Prosím o kontrolu logu

tfc · Příspěvekod **tfc** » 21 led 2017 13:53

Zdravím, poprosím o kontrolu logu. Nějaké procesy ve správci úloh se mi nezdají...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:48:53, on 21.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)

Boot mode: Normal

Running processes:
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\TrucksBook Client\TB Client.exe
C:\Users\Josef\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Josef\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 5.1.85.21 weather.noaa.gov
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll (file missing)
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BrStsInd00] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe /AUTORUN
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Discord] C:\Users\Josef\AppData\Local\Discord\app-0.0.297\Discord.exe
O4 - HKCU\..\Run: [TB Client] C:\Program Files (x86)\TrucksBook Client\TB Client.exe -h
O4 - HKCU\..\Run: [SmartGenius] "C:\Users\Josef\AppData\Local\SmartGenius\SGStartup.exe" -noShow
O4 - HKCU\..\Run: [SmartHID] C:\Users\Josef\AppData\Local\SmartGenius\resources\KeyboardDriver\SmartHID.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MEGAsync.lnk = Josef\AppData\Local\MEGAsync\MEGAsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Envoyer a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Cliquer pour appeler Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Cliquer pour appeler Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll (file missing)
O18 - Protocol: WSISVCUchrome - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamingApp_Service - Micro-Star Int'l Co., Ltd. - C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: Thrustmaster® Device Driver Installer (tmInstall) - Thrustmaster® - C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13002 bytes

Reklama

Příspěvekod **jerabina** » 21 led 2017 14:39

Ahoj, vítej na fóru PC-HELP!

Toto jsi si nastavil sám?

Kód: Vybrat vše

O1 - Hosts: 5.1.85.21 weather.noaa.gov

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

tfc · Příspěvekod **tfc** » 21 led 2017 15:50

jerabina píše:Toto jsi si nastavil sám?
Kód: Vybrat vše
O1 - Hosts: 5.1.85.21 weather.noaa.gov

Ano, přenáší aktuální reálné počasí do jedné hry.

jerabina píše:- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Používám jen Google Chrome.

TFC jsem si stáhnul, a provedl vše podle napsaných kroků.

~~~~~~

# AdwCleaner v6.042 - Logfile created 21/01/2017 at 15:10:47
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-20.2 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Josef - WINDOWS7
# Running from : C:\Users\Josef\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found: C:\Users\Josef\AppData\Roaming\RPEng

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web data] - mystartsearch
Chrome pref Found: [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask search
Chrome pref Found: [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearchdial.com
Chrome pref Found: [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web data] - dopravnicestovani.blog.cz

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2007 Bytes] - [21/01/2017 15:10:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2080 Bytes] ##########

~~~~

Malwarebytes
http://www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 21.01.17
Čas skenování: 15:34
Logovací soubor: tj.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.1070
Licence: Bezplatný

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Windows7\Josef

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 404773
Uplynulý čas: 7 min, 20 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

Příspěvekod **jerabina** » 21 led 2017 16:33

Takže to je v pořádku.

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

tfc · Příspěvekod **tfc** » 21 led 2017 17:39

# AdwCleaner v6.042 - Log vytvořen 21/01/2017 v 16:47:20
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-21.1 [Místní]
# Operační systém : Windows 7 Ultimate Service Pack 1 (X64)
# Uživatelské jméno : Josef - WINDOWS7
# Spuštěno z : C:\Users\Josef\Desktop\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

[-] Složka smazána: C:\Users\Josef\AppData\Roaming\RPEng

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Klíč smazán: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}

***** [ Prohlížeče ] *****

[-] [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: mystartsearch
[-] [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: ask search
[-] [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: mysearchdial.com
[-] [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: dopravnicestovani.blog.cz

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2071 Bajty] - [21/01/2017 16:47:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [2167 Bajty] - [21/01/2017 15:10:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [2240 Bajty] - [21/01/2017 16:45:08]
C:\AdwCleaner\AdwCleaner[S2].txt - [2560 Bajty] - [21/01/2017 16:47:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2363 Bajty] ##########

------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Ultimate x64
Ran by Josef (Administrator) on so 21.01.2017 at 16:52:42,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 9

Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3L0CT0CQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6EFP0Q0Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A41YPSDM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC999471 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3L0CT0CQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6EFP0Q0Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A41YPSDM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC999471 (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 21.01.2017 at 16:55:20,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----

RogueKiller V12.9.4.0 (x64) [Jan 16 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Josef [Práva správce]
Started from : C:\Users\Josef\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 01/21/2017 16:58:54 (Duration : 00:28:41)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SmartGenius : "C:\Users\Josef\AppData\Local\SmartGenius\SGStartup.exe" -noShow [-] -> Nalezeno
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-1320624249-1157925965-138866719-1000\Software\Microsoft\Windows\CurrentVersion\Run | TB Client : C:\Program Files (x86)\TrucksBook Client\TB Client.exe -h [-] -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1320624249-1157925965-138866719-1000\Software\Microsoft\Windows\CurrentVersion\Run | SmartGenius : "C:\Users\Josef\AppData\Local\SmartGenius\SGStartup.exe" -noShow [-] -> Nalezeno
[VT.Unknown] (X86) HKEY_USERS\S-1-5-21-1320624249-1157925965-138866719-1000\Software\Microsoft\Windows\CurrentVersion\Run | TB Client : C:\Program Files (x86)\TrucksBook Client\TB Client.exe -h [-] -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1320624249-1157925965-138866719-1000\Software\Microsoft\Windows\CurrentVersion\Run | SmartGenius : "C:\Users\Josef\AppData\Local\SmartGenius\SGStartup.exe" -noShow [-] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{5991CC28-61E9-49C1-979E-2FB65F93A06B}C:\users\josef\appdata\local\temp\keygen.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\josef\appdata\local\temp\keygen.exe|Name=keygen.exe|Desc=keygen.exe|Defer=User| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{5802CC34-0AC4-4E84-AAFC-4CEEB7598EBC}C:\users\josef\appdata\local\temp\keygen.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\josef\appdata\local\temp\keygen.exe|Name=keygen.exe|Desc=keygen.exe|Defer=User| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{5991CC28-61E9-49C1-979E-2FB65F93A06B}C:\users\josef\appdata\local\temp\keygen.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\josef\appdata\local\temp\keygen.exe|Name=keygen.exe|Desc=keygen.exe|Defer=User| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{5802CC34-0AC4-4E84-AAFC-4CEEB7598EBC}C:\users\josef\appdata\local\temp\keygen.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\josef\appdata\local\temp\keygen.exe|Name=keygen.exe|Desc=keygen.exe|Defer=User| [x] -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://forum.omsi.cz/] -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1SB10C ATA Device +++++
--- User ---
[MBR] 258a96d510e3b0bb7f66e8dc47066206
[BSP] dc8afde326449a272dc517f82394ed38 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **jerabina** » 21 led 2017 21:07

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.) - POKUD CHCEŠ V CHROMU NECHAT OTEVÍRAT STRÁNKU http://forum.omsi.cz/ PŘI STARTU, TAK TUTO POLOŽKU NEZATRHÁVEJ.
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

tfc · Příspěvekod **tfc** » 21 led 2017 23:34

RogueKiller V12.9.4.0 (x64) [Jan 16 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Josef [Práva správce]
Started from : C:\Users\Josef\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 01/21/2017 21:50:30 (Duration : 00:29:17)

¤¤¤ Procesy : 3 ¤¤¤
[Suspicious.Path] SmartGenius.exe(7056) -- C:\Users\Josef\AppData\Local\SmartGenius\SmartGenius.exe[-] -> Zastaveno [TermProc]
[Suspicious.Path] SmartGenius.exe(4008) -- C:\Users\Josef\AppData\Local\SmartGenius\SmartGenius.exe[-] -> Zastaveno [TermProc]
[Suspicious.Path] SmartGenius.exe(5516) -- C:\Users\Josef\AppData\Local\SmartGenius\SmartGenius.exe[-] -> Zastaveno [TermProc]

¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SmartGenius : "C:\Users\Josef\AppData\Local\SmartGenius\SGStartup.exe" -noShow [-] -> Smazáno
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-1320624249-1157925965-138866719-1000\Software\Microsoft\Windows\CurrentVersion\Run | TB Client : C:\Program Files (x86)\TrucksBook Client\TB Client.exe -h [-] -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1320624249-1157925965-138866719-1000\Software\Microsoft\Windows\CurrentVersion\Run | SmartGenius : "C:\Users\Josef\AppData\Local\SmartGenius\SGStartup.exe" -noShow [-] -> Smazáno
[VT.Unknown] (X86) HKEY_USERS\S-1-5-21-1320624249-1157925965-138866719-1000\Software\Microsoft\Windows\CurrentVersion\Run | TB Client : C:\Program Files (x86)\TrucksBook Client\TB Client.exe -h [-] -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1320624249-1157925965-138866719-1000\Software\Microsoft\Windows\CurrentVersion\Run | SmartGenius : "C:\Users\Josef\AppData\Local\SmartGenius\SGStartup.exe" -noShow [-] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{5991CC28-61E9-49C1-979E-2FB65F93A06B}C:\users\josef\appdata\local\temp\keygen.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\josef\appdata\local\temp\keygen.exe|Name=keygen.exe|Desc=keygen.exe|Defer=User| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{5802CC34-0AC4-4E84-AAFC-4CEEB7598EBC}C:\users\josef\appdata\local\temp\keygen.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\josef\appdata\local\temp\keygen.exe|Name=keygen.exe|Desc=keygen.exe|Defer=User| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{5991CC28-61E9-49C1-979E-2FB65F93A06B}C:\users\josef\appdata\local\temp\keygen.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\josef\appdata\local\temp\keygen.exe|Name=keygen.exe|Desc=keygen.exe|Defer=User| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{5802CC34-0AC4-4E84-AAFC-4CEEB7598EBC}C:\users\josef\appdata\local\temp\keygen.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\josef\appdata\local\temp\keygen.exe|Name=keygen.exe|Desc=keygen.exe|Defer=User| [x] -> Smazáno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://forum.omsi.cz/] -> Nevybráno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1SB10C ATA Device +++++
--- User ---
[MBR] 258a96d510e3b0bb7f66e8dc47066206
[BSP] dc8afde326449a272dc517f82394ed38 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Josef on so 21.01.2017 at 22:27:34,88.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Josef\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21.1.2017 22:29:11 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\Adobe deleted successfully
C:\Program Files\Rockstar Games deleted successfully
C:\Program Files\Common Files\McAfee deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\Seeing Machines deleted successfully
C:\PROGRA~3\SolidDocuments deleted successfully
C:\Users\Josef\AppData\Roaming\GHISLER deleted successfully
C:\Users\Josef\AppData\Roaming\IrfanView deleted successfully
C:\Users\Josef\AppData\Roaming\iSkysoft iMedia Converter Deluxe deleted successfully
C:\Users\Josef\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Josef\AppData\Local\lptmp deleted successfully
C:\Users\Josef\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Users\Josef\AppData\Roaming\.technic deleted
C:\Users\Josef\AppData\Roaming\discord deleted
C:\setup.exe deleted
C:\PROGRA~3\iSkysoft iMedia Converter Deluxe deleted
C:\PROGRA~3\Package Cache deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension.15@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn" [10.01.2017 17:27]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Chrome Media Router - Jana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
BTTV - Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
Dark Skin for Youtube™ - Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm
ignotifier - Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl
Black Black Chrome Theme Dark Blue Highlight - Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida
Twitch Now - Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk
Chrome Media Router - Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_add0n.com_0.localstorage deleted successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_add0n.com_0.localstorage-journal deleted successfully
C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2083 folders=608 1128492811 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jana\AppData\Local\Temp emptied successfully
C:\Users\Josef\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Josef\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 21.01.2017 at 22:42:08,94 ======================

