předem díky
Logfile of random's system information tool 1.10 (written by random/random)
Run by Vlaďka at 2015-03-08 09:30:03
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 116 GB (51%) free of 227 GB
Total RAM: 1975 MB (22% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:19, on 8.3.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16609)
Boot mode: Normal
Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\windows\System32\WScript.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\lcpmncvlqm.exe
C:\windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\system32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
C:\Stahování\RSIT.exe
C:\Program Files\trend micro\Vlaďka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - (no file)
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\HP Webcam" UpdateWithCreateOnce "Software\CyberLink\HP Webcam\1.0"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSStp] C:\windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mncvlqmSrv] C:\windows\system32\mncvlqm.vbe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Vlaďka\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0021311391535687) (0021311391535687mcinstcleanup) - Unknown owner - C:\Users\VLAKA~1\AppData\Local\Temp\002131~1.EXE (file missing)
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Unknown owner - C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 13678 bytes
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228417350-1646184843-2756064733-1004Core.job - C:\Users\Vlaďka\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228417350-1646184843-2756064733-1004UA.job - C:\Users\Vlaďka\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2977d8cc-8902-4340-be88-2c676bf96b8d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
BHO_Startup Class - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-01-14 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-10-10 744376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03 194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-01-28 98064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2012-05-31 405944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{2977d8cc-8902-4340-be88-2c676bf96b8d}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03 194504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-16 186904]
""= []
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-11-28 298536]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2009-02-12 355896]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2009-01-28 24848]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2008-08-08 319000]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-03-10 506936]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04 75016]
"File Sanitizer"=C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2009-01-14 11223040]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-02-18 177720]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2009-01-16 3866624]
"HPCam_Menu"=c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2012-05-31 218880]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-12-11 1310720]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-14 1721640]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-10-27 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-10-27 175128]
"Persistence"=C:\windows\system32\igfxpers.exe [2009-10-27 153624]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
"MSStp"=C:\windows\inf\msstp.vbe [2014-03-05 1584]
"mncvlqmSrv"=C:\windows\system32\mncvlqm.vbe [2014-03-05 7670]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2014-02-05 39408]
"Facebook Update"=C:\Users\Vlaďka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-30 138096]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-11-27 30524520]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [2014-03-13 779776]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-09-09 215040]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveTypeAutoRun"=28
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
======File associations======
.js - edit - C:\windows\System32\Notepad.exe %1
.js - open - C:\windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-03-08 09:22:59 ----D---- C:\rsit
2015-03-08 09:22:59 ----D---- C:\Program Files\trend micro
2015-03-08 08:23:32 ----AS---- C:\windows\system32\lcpmncvlqm.exe
2015-03-08 08:23:32 ----AS---- C:\windows\system32\dcgmncvlqm.exe
2015-03-08 08:23:31 ----D---- C:\windows\system32\bitstreams
2015-03-08 08:23:31 ----AS---- C:\windows\system32\zlib1.dll
2015-03-08 08:23:31 ----AS---- C:\windows\system32\ssleay32.dll
2015-03-08 08:23:31 ----AS---- C:\windows\system32\pthreadVC2.dll
2015-03-08 08:23:31 ----AS---- C:\windows\system32\pthreadGC2.dll
2015-03-08 08:23:31 ----AS---- C:\windows\system32\libssh2.dll
2015-03-08 08:23:31 ----AS---- C:\windows\system32\librtmp.dll
2015-03-08 08:23:31 ----AS---- C:\windows\system32\libidn-11.dll
2015-03-08 08:23:31 ----AS---- C:\windows\system32\libeay32.dll
2015-03-08 08:23:31 ----AS---- C:\windows\system32\libcurl-4.dll
2015-03-08 08:23:31 ----AS---- C:\windows\system32\cudart32_50_35.dll
2015-03-08 08:23:31 ----AS---- C:\windows\system32\acumncvlqm.exe
2015-03-07 06:16:54 ----D---- C:\Users\Vlaďka\AppData\Roaming\Seznam Browser
2015-02-13 18:43:08 ----A---- C:\windows\system32\jscript9.dll
2015-02-13 18:43:07 ----A---- C:\windows\system32\jscript.dll
2015-02-12 20:26:18 ----A---- C:\windows\system32\oleaut32.dll
2015-02-12 20:25:27 ----A---- C:\windows\system32\win32k.sys
2015-02-12 20:25:11 ----A---- C:\windows\system32\WindowsCodecs.dll
2015-02-12 20:21:56 ----A---- C:\windows\system32\drivers\ksecdd.sys
2015-02-12 20:21:19 ----A---- C:\windows\system32\scesrv.dll
2015-02-11 18:55:15 ----A---- C:\windows\system32\vbscript.dll
2015-02-11 18:55:15 ----A---- C:\windows\system32\dxtmsft.dll
2015-02-11 18:55:14 ----A---- C:\windows\system32\wininet.dll
2015-02-11 18:55:14 ----A---- C:\windows\system32\ieui.dll
2015-02-11 18:55:14 ----A---- C:\windows\system32\dxtrans.dll
2015-02-11 18:55:13 ----A---- C:\windows\system32\mshtmled.dll
2015-02-11 18:55:12 ----A---- C:\windows\system32\mshtml.dll
2015-02-11 18:55:10 ----A---- C:\windows\system32\mshta.exe
2015-02-11 18:55:10 ----A---- C:\windows\system32\msfeedssync.exe
2015-02-11 18:55:10 ----A---- C:\windows\system32\msfeedsbs.dll
2015-02-11 18:55:10 ----A---- C:\windows\system32\jsproxy.dll
2015-02-11 18:55:09 ----A---- C:\windows\system32\urlmon.dll
2015-02-11 18:55:09 ----A---- C:\windows\system32\msfeeds.dll
2015-02-11 18:55:08 ----A---- C:\windows\system32\ieUnatt.exe
2015-02-11 18:55:08 ----A---- C:\windows\system32\iertutil.dll
2015-02-11 18:55:07 ----A---- C:\windows\system32\url.dll
2015-02-11 18:55:07 ----A---- C:\windows\system32\ieframe.dll
======List of files/folders modified in the last 1 month======
2015-03-08 09:30:11 ----D---- C:\windows\Prefetch
2015-03-08 09:30:05 ----D---- C:\windows\Temp
2015-03-08 09:29:30 ----D---- C:\Stahování
2015-03-08 09:22:59 ----D---- C:\Program Files
2015-03-08 09:17:59 ----D---- C:\ProgramData\Kaspersky Lab
2015-03-08 08:46:19 ----D---- C:\windows\system32\catroot2
2015-03-08 08:45:57 ----SHD---- C:\System Volume Information
2015-03-08 08:37:51 ----D---- C:\Windows
2015-03-08 08:25:35 ----D---- C:\windows\inf
2015-03-08 08:23:32 ----D---- C:\windows\System32
2015-03-07 21:19:28 ----D---- C:\Users\Vlaďka\AppData\Roaming\.minecraft
2015-03-07 05:19:37 ----D---- C:\ProgramData\PDFC
2015-03-03 16:28:02 ----SHD---- C:\windows\Installer
2015-02-28 17:23:18 ----D---- C:\Users\Vlaďka\AppData\Roaming\HpUpdate
2015-02-26 18:53:12 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-02-24 03:23:36 ----N---- C:\windows\system32\MpSigStub.exe
2015-02-21 05:52:06 ----D---- C:\windows\Debug
2015-02-20 20:01:06 ----D---- C:\Program Files\Microsoft Games
2015-02-15 16:39:37 ----D---- C:\Users\Vlaďka\AppData\Roaming\Skype
2015-02-13 20:38:02 ----D---- C:\windows\winsxs
2015-02-13 18:36:48 ----D---- C:\windows\system32\catroot
2015-02-12 20:43:01 ----D---- C:\windows\system32\migration
2015-02-12 20:43:01 ----D---- C:\Program Files\Internet Explorer
2015-02-12 20:42:59 ----D---- C:\windows\system32\drivers
2015-02-12 20:38:54 ----D---- C:\windows\system32\MRT
2015-02-12 20:27:39 ----A---- C:\windows\system32\mrt.exe
2015-02-12 20:26:03 ----D---- C:\ProgramData\Microsoft Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 25656]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\drivers\iastor.sys [2008-12-04 328728]
R0 KL1;kl1; C:\windows\system32\DRIVERS\kl1.sys [2012-04-13 135984]
R0 MegaSR;MegaSR; C:\windows\system32\drivers\megasr.sys [2008-01-21 386616]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2008-04-08 44944]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2008-10-01 109216]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2008-10-01 51408]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2008-10-01 12960]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2012-05-29 584536]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\windows\system32\DRIVERS\klim6.sys [2012-03-27 23856]
R1 kltdi;kltdi; C:\windows\system32\DRIVERS\kltdi.sys [2012-05-12 43696]
R1 kneps;kneps; C:\windows\system32\DRIVERS\kneps.sys [2012-05-24 140120]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2008-10-01 12528]
R2 regi;regi; C:\windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 33848]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2009-01-16 381440]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2014-03-11 2709056]
R3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-03-11 84008]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2009-03-11 109608]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-03-11 29736]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-03-11 18344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-09-09 4749824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\windows\system32\DRIVERS\klkbdflt.sys [2012-05-25 25432]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\windows\system32\DRIVERS\klmouflt.sys [2012-05-25 25944]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2009-03-26 1765168]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-05-14 245424]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk60x86.sys [2008-11-23 310272]
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files\Movies Toolbar\Datamngr\setmgrc1.cfg []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-31 4232704]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\windows\system32\drivers\usbaudio.sys [2013-07-12 73344]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2013-07-12 134272]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 ASBroker;Logon Session Broker; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ATService;AuthenTec Fingerprint Service; c:\Program Files\Fingerprint Sensor\AtService.exe [2008-10-03 1185016]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2012-05-31 218880]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-03-01 567848]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-12-04 94208]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-10-01 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-01-14 77824]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 26168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-16 354840]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-08-08 777240]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-05 222512]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232]
S2 0021311391535687mcinstcleanup;McAfee Application Installer Cleanup (0021311391535687); C:\Users\VLAKA~1\AppData\Local\Temp\002131~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 DatamngrCoordinator;Datamngr Coordinator; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-05 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-05 116648]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-02-05 194032]
