 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 18:50 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-12 18:48 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 18:48 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 18:48 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-12 18:48 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-06 21:27 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-05 19:56 . 2014-02-05 19:56 -------- d-----w- c:\users\Kanister\AppData\Roaming\HyperLobby
2014-02-05 19:54 . 2014-02-05 19:54 -------- d-----w- c:\program files (x86)\HyperLobby client
2014-02-05 19:38 . 2014-02-16 19:59 -------- d-----w- c:\users\Kanister\AppData\Roaming\TS3Client
2014-02-05 19:36 . 2014-02-05 19:37 -------- d-----w- c:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 23:18 . 2012-05-05 02:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 23:18 . 2012-05-05 02:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-16 18:01 . 2012-05-04 06:33 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 05:13 . 2012-05-04 05:12 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-03 21:48 . 2013-12-03 21:48 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 21:48 . 2013-12-03 21:48 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-03 21:48 . 2013-12-03 21:48 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 21:48 . 2013-12-03 21:48 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-03 21:48 . 2013-12-03 21:48 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-03 21:48 . 2013-12-03 21:48 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 21:48 . 2013-12-03 21:48 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-03 21:48 . 2013-12-03 21:48 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-03 21:48 . 2013-12-03 21:48 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-03 21:48 . 2013-12-03 21:48 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-03 21:48 . 2013-12-03 21:48 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-03 21:48 . 2013-12-03 21:48 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-03 21:48 . 2013-12-03 21:48 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 21:48 . 2013-12-03 21:48 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-03 21:48 . 2013-12-03 21:48 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 21:48 . 2013-12-03 21:48 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 21:48 . 2013-12-03 21:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-03 21:48 . 2013-12-03 21:48 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-03 21:48 . 2013-12-03 21:48 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-03 21:48 . 2013-12-03 21:48 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 21:48 . 2013-12-03 21:48 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-03 21:48 . 2013-12-03 21:48 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 21:48 . 2013-12-03 21:48 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-03 21:48 . 2013-12-03 21:48 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 21:48 . 2013-12-03 21:48 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-03 21:48 . 2013-12-03 21:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-03 21:48 . 2013-12-03 21:48 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-03 21:48 . 2013-12-03 21:48 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-03 21:48 . 2013-12-03 21:48 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-03 21:48 . 2013-12-03 21:48 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-03 21:48 . 2013-12-03 21:48 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-03 21:48 . 2013-12-03 21:48 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-03 21:48 . 2013-12-03 21:48 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-03 21:48 . 2013-12-03 21:48 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-03 21:48 . 2013-12-03 21:48 413696 ----a-w- c:\windows\system32\html.iec
2013-12-03 21:48 . 2013-12-03 21:48 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 21:48 . 2013-12-03 21:48 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-03 21:48 . 2013-12-03 21:48 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-03 21:48 . 2013-12-03 21:48 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-03 21:48 . 2013-12-03 21:48 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-03 21:48 . 2013-12-03 21:48 235520 ----a-w- c:\windows\system32\url.dll
2013-12-03 21:48 . 2013-12-03 21:48 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-03 21:48 . 2013-12-03 21:48 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-03 21:48 . 2013-12-03 21:48 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-03 21:48 . 2013-12-03 21:48 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-03 21:48 . 2013-12-03 21:48 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-03 21:48 . 2013-12-03 21:48 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-03 21:48 . 2013-12-03 21:48 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-03 21:48 . 2013-12-03 21:48 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-03 21:48 . 2013-12-03 21:48 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-03 21:48 . 2013-12-03 21:48 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-03 21:48 . 2013-12-03 21:48 135680 ----a-w- c:\windows\system32\iepeers.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]
"Spotify Web Helper"="c:\users\Kanister\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-15 1171968]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\users\Kanister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0461.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 23:18]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 01:04]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 01:04]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000Core.job
- c:\users\Kanister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 04:58]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000UA.job
- c:\users\Kanister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 04:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PokerStars.net - c:\program files (x86)\PokerStars.NET\PokerStarsUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
.
**************************************************************************
.
Celkový čas: 2014-03-02 07:55:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-02 06:55
ComboFix2.txt 2014-02-28 01:01
.
Před spuštěním: 31 052 226 560 bytes free
Po spuštění: 30 859 071 488 bytes free
.
- - End Of File - - D0F1240579B7EDF60E1B76B75F5ED88C
A36C5E4F47E84449FF07ED3517B43A31

Tady to je. Zas tolik jsem toho nepreskocil tim svym testem

Co rikate? Diky!

VIRY.CZ

Prosím o kontrolu logu po nevypínání PC a hlášené chybě ESET

Prosím o kontrolu logu po nevypínání PC a hlášené chybě ESET

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě

Re: Prosím o kontrolu logu po nevypínání PC a hlášené chybě