ComboFix 17-01-13.01 - Josef 21.01.2017 22:48:41.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.8141.6200 [GMT 1:00]
Spuštěný z: c:\users\Josef\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.407.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Personální firewall *Disabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.407.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Josef\AppData\Local\assembly\tmp
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-12-21 do 2017-01-21 )))))))))))))))))))))))))))))))
.
.
2017-01-21 22:00 . 2017-01-21 22:00 -------- d-----w- c:\users\Jana\AppData\Local\temp
2017-01-21 22:00 . 2017-01-21 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-21 21:43 . 2017-01-21 21:44 -------- d-----w- c:\users\Josef\AppData\Roaming\discord
2017-01-21 21:39 . 2017-01-21 21:27 24064 ----a-w- c:\windows\zoek-delete.exe
2017-01-21 21:39 . 2017-01-21 22:00 -------- d-----w- c:\users\Josef\AppData\Local\Temp
2017-01-21 21:36 . 2017-01-21 21:42 -------- d-----w- C:\zoek
2017-01-21 15:58 . 2017-01-21 20:50 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-01-21 15:58 . 2017-01-21 19:39 -------- d-----w- c:\programdata\RogueKiller
2017-01-21 14:31 . 2017-01-21 14:31 176064 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-01-21 14:31 . 2017-01-21 14:32 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-01-21 14:31 . 2017-01-21 14:31 102856 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-01-21 14:31 . 2017-01-21 14:31 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-01-21 14:31 . 2017-01-21 21:42 250816 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-21 14:30 . 2016-12-14 11:55 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-01-21 14:30 . 2017-01-21 14:30 -------- d-----w- c:\program files\Malwarebytes
2017-01-21 14:09 . 2017-01-21 15:47 -------- d-----w- C:\AdwCleaner
2017-01-21 00:44 . 2017-01-21 00:44 -------- d-----w- c:\users\Josef\AppData\Local\IsolatedStorage
2017-01-21 00:21 . 2016-08-04 11:59 34448 ----a-w- c:\windows\system32\drivers\WebExaminer64.sys
2017-01-21 00:19 . 2017-01-21 01:38 -------- d-----w- c:\programdata\VIPRE
2017-01-21 00:14 . 2017-01-21 00:44 -------- d-----w- c:\users\Josef\AppData\Roaming\VIPRE
2017-01-21 00:14 . 2017-01-21 00:14 -------- d-----w- c:\users\Josef\AppData\Local\VIPRE
2017-01-20 23:56 . 2017-01-21 14:30 -------- d-----w- c:\programdata\Malwarebytes
2017-01-20 22:52 . 2017-01-06 01:07 57792 ----a-w- c:\windows\system32\drivers\nvvhci.sys
2017-01-20 22:52 . 2017-01-06 01:07 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-01-20 22:52 . 2017-01-06 01:07 156608 ----a-w- c:\windows\system32\nvaudcap64v.dll
2017-01-20 22:52 . 2017-01-06 01:07 124352 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2017-01-20 12:53 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0967908C-EC96-494A-81CF-226B651F9643}\mpengine.dll
2017-01-16 21:07 . 2017-01-16 21:09 -------- d-----w- c:\program files (x86)\City Car Driving
2017-01-16 18:08 . 2017-01-16 18:08 -------- d-----w- c:\users\Josef\AppData\Roaming\SolidDocuments
2017-01-13 17:11 . 2017-01-13 17:11 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2017-01-13 17:10 . 2017-01-13 17:52 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-13 17:10 . 2017-01-13 17:52 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-12 19:34 . 2017-01-12 20:18 -------- d-----w- c:\programdata\McAfee
2017-01-12 19:34 . 2017-01-13 17:52 -------- d-----w- c:\windows\system32\Macromed
2017-01-12 18:54 . 2017-01-12 18:54 -------- d-----w- c:\users\Josef\AppData\Roaming\SmartGenius
2017-01-12 18:30 . 2017-01-12 18:30 -------- d-----w- c:\users\Josef\AppData\Local\TeamSpeak 3
2017-01-12 18:30 . 2017-01-12 18:30 -------- d-----w- c:\users\Josef\.TeamSpeak 3
2017-01-12 18:30 . 2017-01-12 18:30 -------- d-----w- c:\users\Josef\.QtWebEngineProcess