S3 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-02-12 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WPFFontCache_v0400;@C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Zdravim 
Mate tam brouky
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Mate tam brouky
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
hotovo
# AdwCleaner v4.111 - Logfile created 08/03/2015 at 10:42:36
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (x86)
# Username : Vlaďka - VLAĎKA-PC
# Running from : C:\Users\Vlaďka\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : DatamngrCoordinator
[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\YTAHelper
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Movies Toolbar
Folder Deleted : C:\Program Files\ShopperPro
Folder Deleted : C:\Program Files\SupTab
Folder Deleted : C:\Program Files\YouTube Accelerator
Folder Deleted : C:\Program Files\YTAHelper
Folder Deleted : C:\Users\Vlaďka\AppData\Local\MaxiGet Download Manager
Folder Deleted : C:\Users\Vlaďka\AppData\LocalLow\Goobzo
Folder Deleted : C:\Users\Vlaďka\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Vlaďka\AppData\Roaming\IHlpr
File Deleted : C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Deleted : C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKCU\Software\061d9758e2434acac9ea1f487d7ed528
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2977D8CC-8902-4340-BE88-2C676BF96B8D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2977D8CC-8902-4340-BE88-2C676BF96B8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2977D8CC-8902-4340-BE88-2C676BF96B8D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2977D8CC-8902-4340-BE88-2C676BF96B8D}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\APNDTX
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilividmoviestoolbar20
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Web browsers ] *****
-\\ Internet Explorer v9.0.8112.16609
-\\ Google Chrome v40.0.2214.115
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
-\\ Opera v0.0.0.0
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
*************************
AdwCleaner[R0].txt - [10344 bytes] - [08/03/2015 10:39:38]
AdwCleaner[S0].txt - [12608 bytes] - [08/03/2015 10:42:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12668 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 8.3.2015
Čas skenování: 11:00:36
Protokol: logs.txt
Správce: Ano
Verze: 2.00.4.1028
Databáze malwaru: v2015.03.08.04
Databáze rootkitů: v2015.02.25.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: VlaÄ?ka
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 551573
Uplynulý čas: 2 hod, 31 min, 52 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 1
PUP.BitCoinMiner, C:\Windows\System32\lcpmncvlqm.exe, 2864, , [050f9aa98406b38392312e0ac9387f81]
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 2
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-4228417350-1646184843-2756064733-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2977D8CC-8902-4340-BE88-2C676BF96B8D}, , [8b891b2834566acc0d7372a91be830d0],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, , [9282cc7747432c0a69ec70bbb550a759],
Hodnoty registru: 1
Trojan.Agent.SCR, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSStp, C:\windows\inf\msstp.vbe, , [b361a79cc3c7d561bdac459c0ef5867a]
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 5
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr, , [6ea6004335551e180aa0373756adea16],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20, , [a07447fccbbf181eb27c5d14649ff20e],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC, , [a07447fccbbf181eb27c5d14649ff20e],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
Soubory: 76
PUP.BitCoinMiner, C:\Windows\System32\lcpmncvlqm.exe, , [050f9aa98406b38392312e0ac9387f81],
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\GC\uninstall.exe.vir, , [031153f041497bbb29f71ced64a2c040],
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\uninstall.exe.vir, , [37dd360ddab025119b852cddf80e4bb5],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncvlqm.exe, , [d83c55ee1a704de9d34efb4e7c86f010],
Trojan.BitMiner, C:\Windows\System32\dcgmncvlqm.exe, , [74a04cf7fb8f5dd966b619419072817f],
BitcoinMiner, C:\Windows\inf\msiogvcy\msiogvcy.exe, , [b361e45f8604c27493371e09fa079967],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [b361a79cc3c7d561bdac459c0ef5867a],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [7f95c083acde6acc8d5f35d514f19967],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\general.cfg, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-32.cfg, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
Trojan.FileFill, C:\Users\VlaÄ?ka\Desktop\1952C25D.tmp, , [25efc08321697abc8bdc5fb66f962cd4],
PUP.Optional.MindSpark.A, C:\Users\VlaÄ?ka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gamingwonderland.dl.tb.ask.com_0.localstorage-journal, , [56be182b345622148dd678ad07fe6898],
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [6ea6004335551e180aa0373756adea16],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\com.apn.native_messaging_host_aaaaabcbmongicmdegkmmfgdickgnnob.json, , [a07447fccbbf181eb27c5d14649ff20e],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\IACNativeMsgHost.exe, , [a07447fccbbf181eb27c5d14649ff20e],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\toolbar.crx, , [a07447fccbbf181eb27c5d14649ff20e],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\apnuserid.dat, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\appid.dat, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\dtx.ini, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\geodata.xml, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\guid.dat, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\setupCfg.xml, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\sysid.dat, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\trackid.dat, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
# AdwCleaner v4.111 - Logfile created 08/03/2015 at 10:42:36
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (x86)
# Username : Vlaďka - VLAĎKA-PC
# Running from : C:\Users\Vlaďka\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : DatamngrCoordinator
[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\YTAHelper
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Movies Toolbar
Folder Deleted : C:\Program Files\ShopperPro
Folder Deleted : C:\Program Files\SupTab
Folder Deleted : C:\Program Files\YouTube Accelerator
Folder Deleted : C:\Program Files\YTAHelper
Folder Deleted : C:\Users\Vlaďka\AppData\Local\MaxiGet Download Manager
Folder Deleted : C:\Users\Vlaďka\AppData\LocalLow\Goobzo
Folder Deleted : C:\Users\Vlaďka\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Vlaďka\AppData\Roaming\IHlpr
File Deleted : C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Deleted : C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKCU\Software\061d9758e2434acac9ea1f487d7ed528
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2977D8CC-8902-4340-BE88-2C676BF96B8D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2977D8CC-8902-4340-BE88-2C676BF96B8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2977D8CC-8902-4340-BE88-2C676BF96B8D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2977D8CC-8902-4340-BE88-2C676BF96B8D}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\APNDTX
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilividmoviestoolbar20
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Web browsers ] *****
-\\ Internet Explorer v9.0.8112.16609
-\\ Google Chrome v40.0.2214.115
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
-\\ Opera v0.0.0.0
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
[C:\Users\Štěpán\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU&q={searchTerms}
*************************
AdwCleaner[R0].txt - [10344 bytes] - [08/03/2015 10:39:38]
AdwCleaner[S0].txt - [12608 bytes] - [08/03/2015 10:42:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12668 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 8.3.2015
Čas skenování: 11:00:36
Protokol: logs.txt
Správce: Ano
Verze: 2.00.4.1028
Databáze malwaru: v2015.03.08.04
Databáze rootkitů: v2015.02.25.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: VlaÄ?ka
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 551573
Uplynulý čas: 2 hod, 31 min, 52 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 1
PUP.BitCoinMiner, C:\Windows\System32\lcpmncvlqm.exe, 2864, , [050f9aa98406b38392312e0ac9387f81]
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 2
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-4228417350-1646184843-2756064733-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2977D8CC-8902-4340-BE88-2C676BF96B8D}, , [8b891b2834566acc0d7372a91be830d0],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, , [9282cc7747432c0a69ec70bbb550a759],
Hodnoty registru: 1
Trojan.Agent.SCR, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSStp, C:\windows\inf\msstp.vbe, , [b361a79cc3c7d561bdac459c0ef5867a]
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 5
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr, , [6ea6004335551e180aa0373756adea16],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20, , [a07447fccbbf181eb27c5d14649ff20e],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC, , [a07447fccbbf181eb27c5d14649ff20e],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
Soubory: 76
PUP.BitCoinMiner, C:\Windows\System32\lcpmncvlqm.exe, , [050f9aa98406b38392312e0ac9387f81],
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\GC\uninstall.exe.vir, , [031153f041497bbb29f71ced64a2c040],
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\uninstall.exe.vir, , [37dd360ddab025119b852cddf80e4bb5],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncvlqm.exe, , [d83c55ee1a704de9d34efb4e7c86f010],
Trojan.BitMiner, C:\Windows\System32\dcgmncvlqm.exe, , [74a04cf7fb8f5dd966b619419072817f],
BitcoinMiner, C:\Windows\inf\msiogvcy\msiogvcy.exe, , [b361e45f8604c27493371e09fa079967],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [b361a79cc3c7d561bdac459c0ef5867a],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [7f95c083acde6acc8d5f35d514f19967],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\general.cfg, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-32.cfg, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [00141c27e4a681b5e5e619f51aeb6e92],
Trojan.FileFill, C:\Users\VlaÄ?ka\Desktop\1952C25D.tmp, , [25efc08321697abc8bdc5fb66f962cd4],
PUP.Optional.MindSpark.A, C:\Users\VlaÄ?ka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gamingwonderland.dl.tb.ask.com_0.localstorage-journal, , [56be182b345622148dd678ad07fe6898],
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [6ea6004335551e180aa0373756adea16],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\com.apn.native_messaging_host_aaaaabcbmongicmdegkmmfgdickgnnob.json, , [a07447fccbbf181eb27c5d14649ff20e],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\IACNativeMsgHost.exe, , [a07447fccbbf181eb27c5d14649ff20e],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\toolbar.crx, , [a07447fccbbf181eb27c5d14649ff20e],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\apnuserid.dat, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\appid.dat, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\dtx.ini, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\geodata.xml, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\guid.dat, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\setupCfg.xml, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\sysid.dat, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\trackid.dat, , [f91bf44fe7a3c76fe067ec8c8a7912ee],
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
Re: Prosím o kontrolu logu
Vsechny nalezy MBAM hodte do karanteny. Po dalsim restartu pc test s MBAM zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 8.3.2015
Čas skenování: 17:23:29
Protokol: log.txt
Správce: Ano
Verze: 2.00.4.1028
Databáze malwaru: v2015.03.08.04
Databáze rootkitů: v2015.02.25.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: VlaÄ?ka
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 557257
Uplynulý čas: 2 hod, 45 min, 30 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjištěny položek)
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 2
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-4228417350-1646184843-2756064733-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2977D8CC-8902-4340-BE88-2C676BF96B8D}, , [43d1093a0e7c63d3daa6869512f1f40c],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, , [48cc6ed5f3971b1b0a4bf9323bcacf31],
Hodnoty registru: 1
Trojan.Agent.SCR, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSStp, C:\windows\inf\msstp.vbe, , [fc18e06369215cda2049c9185ca7bc44]
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 5
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr, , [71a333107e0cfd399a103737e61dc63a],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20, , [ce4672d1f69444f22b032f4241c21ae6],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC, , [ce4672d1f69444f22b032f4241c21ae6],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20, , [1ef6ed568efcf3435ceb98e029da1ce4],
Soubory: 75
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\GC\uninstall.exe.vir, , [9d77df64f59588ae011f4ebbd036619f],
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\uninstall.exe.vir, , [0f055ae9eaa05dd977a985846d99867a],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncvlqm.exe, , [58bc0d36d3b7171f88996adfef133fc1],
Trojan.BitMiner, C:\Windows\System32\dcgmncvlqm.exe, , [70a4f64d0981c07642da2c2eef134db3],
BitcoinMiner, C:\Windows\inf\msiogvcy\msiogvcy.exe, , [8e86162d3b4ff2446268b27537ca29d7],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [fc18e06369215cda2049c9185ca7bc44],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [9c7813306b1fb284d9133dcd867f6997],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\general.cfg, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-32.cfg, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
Trojan.FileFill, C:\Users\VlaÄ?ka\Desktop\1952C25D.tmp, , [d2420d361c6e2c0a6bfc0b0a29dc41bf],
PUP.Optional.MindSpark.A, C:\Users\VlaÄ?ka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gamingwonderland.dl.tb.ask.com_0.localstorage-journal, , [a173f64d266437ff0c57af76917439c7],
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [71a333107e0cfd399a103737e61dc63a],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\com.apn.native_messaging_host_aaaaabcbmongicmdegkmmfgdickgnnob.json, , [ce4672d1f69444f22b032f4241c21ae6],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\IACNativeMsgHost.exe, , [ce4672d1f69444f22b032f4241c21ae6],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\toolbar.crx, , [ce4672d1f69444f22b032f4241c21ae6],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\apnuserid.dat, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\appid.dat, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\dtx.ini, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\geodata.xml, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\guid.dat, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\setupCfg.xml, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\sysid.dat, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\trackid.dat, , [1ef6ed568efcf3435ceb98e029da1ce4],
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
www.malwarebytes.org
Datum skenování: 8.3.2015
Čas skenování: 17:23:29
Protokol: log.txt
Správce: Ano
Verze: 2.00.4.1028
Databáze malwaru: v2015.03.08.04
Databáze rootkitů: v2015.02.25.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: VlaÄ?ka
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 557257
Uplynulý čas: 2 hod, 45 min, 30 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjištěny položek)
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 2
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-4228417350-1646184843-2756064733-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2977D8CC-8902-4340-BE88-2C676BF96B8D}, , [43d1093a0e7c63d3daa6869512f1f40c],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, , [48cc6ed5f3971b1b0a4bf9323bcacf31],
Hodnoty registru: 1
Trojan.Agent.SCR, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSStp, C:\windows\inf\msstp.vbe, , [fc18e06369215cda2049c9185ca7bc44]
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 5
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr, , [71a333107e0cfd399a103737e61dc63a],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20, , [ce4672d1f69444f22b032f4241c21ae6],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC, , [ce4672d1f69444f22b032f4241c21ae6],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20, , [1ef6ed568efcf3435ceb98e029da1ce4],
Soubory: 75
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\GC\uninstall.exe.vir, , [9d77df64f59588ae011f4ebbd036619f],
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\uninstall.exe.vir, , [0f055ae9eaa05dd977a985846d99867a],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncvlqm.exe, , [58bc0d36d3b7171f88996adfef133fc1],
Trojan.BitMiner, C:\Windows\System32\dcgmncvlqm.exe, , [70a4f64d0981c07642da2c2eef134db3],
BitcoinMiner, C:\Windows\inf\msiogvcy\msiogvcy.exe, , [8e86162d3b4ff2446268b27537ca29d7],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [fc18e06369215cda2049c9185ca7bc44],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [9c7813306b1fb284d9133dcd867f6997],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\general.cfg, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-32.cfg, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak, , [7e96cf742e5c80b6408bbf4fa3629a66],
Trojan.FileFill, C:\Users\VlaÄ?ka\Desktop\1952C25D.tmp, , [d2420d361c6e2c0a6bfc0b0a29dc41bf],
PUP.Optional.MindSpark.A, C:\Users\VlaÄ?ka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gamingwonderland.dl.tb.ask.com_0.localstorage-journal, , [a173f64d266437ff0c57af76917439c7],
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [71a333107e0cfd399a103737e61dc63a],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\com.apn.native_messaging_host_aaaaabcbmongicmdegkmmfgdickgnnob.json, , [ce4672d1f69444f22b032f4241c21ae6],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\IACNativeMsgHost.exe, , [ce4672d1f69444f22b032f4241c21ae6],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\toolbar.crx, , [ce4672d1f69444f22b032f4241c21ae6],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\apnuserid.dat, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\appid.dat, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\dtx.ini, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\geodata.xml, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\guid.dat, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\setupCfg.xml, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\sysid.dat, , [1ef6ed568efcf3435ceb98e029da1ce4],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\trackid.dat, , [1ef6ed568efcf3435ceb98e029da1ce4],
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
Re: Prosím o kontrolu logu
Vzdyt je tam zase uplne vsechno 
Neslo to odstranit?
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)
Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!
Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Neslo to odstranit? Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
ComboFix 15-03-01.01 - Vlaďka 08.03.2015 21:38:13.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.1975.750 [GMT 1:00]
Spuštěný z: c:\users\Vla´ka\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-08 do 2015-03-08 )))))))))))))))))))))))))))))))
.
.
2015-03-08 20:51 . 2015-03-08 20:57 -------- d-----w- c:\users\Vlaďka\AppData\Local\temp
2015-03-08 09:57 . 2015-03-08 20:56 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-08 09:56 . 2015-03-08 09:56 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-08 09:56 . 2015-03-08 09:56 -------- d-----w- c:\programdata\Malwarebytes
2015-03-08 09:56 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-08 09:56 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-08 09:56 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-08 09:39 . 2015-03-08 09:42 -------- d-----w- C:\AdwCleaner
2015-03-08 08:22 . 2015-03-08 08:30 -------- d-----w- c:\program files\trend micro
2015-03-08 08:22 . 2015-03-08 08:24 -------- d-----w- C:\rsit
2015-03-07 05:17 . 2015-03-07 06:06 -------- d-----w- c:\users\Vlaďka\AppData\Local\Seznam.cz
2015-03-07 05:16 . 2015-03-07 05:17 -------- d-----w- c:\users\Vlaďka\AppData\Roaming\Seznam Browser
2015-03-06 18:10 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{916005FF-17A4-4CE5-BB1F-F577ABE86C4C}\mpengine.dll
2015-02-13 17:43 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 19:26 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-12 19:25 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-12 19:25 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-12 19:21 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-12 19:21 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-02-08 06:24 . 2015-02-08 06:24 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 02:23 . 2014-02-04 19:20 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-08 06:23 . 2014-09-01 17:34 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-04 20:50 . 2014-02-05 17:06 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 20:50 . 2014-02-05 17:06 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-19 00:25 . 2015-01-29 13:22 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-02-05 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-11-27 30524520]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE" [2014-03-13 779776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-12 355896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-01-14 11223040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-05-31 218880]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1310720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-14 1721640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-27 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-27 153624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"MSStp"="c:\windows\inf\msstp.vbe" [2014-03-05 1584]
"mncvlqmSrv"="c:\windows\system32\mncvlqm.vbe" [2014-03-05 7670]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-1 789032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 0021311391535687mcinstcleanup;McAfee Application Installer Cleanup (0021311391535687);c:\users\VLAKA~1\AppData\Local\Temp\002131~1.EXE [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Bioscrypt REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 14:03 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 20:50]
.
2015-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-05 20:05]
.
2015-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-05 20:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=92&bd=all&pf=cmnb
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 79.127.195.194 79.127.192.230
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-ilividmoviestoolbar20CR - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\GC\uninstall.exe
AddRemove-ilividmoviestoolbar20IE - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-08 21:56
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(7620)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Fingerprint Sensor\AtService.exe
c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Celkový čas: 2015-03-08 22:03:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-03-08 21:03
.