2017-01-12 18:29 . 2016-11-26 07:36 35928 ----a-w- c:\windows\system32\drivers\ioFakDrv.sys
2017-01-12 18:29 . 2016-11-26 07:36 26472 ----a-w- c:\windows\system32\drivers\gKbdfltr.sys
2017-01-12 18:29 . 2016-11-26 07:36 24664 ----a-w- c:\windows\system32\drivers\ioFakMap.sys
2017-01-12 18:29 . 2017-01-12 18:29 -------- d-----w- c:\users\Josef\AppData\Local\SmartGenius
2017-01-11 19:40 . 2016-12-12 02:37 1953336 ----a-w- c:\windows\system32\nvdispco6437633.dll
2017-01-11 19:40 . 2016-12-12 02:37 1586744 ----a-w- c:\windows\system32\nvdispgenco6437633.dll
2017-01-11 19:39 . 2017-01-11 19:37 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2017-01-11 19:37 . 2017-01-11 19:37 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2017-01-11 19:23 . 2017-01-11 19:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2017-01-07 15:14 . 2017-01-07 15:15 -------- d-----w- c:\program files (x86)\Adobe Pro
2017-01-04 14:28 . 2017-01-04 14:28 34712112 ----a-w- c:\windows\system32\nvoglv64.dll
2017-01-04 14:28 . 2017-01-04 14:28 28148792 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2017-01-04 14:28 . 2017-01-04 14:28 14081592 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2017-01-04 14:27 . 2017-01-04 14:27 446904 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2017-01-04 14:27 . 2017-01-04 14:27 398904 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2017-01-04 14:27 . 2017-01-04 14:27 951224 ----a-w- c:\windows\system32\NvIFR64.dll
2017-01-04 14:27 . 2017-01-04 14:27 903096 ----a-w- c:\windows\SysWow64\NvIFR.dll
2017-01-04 14:26 . 2017-01-04 14:26 54728 ----a-w- c:\windows\system32\nvhdap64.dll
2017-01-04 14:26 . 2017-01-04 14:26 1604152 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2017-01-04 14:26 . 2017-01-04 14:26 221632 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2017-01-04 14:26 . 2017-01-04 14:26 1044920 ----a-w- c:\windows\system32\NvFBC64.dll
2017-01-04 14:26 . 2017-01-04 14:26 982456 ----a-w- c:\windows\SysWow64\NvFBC.dll
2017-01-04 14:26 . 2017-01-04 14:26 1964600 ----a-w- c:\windows\system32\nvdispco6437653.dll
2017-01-04 14:26 . 2017-01-04 14:26 1600056 ----a-w- c:\windows\system32\nvdispgenco6437653.dll
2017-01-04 14:25 . 2017-01-04 14:25 3647416 ----a-w- c:\windows\system32\nvcuvid.dll
2017-01-04 14:25 . 2017-01-04 14:25 3216440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2017-01-04 14:25 . 2017-01-04 14:25 40132536 ----a-w- c:\windows\system32\nvcompiler.dll
2017-01-04 14:25 . 2017-01-04 14:25 35231160 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2017-01-04 14:05 . 2017-01-04 14:05 419704 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2017-01-04 14:05 . 2017-01-04 14:05 11016832 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2017-01-04 14:05 . 2017-01-04 14:05 9000152 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2017-01-04 14:04 . 2017-01-04 14:04 10898544 ----a-w- c:\windows\system32\nvopencl.dll
2017-01-04 14:04 . 2017-01-04 14:04 9240240 ----a-w- c:\windows\SysWow64\nvopencl.dll
2017-01-04 14:04 . 2017-01-04 14:04 163632 ----a-w- c:\windows\system32\nvoglshim64.dll
2017-01-04 14:04 . 2017-01-04 14:04 141768 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2017-01-04 14:04 . 2017-01-04 14:04 181280 ----a-w- c:\windows\system32\nvinitx.dll
2017-01-04 14:04 . 2017-01-04 14:04 158208 ----a-w- c:\windows\SysWow64\nvinit.dll
2017-01-04 14:04 . 2017-01-04 14:04 698728 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2017-01-04 14:04 . 2017-01-04 14:04 586968 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-01-04 14:04 . 2017-01-04 14:04 534600 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2017-01-04 14:04 . 2017-01-04 14:04 448800 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2017-01-04 14:04 . 2017-01-04 14:04 17598144 ----a-w- c:\windows\system32\nvd3dumx.dll