Před spuštěním: Volných bajtů: 119 973 928 960
Po spuštění: Volných bajtů: 119 661 928 448
.
- - End Of File - - ED74BC4C00B9560E732CC9A3CFA5339F
5C616939100B85E558DA92B899A0FC36
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.1975.750 [GMT 1:00]
Spuštěný z: c:\users\Vla´ka\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-08 do 2015-03-08 )))))))))))))))))))))))))))))))
.
.
2015-03-08 20:51 . 2015-03-08 20:57 -------- d-----w- c:\users\Vlaďka\AppData\Local\temp
2015-03-08 09:57 . 2015-03-08 20:56 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-08 09:56 . 2015-03-08 09:56 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-08 09:56 . 2015-03-08 09:56 -------- d-----w- c:\programdata\Malwarebytes
2015-03-08 09:56 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-08 09:56 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-08 09:56 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-08 09:39 . 2015-03-08 09:42 -------- d-----w- C:\AdwCleaner
2015-03-08 08:22 . 2015-03-08 08:30 -------- d-----w- c:\program files\trend micro
2015-03-08 08:22 . 2015-03-08 08:24 -------- d-----w- C:\rsit
2015-03-07 05:17 . 2015-03-07 06:06 -------- d-----w- c:\users\Vlaďka\AppData\Local\Seznam.cz
2015-03-07 05:16 . 2015-03-07 05:17 -------- d-----w- c:\users\Vlaďka\AppData\Roaming\Seznam Browser
2015-03-06 18:10 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{916005FF-17A4-4CE5-BB1F-F577ABE86C4C}\mpengine.dll
2015-02-13 17:43 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 19:26 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-12 19:25 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-12 19:25 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-12 19:21 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-12 19:21 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-02-08 06:24 . 2015-02-08 06:24 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 02:23 . 2014-02-04 19:20 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-08 06:23 . 2014-09-01 17:34 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-04 20:50 . 2014-02-05 17:06 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 20:50 . 2014-02-05 17:06 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-19 00:25 . 2015-01-29 13:22 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-02-05 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-11-27 30524520]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE" [2014-03-13 779776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-12 355896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-01-14 11223040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-05-31 218880]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1310720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-14 1721640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-27 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-27 153624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"MSStp"="c:\windows\inf\msstp.vbe" [2014-03-05 1584]
"mncvlqmSrv"="c:\windows\system32\mncvlqm.vbe" [2014-03-05 7670]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-1 789032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 0021311391535687mcinstcleanup;McAfee Application Installer Cleanup (0021311391535687);c:\users\VLAKA~1\AppData\Local\Temp\002131~1.EXE [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Bioscrypt REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 14:03 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 20:50]
.
2015-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-05 20:05]
.
2015-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-05 20:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=92&bd=all&pf=cmnb
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 79.127.195.194 79.127.192.230
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-ilividmoviestoolbar20CR - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\GC\uninstall.exe
AddRemove-ilividmoviestoolbar20IE - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-08 21:56
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(7620)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Fingerprint Sensor\AtService.exe
c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Celkový čas: 2015-03-08 22:03:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-03-08 21:03
.
Před spuštěním: Volných bajtů: 119 973 928 960
Po spuštění: Volných bajtů: 119 661 928 448
.
- - End Of File - - ED74BC4C00B9560E732CC9A3CFA5339F
5C616939100B85E558DA92B899A0FC36
Re: Prosím o kontrolu logu
Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )! Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
KillAll::
File::
C:\Windows\System32\lcpmncvlqm.exe
C:\Windows\System32\acumncvlqm.exe
C:\Windows\System32\dcgmncvlqm.exe
C:\Windows\inf\msiogvcy\msiogvcy.exe
C:\Windows\inf\msstp.vbe
C:\Windows\inf\ntvdm.inf
c:\windows\system32\mncvlqm.vbe
Folder::
C:\Program Files\Movies Toolbar
C:\ProgramData\Datamngr
C:\Users\Vlaďka\AppData\LocalLow\DataMngr
C:\Users\Vlaďka\AppData\Local\ilividmoviestoolbar20
C:\Users\Vlaďka\AppData\LocalLow\ilividmoviestoolbar20
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"Skype"=-
"Zoner Photo Studio Autoupdate"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"=-
"HP Software Update"=-
"MSStp"=-
"mncvlqmSrv"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
DDS::
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Driver::
DatamngrCoordinator
0021311391535687mcinstcleanup
Reboot::Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
při mazání souborů CFixem se několikrát objevila hláška"program Catchme.3XE přestal pracovat" po jejím smazání nakonec CF dojel do konce a vypadl log
ComboFix 15-03-09.01 - Vlaďka 09.03.2015 13:42:41.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.1975.854 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\inf\msiogvcy\msiogvcy.exe"
"c:\windows\inf\msstp.vbe"
"c:\windows\inf\ntvdm.inf"
"c:\windows\System32\acumncvlqm.exe"
"c:\windows\System32\dcgmncvlqm.exe"
"c:\windows\System32\lcpmncvlqm.exe"
"c:\windows\system32\mncvlqm.vbe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Datamngr
c:\programdata\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak
c:\programdata\Datamngr\S-1-5-32.cfg
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_0021311391535687mcinstcleanup
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-09 do 2015-03-09 )))))))))))))))))))))))))))))))
.
.
2015-03-09 12:57 . 2015-03-09 13:01 -------- d-----w- c:\users\Vlaďka\AppData\Local\temp
2015-03-09 12:57 . 2015-03-09 12:57 -------- d-----w- c:\users\Štěpán\AppData\Local\temp
2015-03-08 09:57 . 2015-03-09 13:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-08 09:56 . 2015-03-08 09:56 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-08 09:56 . 2015-03-08 09:56 -------- d-----w- c:\programdata\Malwarebytes
2015-03-08 09:56 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-08 09:56 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-08 09:56 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-08 09:39 . 2015-03-08 09:42 -------- d-----w- C:\AdwCleaner
2015-03-08 08:22 . 2015-03-08 08:30 -------- d-----w- c:\program files\trend micro
2015-03-08 08:22 . 2015-03-08 08:24 -------- d-----w- C:\rsit
2015-03-07 05:17 . 2015-03-07 06:06 -------- d-----w- c:\users\Vlaďka\AppData\Local\Seznam.cz
2015-03-07 05:16 . 2015-03-07 05:17 -------- d-----w- c:\users\Vlaďka\AppData\Roaming\Seznam Browser
2015-03-06 18:10 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{916005FF-17A4-4CE5-BB1F-F577ABE86C4C}\mpengine.dll
2015-02-13 17:43 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 19:26 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-12 19:25 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-12 19:25 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-12 19:21 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-12 19:21 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-02-08 06:24 . 2015-02-08 06:24 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 02:23 . 2014-02-04 19:20 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-08 06:23 . 2014-09-01 17:34 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-04 20:50 . 2014-02-05 17:06 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 20:50 . 2014-02-05 17:06 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-19 00:25 . 2015-01-29 13:22 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-12 355896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-01-14 11223040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-05-31 218880]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1310720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-14 1721640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-27 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-27 153624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-1 789032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Bioscrypt REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 14:03 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 20:50]
.
2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-05 20:05]
.
2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-05 20:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 79.127.195.194 79.127.192.230
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-09 14:00
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(6848)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Fingerprint Sensor\AtService.exe
c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Celkový čas: 2015-03-09 14:06:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-03-09 13:05
ComboFix2.txt 2015-03-08 21:03
.
Před spuštěním: Volných bajtů: 119 545 589 760
Po spuštění: Volných bajtů: 119 419 944 960
.
- - End Of File - - D77D04ED82625D1CEA969C1222F1C200
5C616939100B85E558DA92B899A0FC36
ComboFix 15-03-09.01 - Vlaďka 09.03.2015 13:42:41.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.1975.854 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\inf\msiogvcy\msiogvcy.exe"
"c:\windows\inf\msstp.vbe"
"c:\windows\inf\ntvdm.inf"
"c:\windows\System32\acumncvlqm.exe"
"c:\windows\System32\dcgmncvlqm.exe"
"c:\windows\System32\lcpmncvlqm.exe"
"c:\windows\system32\mncvlqm.vbe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Datamngr
c:\programdata\Datamngr\S-1-5-21-4228417350-1646184843-2756064733-1004.cfg.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak.bak
c:\programdata\Datamngr\S-1-5-32.cfg
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_0021311391535687mcinstcleanup
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-09 do 2015-03-09 )))))))))))))))))))))))))))))))
.
.
2015-03-09 12:57 . 2015-03-09 13:01 -------- d-----w- c:\users\Vlaďka\AppData\Local\temp
2015-03-09 12:57 . 2015-03-09 12:57 -------- d-----w- c:\users\Štěpán\AppData\Local\temp
2015-03-08 09:57 . 2015-03-09 13:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-08 09:56 . 2015-03-08 09:56 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-08 09:56 . 2015-03-08 09:56 -------- d-----w- c:\programdata\Malwarebytes
2015-03-08 09:56 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-08 09:56 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-08 09:56 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-08 09:39 . 2015-03-08 09:42 -------- d-----w- C:\AdwCleaner
2015-03-08 08:22 . 2015-03-08 08:30 -------- d-----w- c:\program files\trend micro
2015-03-08 08:22 . 2015-03-08 08:24 -------- d-----w- C:\rsit
2015-03-07 05:17 . 2015-03-07 06:06 -------- d-----w- c:\users\Vlaďka\AppData\Local\Seznam.cz
2015-03-07 05:16 . 2015-03-07 05:17 -------- d-----w- c:\users\Vlaďka\AppData\Roaming\Seznam Browser
2015-03-06 18:10 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{916005FF-17A4-4CE5-BB1F-F577ABE86C4C}\mpengine.dll
2015-02-13 17:43 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 19:26 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-12 19:25 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-12 19:25 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-12 19:21 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-12 19:21 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-02-08 06:24 . 2015-02-08 06:24 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 02:23 . 2014-02-04 19:20 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-08 06:23 . 2014-09-01 17:34 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-04 20:50 . 2014-02-05 17:06 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 20:50 . 2014-02-05 17:06 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-19 00:25 . 2015-01-29 13:22 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-12 355896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-01-14 11223040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-05-31 218880]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1310720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-14 1721640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-27 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-27 153624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-1 789032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Bioscrypt REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 14:03 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 20:50]
.
2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-05 20:05]
.
2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-05 20:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 79.127.195.194 79.127.192.230
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-09 14:00
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(6848)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Fingerprint Sensor\AtService.exe
c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Celkový čas: 2015-03-09 14:06:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-03-09 13:05
ComboFix2.txt 2015-03-08 21:03
.
Před spuštěním: Volných bajtů: 119 545 589 760
Po spuštění: Volných bajtů: 119 419 944 960
.
- - End Of File - - D77D04ED82625D1CEA969C1222F1C200
5C616939100B85E558DA92B899A0FC36
Re: Prosím o kontrolu logu
Zopakujte test s MBAM a napiste jeho vysledek.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 9.3.2015
Čas skenování: 18:34:03
Protokol: log.txt
Správce: Ano
Verze: 2.00.4.1028
Databáze malwaru: v2015.03.09.04
Databáze rootkitů: v2015.02.25.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: VlaÄ?ka
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 572640
Uplynulý čas: 2 hod, 57 min, 25 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjištěny položek)
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 2
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-4228417350-1646184843-2756064733-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2977D8CC-8902-4340-BE88-2C676BF96B8D}, , [81f75ce796f4b185bf88ee2e4fb4df21],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, , [01773112622890a6b39ffb31ec19b24e],
Hodnoty registru: 0
(Žádné zákerné zjištěny položek)
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 4
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr, , [a6d29fa42e5cc76f3d3419562ed510f0],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20, , [096f75cee4a636002acba9c8ec17956b],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC, , [096f75cee4a636002acba9c8ec17956b],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20, , [3a3e261d1179280ed7374d2cbf44b848],
Soubory: 20
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\GC\uninstall.exe.vir, , [591f0142fa9089ad73c0ef1bd333fd03],
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\uninstall.exe.vir, , [9ddbfc470c7e1521e35054b636d0ff01],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncvlqm.exe, , [651389ba4c3e7eb82eae1e2bfb07fe02],
BitcoinMiner, C:\Windows\inf\msiogvcy\msiogvcy.exe, , [7602d76c5e2c51e5ec0080a77190639d],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [c5b349fa8efc2d09b9ad0ad8b44fc33d],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [621698ab7e0ca2947871da314bbab34d],
Trojan.FileFill, C:\Users\VlaÄ?ka\Desktop\1952C25D.tmp, , [3c3c9ba8d5b5fd393d27ea2c26df58a8],
PUP.Optional.MindSpark.A, C:\Users\VlaÄ?ka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gamingwonderland.dl.tb.ask.com_0.localstorage-journal, , [9fd9e75cdab04aec87d99195e4215ca4],
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [a6d29fa42e5cc76f3d3419562ed510f0],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\com.apn.native_messaging_host_aaaaabcbmongicmdegkmmfgdickgnnob.json, , [096f75cee4a636002acba9c8ec17956b],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\IACNativeMsgHost.exe, , [096f75cee4a636002acba9c8ec17956b],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\toolbar.crx, , [096f75cee4a636002acba9c8ec17956b],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\apnuserid.dat, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\appid.dat, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\dtx.ini, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\geodata.xml, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\guid.dat, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\setupCfg.xml, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\sysid.dat, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\trackid.dat, , [3a3e261d1179280ed7374d2cbf44b848],
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
www.malwarebytes.org
Datum skenování: 9.3.2015
Čas skenování: 18:34:03
Protokol: log.txt
Správce: Ano
Verze: 2.00.4.1028
Databáze malwaru: v2015.03.09.04
Databáze rootkitů: v2015.02.25.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: VlaÄ?ka
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 572640
Uplynulý čas: 2 hod, 57 min, 25 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjištěny položek)
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 2
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-4228417350-1646184843-2756064733-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2977D8CC-8902-4340-BE88-2C676BF96B8D}, , [81f75ce796f4b185bf88ee2e4fb4df21],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, , [01773112622890a6b39ffb31ec19b24e],
Hodnoty registru: 0
(Žádné zákerné zjištěny položek)
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 4
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr, , [a6d29fa42e5cc76f3d3419562ed510f0],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20, , [096f75cee4a636002acba9c8ec17956b],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC, , [096f75cee4a636002acba9c8ec17956b],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20, , [3a3e261d1179280ed7374d2cbf44b848],
Soubory: 20
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\GC\uninstall.exe.vir, , [591f0142fa9089ad73c0ef1bd333fd03],
PUP.Optional.MoviesToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\uninstall.exe.vir, , [9ddbfc470c7e1521e35054b636d0ff01],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncvlqm.exe, , [651389ba4c3e7eb82eae1e2bfb07fe02],
BitcoinMiner, C:\Windows\inf\msiogvcy\msiogvcy.exe, , [7602d76c5e2c51e5ec0080a77190639d],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [c5b349fa8efc2d09b9ad0ad8b44fc33d],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [621698ab7e0ca2947871da314bbab34d],
Trojan.FileFill, C:\Users\VlaÄ?ka\Desktop\1952C25D.tmp, , [3c3c9ba8d5b5fd393d27ea2c26df58a8],
PUP.Optional.MindSpark.A, C:\Users\VlaÄ?ka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gamingwonderland.dl.tb.ask.com_0.localstorage-journal, , [9fd9e75cdab04aec87d99195e4215ca4],
PUP.Optional.Datamngr.A, C:\Users\VlaÄ?ka\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [a6d29fa42e5cc76f3d3419562ed510f0],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\com.apn.native_messaging_host_aaaaabcbmongicmdegkmmfgdickgnnob.json, , [096f75cee4a636002acba9c8ec17956b],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\IACNativeMsgHost.exe, , [096f75cee4a636002acba9c8ec17956b],
PUP.Optional.MoviesToolBar.A, C:\Users\VlaÄ?ka\AppData\Local\ilividmoviestoolbar20\GC\toolbar.crx, , [096f75cee4a636002acba9c8ec17956b],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\apnuserid.dat, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\appid.dat, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\dtx.ini, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\geodata.xml, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\guid.dat, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\setupCfg.xml, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\sysid.dat, , [3a3e261d1179280ed7374d2cbf44b848],
PUP.Optional.MoviesToolbar.A, C:\Users\VlaÄ?ka\AppData\LocalLow\ilividmoviestoolbar20\trackid.dat, , [3a3e261d1179280ed7374d2cbf44b848],
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
Re: Prosím o kontrolu logu
Postupujte presne v tomto poradi. 1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.
Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
test proběhl - nic nenašel a nevytvořil ani log
zapnul jsem funkci obnovy
jaký bude další postup
díky
zapnul jsem funkci obnovy
jaký bude další postup
díky
Re: Prosím o kontrolu logu
MBAM odinstalujte. Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2015
Ran by Vlaďka (administrator) on VLAĎKA-PC on 10-03-2015 19:14:13
Running from C:\Users\Vlaďka\Desktop
Loaded Profiles: Vlaďka (Available profiles: Vlaďka)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(SafeBoot International) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accoca.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(forum.viry.cz) C:\Users\Vlaďka\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-16] (Intel Corporation)
HKLM\...\Run: [accrdsub] => c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [298536 2007-11-28] (ActivIdentity)
HKLM\...\Run: [PTHOSTTR] => c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [355896 2009-02-12] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [506936 2009-03-10] (Hewlett-Packard)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11223040 2009-01-14] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177720 2009-02-18] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HPCam_Menu] => c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1310720 2008-12-11] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-14] (Synaptics Incorporated)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
AppInit_DLLs: APSHook.dll => C:\windows\system32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4228417350-1646184843-2756064733-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4228417350-1646184843-2756064733-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-4228417350-1646184843-2756064733-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4228417350-1646184843-2756064733-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-4228417350-1646184843-2756064733-1004 -> {DD1F6706-0790-479A-AF28-174219B795AC} URL = https://www.google.com/search?q={searchTerms}
BHO: BHO_Startup Class -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-01-14] (Hewlett-Packard)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-10-10] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-01-28] (Bioscrypt Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2012-05-31] (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-4228417350-1646184843-2756064733-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation)
Winsock: Catalog5 02 C:\windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 79.127.195.194 79.127.192.230
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4228417350-1646184843-2756064733-1004: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Vlaďka\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-4228417350-1646184843-2756064733-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vlaďka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-04]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基网址顾问 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2014-02-05]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 安全键盘 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2014-02-05]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/", "hxxp://myhome.vi-view.com/?type=hp&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-09]
CHR Extension: (Google Drive) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-09]
CHR Extension: (YouTube) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-09]
CHR Extension: (Google Search) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-09]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-05-09]
CHR Extension: (Virtual Keyboard) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-05-09]
CHR Extension: (GTA 5 - Dog Bark) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpakkadnphlpadcgeippmigaobkkahal [2014-12-20]
CHR Extension: (Google Wallet) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-09]
CHR Extension: (Gmail) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-09]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-10]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [185896 2007-11-28] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [186640 2009-01-28] (Bioscrypt Inc.)