2017-01-04 14:03 . 2017-01-04 14:03 10444784 ----a-w- c:\windows\system32\nvcuda.dll
2017-01-04 14:03 . 2017-01-04 14:03 8839216 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-12-27 19:16 . 2016-12-27 19:16 -------- d-----w- c:\programdata\Intel Telemetry
2016-12-27 19:14 . 2016-12-27 19:14 -------- d-----w- c:\program files (x86)\Common Files\Intel
2016-12-27 19:14 . 2016-12-27 19:14 -------- d-----w- c:\program files\Common Files\Intel
2016-12-24 14:58 . 2017-01-21 00:27 -------- d-----w- c:\program files (x86)\DiRT Rally
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-11 19:12 . 2016-01-16 15:40 135657872 -c--a-w- c:\windows\system32\MRT.exe
2017-01-05 18:52 . 2017-01-11 16:18 345600 ----a-w- c:\windows\system32\schannel.dll
2017-01-05 18:52 . 2017-01-11 16:18 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-01-05 17:43 . 2017-01-11 16:18 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-01-05 17:43 . 2017-01-11 16:18 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-01-04 14:05 . 2016-01-16 14:53 20130624 ----a-w- c:\windows\system32\nvwgf2umx.dll
2017-01-04 14:05 . 2016-11-17 09:46 17537912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2017-01-04 14:05 . 2016-10-23 13:36 504936 ----a-w- c:\windows\system32\nvumdshimx.dll
2017-01-04 14:03 . 2016-10-23 13:36 14545352 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2017-01-04 14:03 . 2016-01-16 14:53 3985104 ----a-w- c:\windows\system32\nvapi64.dll
2017-01-04 14:03 . 2016-01-16 14:53 3518872 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-12-11 18:47 . 2016-01-16 14:54 6384576 ----a-w- c:\windows\system32\nvcpl.dll
2016-12-11 18:47 . 2016-01-16 14:54 2475968 ----a-w- c:\windows\system32\nvsvc64.dll
2016-12-11 18:47 . 2016-01-16 14:54 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-12-11 18:47 . 2016-01-16 14:54 71224 ----a-w- c:\windows\system32\nvshext.dll
2016-12-11 18:47 . 2016-01-16 14:54 548408 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-12-11 18:47 . 2016-01-16 14:54 392128 ----a-w- c:\windows\system32\nvmctray.dll
2016-12-11 18:47 . 2016-01-16 14:54 1764408 ----a-w- c:\windows\system32\nvsvcr.dll
2016-12-09 08:52 . 2016-01-16 14:54 7639617 ----a-w- c:\windows\system32\nvcoproc.bin
2016-11-29 21:34 . 2016-11-29 21:34 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-28 15:09 . 2016-12-22 12:18 116896 ----a-w- c:\windows\system32\tmInstall.exe
2016-11-28 15:09 . 2016-12-22 12:18 193696 ----a-w- c:\windows\system32\drivers\tmhidusb.sys
2016-11-28 12:54 . 2016-12-22 12:18 221696 ----a-w- c:\windows\system32\tmpid.dll
2016-11-28 12:54 . 2016-12-22 12:18 183296 ----a-w- c:\windows\SysWow64\tmpid.dll
2016-11-24 20:54 . 2016-11-30 20:35 1951680 ----a-w- c:\windows\system32\nvdispco6437609.dll
2016-11-24 20:54 . 2016-11-30 20:35 1586744 ----a-w- c:\windows\system32\nvdispgenco6437609.dll
2016-11-22 00:52 . 2016-11-22 00:52 54344 ----a-w- c:\windows\system32\drivers\XtuAcpiDriver.sys
2016-11-22 00:51 . 2016-11-22 00:51 1805064 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2016-11-21 18:12 . 2016-12-14 20:50 109568 ----a-w- c:\windows\system32\hlink.dll
2016-11-20 16:19 . 2016-12-14 20:50 84992 ----a-w- c:\windows\SysWow64\hlink.dll
2016-11-20 14:07 . 2016-12-14 20:50 467392 ----a-w- c:\windows\system32\drivers\cng.sys
2016-11-17 16:41 . 2016-12-14 20:50 370920 ----a-w- c:\windows\system32\clfs.sys
2016-11-17 02:04 . 2016-11-19 17:19 1953336 ----a-w- c:\windows\system32\nvdispco6437595.dll
2016-11-17 02:04 . 2016-11-19 17:19 1585088 ----a-w- c:\windows\system32\nvdispgenco6437595.dll