R2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [149776 2009-01-28] (Bioscrypt Inc.)
R2 ATService; c:\Program Files\Fingerprint Sensor\AtService.exe [1185016 2008-10-03] (AuthenTec, Inc.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S3 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-02-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2008-10-01] (SafeBoot International)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-01-14] (Hewlett-Packard) [File not signed]
R3 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-23] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [777240 2008-08-08] (PDF Complete Inc)
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R0 KL1; C:\windows\System32\DRIVERS\kl1.sys [135984 2012-04-13] (Kaspersky Lab ZAO)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [584536 2012-05-29] (Kaspersky Lab)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [23856 2012-03-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25432 2012-05-25] (Kaspersky Lab)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25944 2012-05-25] (Kaspersky Lab)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [43696 2012-05-12] (Kaspersky Lab)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [140120 2012-05-24] (Kaspersky Lab)
R3 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [12528 2008-10-01] (SafeBoot International)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [109216 2008-10-01] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51408 2008-10-01] (SafeBoot N.V.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [12960 2008-10-01] (SafeBoot International)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-03-26] ()
U5 AppMgmt; C:\windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [69976 2012-05-29] (Kaspersky Lab)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 19:14 - 2015-03-10 19:14 - 00019842 _____ () C:\Users\Vlaďka\Desktop\FRST.txt
2015-03-10 19:14 - 2015-03-10 19:14 - 00000000 ____D () C:\FRST
2015-03-10 19:11 - 2015-03-10 19:11 - 00112640 _____ (forum.viry.cz) C:\Users\Vlaďka\Desktop\FRSTLauncher.exe
2015-03-10 19:07 - 2015-03-10 19:08 - 01134592 _____ (Farbar) C:\Users\Vlaďka\Desktop\FRST.exe
2015-03-10 17:16 - 2015-03-10 15:33 - 00032198 _____ () C:\Users\Vlaďka\Desktop\Report.htm
2015-03-09 14:06 - 2015-03-09 14:06 - 00011161 _____ () C:\ComboFix.txt
2015-03-09 13:38 - 2015-03-09 14:06 - 00000000 ____D () C:\ComboFix
2015-03-08 21:34 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-03-08 21:34 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-03-08 21:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-03-08 21:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-03-08 21:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-03-08 21:34 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-03-08 21:34 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-03-08 21:34 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-03-08 21:33 - 2015-03-09 14:06 - 00000000 ____D () C:\Qoobox
2015-03-08 21:32 - 2015-03-09 13:57 - 00000000 ____D () C:\windows\erdnt
2015-03-08 21:29 - 2015-03-09 12:06 - 05613296 ____R (Swearware) C:\ComboFix.exe
2015-03-08 14:38 - 2015-03-09 13:59 - 00001988 _____ () C:\windows\PFRO.log
2015-03-08 10:56 - 2015-03-08 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 10:39 - 2015-03-08 10:42 - 00000000 ____D () C:\AdwCleaner
2015-03-08 10:34 - 2015-03-08 10:34 - 02126848 _____ () C:\Users\Vlaďka\Desktop\adwcleaner_4.111.exe
2015-03-08 09:22 - 2015-03-08 09:30 - 00000000 ____D () C:\Program Files\trend micro
2015-03-08 09:22 - 2015-03-08 09:24 - 00000000 ____D () C:\rsit
2015-03-08 08:51 - 2015-03-08 08:51 - 00000966 _____ () C:\Users\Vlaďka\Documents\cc_20150308_085141.reg
2015-03-08 08:43 - 2015-03-09 12:00 - 00000003 _____ () C:\Users\Vlaďka\stut
2015-03-08 08:40 - 2015-03-08 17:04 - 00000062 _____ () C:\Users\Vlaďka\rgut
2015-03-08 08:23 - 2015-03-08 08:23 - 00000000 ____D () C:\windows\system32\bitstreams
2015-03-08 08:23 - 2014-03-05 22:19 - 00007670 ____S () C:\windows\system32\mncvlqm.vbe
2015-03-08 08:23 - 2013-10-26 20:30 - 01704448 ____S (The OpenSSL Project, http://www.openssl.org/) C:\windows\system32\libeay32.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00538126 ____S () C:\windows\system32\libcurl-4.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00364544 ____S (The OpenSSL Project, http://www.openssl.org/) C:\windows\system32\ssleay32.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00192512 ____S () C:\windows\system32\libidn-11.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00171008 ____S (The libssh2 library, http://www.libssh2.org/) C:\windows\system32\libssh2.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00133632 ____S () C:\windows\system32\librtmp.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00044727 ____S () C:\windows\system32\diablo130302.cl
2015-03-08 08:23 - 2013-10-26 20:30 - 00043810 ____S () C:\windows\system32\poclbm130302.cl
2015-03-08 08:23 - 2013-10-26 20:30 - 00030802 ____S () C:\windows\system32\diakgcn121016.cl
2015-03-08 08:23 - 2013-10-26 20:30 - 00023825 ____S () C:\windows\system32\scrypt130511.cl
2015-03-08 08:23 - 2013-10-26 20:30 - 00013062 ____S () C:\windows\system32\phatk121016.cl
2015-03-08 08:23 - 2013-06-12 15:15 - 00119888 ____S (Open Source Software community LGPL) C:\windows\system32\pthreadGC2.dll
2015-03-08 08:23 - 2013-06-12 15:15 - 00100864 ____S () C:\windows\system32\zlib1.dll
2015-03-08 08:23 - 2012-09-25 23:46 - 00472424 ____S (NVIDIA Corporation) C:\windows\system32\cudart32_50_35.dll
2015-03-08 08:23 - 2012-05-27 01:36 - 00055808 ____S (Open Source Software community LGPL) C:\windows\system32\pthreadVC2.dll
2015-03-07 18:40 - 2015-03-10 19:01 - 00001032 _____ () C:\Users\Vlaďka\Desktop\Štěpán.J.lnk
2015-03-07 18:40 - 2015-03-07 18:40 - 00000000 ____D () C:\Users\Vlaďka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
2015-03-07 06:17 - 2015-03-07 07:06 - 00000000 ____D () C:\Users\Vlaďka\AppData\Local\Seznam.cz
2015-03-07 06:17 - 2015-03-07 06:17 - 00001803 _____ () C:\Users\Vlaďka\Desktop\Seznam.cz.lnk
2015-03-07 06:17 - 2015-03-07 06:17 - 00001783 _____ () C:\Users\Vlaďka\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.lnk
2015-03-07 06:16 - 2015-03-07 06:17 - 00000000 ____D () C:\Users\Vlaďka\AppData\Roaming\Seznam Browser
2015-03-07 05:25 - 2015-03-07 05:25 - 00002680 _____ () C:\Users\Vlaďka\Documents\cc_20150307_052540.reg
2015-03-01 17:41 - 2015-03-01 19:09 - 1405798989 _____ () C:\Users\Vlaďka\Downloads\[PSP]-Secret-Agent-Clank.cso
2015-02-28 05:37 - 2015-02-28 05:37 - 00003086 _____ () C:\Users\Vlaďka\Documents\cc_20150228_053752.reg
2015-02-21 05:53 - 2015-02-21 05:53 - 00002692 _____ () C:\Users\Vlaďka\Documents\cc_20150221_055306.reg
2015-02-13 18:43 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-13 18:43 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-02-12 20:26 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-12 20:25 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-12 20:25 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-12 20:21 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-12 20:21 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 18:55 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 18:55 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-02-11 18:55 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 18:55 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 18:55 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 18:55 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 18:55 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 18:55 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 18:55 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 18:55 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-02-11 18:55 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 18:55 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 18:55 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-02-11 18:55 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-02-08 07:25 - 2015-02-08 07:22 - 00176552 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2015-02-08 07:25 - 2015-02-08 07:22 - 00176552 _____ (Oracle Corporation) C:\windows\system32\java.exe
2015-02-08 07:24 - 2015-02-08 07:24 - 00000000 ____D () C:\Program Files\Common Files\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 19:06 - 2014-02-04 18:13 - 01923249 _____ () C:\windows\WindowsUpdate.log
2015-03-10 19:02 - 2014-02-05 21:05 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 19:01 - 2014-02-05 21:06 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 19:01 - 2014-02-05 17:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-10 18:59 - 2006-11-02 13:58 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-10 18:59 - 2006-11-02 13:45 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 18:59 - 2006-11-02 13:45 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 18:58 - 2006-11-02 13:58 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-03-10 18:57 - 2014-02-04 18:14 - 00002052 _____ () C:\windows\bthservsdp.dat
2015-03-10 18:50 - 2014-02-05 18:07 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 17:17 - 2006-11-02 11:33 - 01602340 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-10 16:01 - 2014-02-18 15:22 - 00000052 _____ () C:\windows\system32\DOErrors.log
2015-03-09 14:00 - 2006-11-02 11:23 - 00000215 _____ () C:\windows\system.ini
2015-03-09 13:58 - 2006-11-02 11:22 - 55967744 _____ () C:\windows\system32\config\COMPON~3.bak
2015-03-09 13:58 - 2006-11-02 11:22 - 46116864 _____ () C:\windows\system32\config\software.bak
2015-03-09 13:58 - 2006-11-02 11:22 - 21757952 _____ () C:\windows\system32\config\system.bak
2015-03-09 13:58 - 2006-11-02 11:22 - 00167936 _____ () C:\windows\system32\config\default.bak
2015-03-09 13:58 - 2006-11-02 11:22 - 00098304 _____ () C:\windows\system32\config\sam.bak
2015-03-09 13:58 - 2006-11-02 11:22 - 00040960 _____ () C:\windows\system32\config\security.bak
2015-03-09 13:56 - 2014-09-04 18:40 - 00000000 ____D () C:\Users\Vlaďka\AppData\Local\CrashDumps
2015-03-08 22:03 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-03-08 09:29 - 2014-02-06 21:03 - 00000000 ____D () C:\Stahování
2015-03-08 08:43 - 2014-02-04 18:23 - 00000000 ____D () C:\Users\Vlaďka
2015-03-08 08:25 - 2014-03-02 08:19 - 00262144 _____ () C:\windows\system32\config\elam
2015-03-07 21:19 - 2014-08-29 18:48 - 00000000 ____D () C:\Users\Vlaďka\AppData\Roaming\.minecraft
2015-03-07 05:19 - 2009-06-22 11:28 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-03 16:29 - 2014-02-05 21:05 - 00000000 ____D () C:\Users\Vlaďka\AppData\Local\Google
2015-03-02 18:22 - 2014-09-01 20:29 - 00000000 ____D () C:\Users\Vlaďka\Desktop\Štěpán
2015-02-28 17:23 - 2014-10-14 16:20 - 00000000 ____D () C:\Users\Vlaďka\AppData\Roaming\HpUpdate
2015-02-26 20:15 - 2014-02-06 22:32 - 00026624 _____ () C:\Users\Vlaďka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-24 03:23 - 2014-02-04 20:20 - 00246920 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-20 20:01 - 2006-11-02 13:35 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-02-20 15:14 - 2014-05-09 18:40 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-15 16:48 - 2014-02-05 19:00 - 00002635 _____ () C:\Users\Vlaďka\Desktop\Microsoft Office Word 2007.lnk
2015-02-15 16:39 - 2014-10-08 18:42 - 00000000 ____D () C:\Users\Vlaďka\AppData\Roaming\Skype
2015-02-12 20:54 - 2006-11-02 13:44 - 00411608 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-12 20:38 - 2014-02-04 19:16 - 00000000 ____D () C:\windows\system32\MRT
2015-02-12 20:27 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe
2015-02-12 20:26 - 2009-06-22 11:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-08 07:26 - 2014-02-06 19:15 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-08 07:25 - 2014-10-19 08:47 - 00000000 ____D () C:\Program Files\Java
2015-02-08 07:23 - 2014-09-01 18:34 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-02-08 07:22 - 2014-10-19 08:48 - 00272296 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
==================== Files in the root of some directories =======
2014-02-04 18:40 - 2014-02-04 18:40 - 0000000 _____ () C:\Users\Vlaďka\AppData\Local\AtStart.txt
2014-02-06 22:32 - 2015-02-26 20:15 - 0026624 _____ () C:\Users\Vlaďka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-04 18:40 - 2014-02-04 18:40 - 0000000 _____ () C:\Users\Vlaďka\AppData\Local\DSwitch.txt
2014-09-13 04:34 - 2014-09-13 04:34 - 0001080 _____ () C:\Users\Vlaďka\AppData\Local\MRDownloader.nast
2014-02-04 18:40 - 2014-02-04 18:40 - 0000000 _____ () C:\Users\Vlaďka\AppData\Local\QSwitch.txt
2014-11-22 17:07 - 2014-12-18 18:10 - 0000085 ___SH () C:\ProgramData\.zreglib
2009-06-22 11:52 - 2009-06-22 11:52 - 0000185 _____ () C:\ProgramData\HPWALog.txt
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Kaspersky Anti-Virus (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Vla�ka\Desktop" je 2105 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000001
==================== End Of Log ==============================
Ran by Vlaďka (administrator) on VLAĎKA-PC on 10-03-2015 19:14:13
Running from C:\Users\Vlaďka\Desktop
Loaded Profiles: Vlaďka (Available profiles: Vlaďka)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(SafeBoot International) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accoca.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(forum.viry.cz) C:\Users\Vlaďka\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-16] (Intel Corporation)
HKLM\...\Run: [accrdsub] => c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [298536 2007-11-28] (ActivIdentity)
HKLM\...\Run: [PTHOSTTR] => c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [355896 2009-02-12] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [506936 2009-03-10] (Hewlett-Packard)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11223040 2009-01-14] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177720 2009-02-18] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HPCam_Menu] => c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1310720 2008-12-11] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-14] (Synaptics Incorporated)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
AppInit_DLLs: C:\Windows\System32\APSHook.dll => C:\Windows\System32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
AppInit_DLLs: APSHook.dll => C:\windows\system32\APSHook.dll [76560 2009-01-28] (Bioscrypt Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4228417350-1646184843-2756064733-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4228417350-1646184843-2756064733-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-4228417350-1646184843-2756064733-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4228417350-1646184843-2756064733-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-4228417350-1646184843-2756064733-1004 -> {DD1F6706-0790-479A-AF28-174219B795AC} URL = https://www.google.com/search?q={searchTerms}
BHO: BHO_Startup Class -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-01-14] (Hewlett-Packard)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-10-10] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-01-28] (Bioscrypt Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2012-05-31] (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-4228417350-1646184843-2756064733-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation)
Winsock: Catalog5 02 C:\windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 79.127.195.194 79.127.192.230
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4228417350-1646184843-2756064733-1004: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Vlaďka\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-4228417350-1646184843-2756064733-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vlaďka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-04]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基网址顾问 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2014-02-05]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 安全键盘 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2014-02-05]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/", "hxxp://myhome.vi-view.com/?type=hp&ts=1406608097&from=epom&uid=FUJITSUXMJA2250BHXG2_K94PT982EFRU"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-09]
CHR Extension: (Google Drive) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-09]
CHR Extension: (YouTube) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-09]
CHR Extension: (Google Search) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-09]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-05-09]
CHR Extension: (Virtual Keyboard) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-05-09]
CHR Extension: (GTA 5 - Dog Bark) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpakkadnphlpadcgeippmigaobkkahal [2014-12-20]
CHR Extension: (Google Wallet) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-09]
CHR Extension: (Gmail) - C:\Users\Vlaďka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-09]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-10]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [185896 2007-11-28] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [186640 2009-01-28] (Bioscrypt Inc.)
R2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [149776 2009-01-28] (Bioscrypt Inc.)
R2 ATService; c:\Program Files\Fingerprint Sensor\AtService.exe [1185016 2008-10-03] (AuthenTec, Inc.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S3 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-02-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2008-10-01] (SafeBoot International)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-01-14] (Hewlett-Packard) [File not signed]
R3 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-23] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [777240 2008-08-08] (PDF Complete Inc)
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R0 KL1; C:\windows\System32\DRIVERS\kl1.sys [135984 2012-04-13] (Kaspersky Lab ZAO)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [584536 2012-05-29] (Kaspersky Lab)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [23856 2012-03-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25432 2012-05-25] (Kaspersky Lab)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25944 2012-05-25] (Kaspersky Lab)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [43696 2012-05-12] (Kaspersky Lab)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [140120 2012-05-24] (Kaspersky Lab)
R3 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [12528 2008-10-01] (SafeBoot International)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [109216 2008-10-01] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51408 2008-10-01] (SafeBoot N.V.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [12960 2008-10-01] (SafeBoot International)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-03-26] ()
U5 AppMgmt; C:\windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [69976 2012-05-29] (Kaspersky Lab)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 19:14 - 2015-03-10 19:14 - 00019842 _____ () C:\Users\Vlaďka\Desktop\FRST.txt
2015-03-10 19:14 - 2015-03-10 19:14 - 00000000 ____D () C:\FRST
2015-03-10 19:11 - 2015-03-10 19:11 - 00112640 _____ (forum.viry.cz) C:\Users\Vlaďka\Desktop\FRSTLauncher.exe
2015-03-10 19:07 - 2015-03-10 19:08 - 01134592 _____ (Farbar) C:\Users\Vlaďka\Desktop\FRST.exe
2015-03-10 17:16 - 2015-03-10 15:33 - 00032198 _____ () C:\Users\Vlaďka\Desktop\Report.htm
2015-03-09 14:06 - 2015-03-09 14:06 - 00011161 _____ () C:\ComboFix.txt
2015-03-09 13:38 - 2015-03-09 14:06 - 00000000 ____D () C:\ComboFix
2015-03-08 21:34 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-03-08 21:34 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-03-08 21:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-03-08 21:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-03-08 21:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-03-08 21:34 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-03-08 21:34 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-03-08 21:34 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-03-08 21:33 - 2015-03-09 14:06 - 00000000 ____D () C:\Qoobox
2015-03-08 21:32 - 2015-03-09 13:57 - 00000000 ____D () C:\windows\erdnt
2015-03-08 21:29 - 2015-03-09 12:06 - 05613296 ____R (Swearware) C:\ComboFix.exe
2015-03-08 14:38 - 2015-03-09 13:59 - 00001988 _____ () C:\windows\PFRO.log
2015-03-08 10:56 - 2015-03-08 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 10:39 - 2015-03-08 10:42 - 00000000 ____D () C:\AdwCleaner
2015-03-08 10:34 - 2015-03-08 10:34 - 02126848 _____ () C:\Users\Vlaďka\Desktop\adwcleaner_4.111.exe
2015-03-08 09:22 - 2015-03-08 09:30 - 00000000 ____D () C:\Program Files\trend micro
2015-03-08 09:22 - 2015-03-08 09:24 - 00000000 ____D () C:\rsit
2015-03-08 08:51 - 2015-03-08 08:51 - 00000966 _____ () C:\Users\Vlaďka\Documents\cc_20150308_085141.reg
2015-03-08 08:43 - 2015-03-09 12:00 - 00000003 _____ () C:\Users\Vlaďka\stut
2015-03-08 08:40 - 2015-03-08 17:04 - 00000062 _____ () C:\Users\Vlaďka\rgut
2015-03-08 08:23 - 2015-03-08 08:23 - 00000000 ____D () C:\windows\system32\bitstreams
2015-03-08 08:23 - 2014-03-05 22:19 - 00007670 ____S () C:\windows\system32\mncvlqm.vbe
2015-03-08 08:23 - 2013-10-26 20:30 - 01704448 ____S (The OpenSSL Project, http://www.openssl.org/) C:\windows\system32\libeay32.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00538126 ____S () C:\windows\system32\libcurl-4.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00364544 ____S (The OpenSSL Project, http://www.openssl.org/) C:\windows\system32\ssleay32.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00192512 ____S () C:\windows\system32\libidn-11.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00171008 ____S (The libssh2 library, http://www.libssh2.org/) C:\windows\system32\libssh2.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00133632 ____S () C:\windows\system32\librtmp.dll
2015-03-08 08:23 - 2013-10-26 20:30 - 00044727 ____S () C:\windows\system32\diablo130302.cl
2015-03-08 08:23 - 2013-10-26 20:30 - 00043810 ____S () C:\windows\system32\poclbm130302.cl
2015-03-08 08:23 - 2013-10-26 20:30 - 00030802 ____S () C:\windows\system32\diakgcn121016.cl
2015-03-08 08:23 - 2013-10-26 20:30 - 00023825 ____S () C:\windows\system32\scrypt130511.cl
2015-03-08 08:23 - 2013-10-26 20:30 - 00013062 ____S () C:\windows\system32\phatk121016.cl
2015-03-08 08:23 - 2013-06-12 15:15 - 00119888 ____S (Open Source Software community LGPL) C:\windows\system32\pthreadGC2.dll
2015-03-08 08:23 - 2013-06-12 15:15 - 00100864 ____S () C:\windows\system32\zlib1.dll
2015-03-08 08:23 - 2012-09-25 23:46 - 00472424 ____S (NVIDIA Corporation) C:\windows\system32\cudart32_50_35.dll
2015-03-08 08:23 - 2012-05-27 01:36 - 00055808 ____S (Open Source Software community LGPL) C:\windows\system32\pthreadVC2.dll
2015-03-07 18:40 - 2015-03-10 19:01 - 00001032 _____ () C:\Users\Vlaďka\Desktop\Štěpán.J.lnk
2015-03-07 18:40 - 2015-03-07 18:40 - 00000000 ____D () C:\Users\Vlaďka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
2015-03-07 06:17 - 2015-03-07 07:06 - 00000000 ____D () C:\Users\Vlaďka\AppData\Local\Seznam.cz
2015-03-07 06:17 - 2015-03-07 06:17 - 00001803 _____ () C:\Users\Vlaďka\Desktop\Seznam.cz.lnk
2015-03-07 06:17 - 2015-03-07 06:17 - 00001783 _____ () C:\Users\Vlaďka\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.lnk
2015-03-07 06:16 - 2015-03-07 06:17 - 00000000 ____D () C:\Users\Vlaďka\AppData\Roaming\Seznam Browser
2015-03-07 05:25 - 2015-03-07 05:25 - 00002680 _____ () C:\Users\Vlaďka\Documents\cc_20150307_052540.reg
2015-03-01 17:41 - 2015-03-01 19:09 - 1405798989 _____ () C:\Users\Vlaďka\Downloads\[PSP]-Secret-Agent-Clank.cso
2015-02-28 05:37 - 2015-02-28 05:37 - 00003086 _____ () C:\Users\Vlaďka\Documents\cc_20150228_053752.reg
2015-02-21 05:53 - 2015-02-21 05:53 - 00002692 _____ () C:\Users\Vlaďka\Documents\cc_20150221_055306.reg
2015-02-13 18:43 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-13 18:43 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-02-12 20:26 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-12 20:25 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-12 20:25 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-12 20:21 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-12 20:21 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 18:55 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 18:55 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-02-11 18:55 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 18:55 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 18:55 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 18:55 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 18:55 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 18:55 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 18:55 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 18:55 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-02-11 18:55 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 18:55 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 18:55 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-02-11 18:55 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-02-11 18:55 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-02-08 07:25 - 2015-02-08 07:22 - 00176552 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2015-02-08 07:25 - 2015-02-08 07:22 - 00176552 _____ (Oracle Corporation) C:\windows\system32\java.exe
2015-02-08 07:24 - 2015-02-08 07:24 - 00000000 ____D () C:\Program Files\Common Files\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 19:06 - 2014-02-04 18:13 - 01923249 _____ () C:\windows\WindowsUpdate.log
2015-03-10 19:02 - 2014-02-05 21:05 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 19:01 - 2014-02-05 21:06 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 19:01 - 2014-02-05 17:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-10 18:59 - 2006-11-02 13:58 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-10 18:59 - 2006-11-02 13:45 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 18:59 - 2006-11-02 13:45 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 18:58 - 2006-11-02 13:58 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-03-10 18:57 - 2014-02-04 18:14 - 00002052 _____ () C:\windows\bthservsdp.dat
2015-03-10 18:50 - 2014-02-05 18:07 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 17:17 - 2006-11-02 11:33 - 01602340 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-10 16:01 - 2014-02-18 15:22 - 00000052 _____ () C:\windows\system32\DOErrors.log
2015-03-09 14:00 - 2006-11-02 11:23 - 00000215 _____ () C:\windows\system.ini
2015-03-09 13:58 - 2006-11-02 11:22 - 55967744 _____ () C:\windows\system32\config\COMPON~3.bak
2015-03-09 13:58 - 2006-11-02 11:22 - 46116864 _____ () C:\windows\system32\config\software.bak
2015-03-09 13:58 - 2006-11-02 11:22 - 21757952 _____ () C:\windows\system32\config\system.bak
2015-03-09 13:58 - 2006-11-02 11:22 - 00167936 _____ () C:\windows\system32\config\default.bak
2015-03-09 13:58 - 2006-11-02 11:22 - 00098304 _____ () C:\windows\system32\config\sam.bak
2015-03-09 13:58 - 2006-11-02 11:22 - 00040960 _____ () C:\windows\system32\config\security.bak
2015-03-09 13:56 - 2014-09-04 18:40 - 00000000 ____D () C:\Users\Vlaďka\AppData\Local\CrashDumps
2015-03-08 22:03 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-03-08 09:29 - 2014-02-06 21:03 - 00000000 ____D () C:\Stahování
2015-03-08 08:43 - 2014-02-04 18:23 - 00000000 ____D () C:\Users\Vlaďka
2015-03-08 08:25 - 2014-03-02 08:19 - 00262144 _____ () C:\windows\system32\config\elam
2015-03-07 21:19 - 2014-08-29 18:48 - 00000000 ____D () C:\Users\Vlaďka\AppData\Roaming\.minecraft
2015-03-07 05:19 - 2009-06-22 11:28 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-03 16:29 - 2014-02-05 21:05 - 00000000 ____D () C:\Users\Vlaďka\AppData\Local\Google
2015-03-02 18:22 - 2014-09-01 20:29 - 00000000 ____D () C:\Users\Vlaďka\Desktop\Štěpán
2015-02-28 17:23 - 2014-10-14 16:20 - 00000000 ____D () C:\Users\Vlaďka\AppData\Roaming\HpUpdate
2015-02-26 20:15 - 2014-02-06 22:32 - 00026624 _____ () C:\Users\Vlaďka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-24 03:23 - 2014-02-04 20:20 - 00246920 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-20 20:01 - 2006-11-02 13:35 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-02-20 15:14 - 2014-05-09 18:40 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-15 16:48 - 2014-02-05 19:00 - 00002635 _____ () C:\Users\Vlaďka\Desktop\Microsoft Office Word 2007.lnk
2015-02-15 16:39 - 2014-10-08 18:42 - 00000000 ____D () C:\Users\Vlaďka\AppData\Roaming\Skype
2015-02-12 20:54 - 2006-11-02 13:44 - 00411608 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-12 20:38 - 2014-02-04 19:16 - 00000000 ____D () C:\windows\system32\MRT
2015-02-12 20:27 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe
2015-02-12 20:26 - 2009-06-22 11:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-08 07:26 - 2014-02-06 19:15 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-08 07:25 - 2014-10-19 08:47 - 00000000 ____D () C:\Program Files\Java
2015-02-08 07:23 - 2014-09-01 18:34 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-02-08 07:22 - 2014-10-19 08:48 - 00272296 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
==================== Files in the root of some directories =======
2014-02-04 18:40 - 2014-02-04 18:40 - 0000000 _____ () C:\Users\Vlaďka\AppData\Local\AtStart.txt
2014-02-06 22:32 - 2015-02-26 20:15 - 0026624 _____ () C:\Users\Vlaďka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-04 18:40 - 2014-02-04 18:40 - 0000000 _____ () C:\Users\Vlaďka\AppData\Local\DSwitch.txt
2014-09-13 04:34 - 2014-09-13 04:34 - 0001080 _____ () C:\Users\Vlaďka\AppData\Local\MRDownloader.nast
2014-02-04 18:40 - 2014-02-04 18:40 - 0000000 _____ () C:\Users\Vlaďka\AppData\Local\QSwitch.txt
2014-11-22 17:07 - 2014-12-18 18:10 - 0000085 ___SH () C:\ProgramData\.zreglib
2009-06-22 11:52 - 2009-06-22 11:52 - 0000185 _____ () C:\ProgramData\HPWALog.txt
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Kaspersky Anti-Virus (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Vla�ka\Desktop" je 2105 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000001
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (5 KiB) Staženo 62 x
Přispějete na provoz fóra?