2016-11-16 16:51 . 2016-11-16 16:51 153216 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-11-16 16:51 . 2016-02-09 07:27 84616 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-11-16 16:51 . 2016-02-09 07:27 61568 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-11-16 16:51 . 2016-02-09 07:27 262792 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-11-16 16:51 . 2016-02-09 07:27 208520 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-11-16 16:51 . 2016-02-09 07:27 197248 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-11-14 23:27 . 2016-12-14 20:50 394448 ----a-w- c:\windows\system32\iedkcs32.dll
2016-11-12 19:48 . 2016-12-14 20:50 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-11-12 19:48 . 2016-12-14 20:50 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-11-12 19:28 . 2016-12-14 20:50 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-11-12 19:26 . 2016-12-14 20:50 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-11-12 19:26 . 2016-12-14 20:50 417792 ----a-w- c:\windows\system32\html.iec
2016-11-12 19:25 . 2016-12-14 20:50 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-11-12 19:25 . 2016-12-14 20:50 576000 ----a-w- c:\windows\system32\vbscript.dll
2016-11-12 19:21 . 2016-12-14 20:50 2896384 ----a-w- c:\windows\system32\iertutil.dll
2016-11-12 19:15 . 2016-12-14 20:50 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-11-12 19:14 . 2016-12-14 20:50 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-11-12 19:09 . 2016-12-14 20:50 615936 ----a-w- c:\windows\system32\ieui.dll
2016-11-12 19:08 . 2016-12-14 20:50 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-11-12 19:08 . 2016-12-14 20:50 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-11-12 19:08 . 2016-12-14 20:50 25759744 ----a-w- c:\windows\system32\mshtml.dll
2016-11-12 19:07 . 2016-12-14 20:50 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-11-12 19:07 . 2016-12-14 20:50 817664 ----a-w- c:\windows\system32\jscript.dll
2016-11-12 18:56 . 2016-12-14 20:50 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-11-12 18:53 . 2016-12-14 20:50 6049280 ----a-w- c:\windows\system32\jscript9.dll
2016-11-12 18:52 . 2016-12-14 20:50 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-11-12 18:47 . 2016-12-14 20:50 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-11-12 18:41 . 2016-12-14 20:50 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-11-12 18:40 . 2016-12-14 20:50 107520 ----a-w- c:\windows\system32\inseng.dll
2016-11-12 18:35 . 2016-12-14 20:50 199680 ----a-w- c:\windows\system32\msrating.dll
2016-11-12 18:34 . 2016-12-14 20:50 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-11-12 18:31 . 2016-12-14 20:50 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-11-12 18:30 . 2016-12-14 20:50 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-11-12 18:29 . 2016-12-14 20:50 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29 . 2016-12-14 20:50 498688 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-11-12 18:29 . 2016-12-14 20:50 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-11-12 18:28 . 2016-12-14 20:50 152064 ----a-w- c:\windows\system32\occache.dll
2016-11-12 18:27 . 2016-12-14 20:50 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14 . 2016-12-14 20:50 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-11-12 18:14 . 2016-12-14 20:50 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-11-12 18:14 . 2016-12-14 20:50 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-11-12 18:11 . 2016-12-14 20:50 725504 ----a-w- c:\windows\system32\ie4uinit.exe
2016-11-12 18:10 . 2016-12-14 20:50 806912 ----a-w- c:\windows\system32\msfeeds.dll
2016-11-12 18:08 . 2016-12-14 20:50 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-11-12 18:08 . 2016-12-14 20:50 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
2016-11-12 17:57 . 2016-12-14 20:50 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:41 . 2016-12-14 20:50 15257088 ----a-w- c:\windows\system32\ieframe.dll
2016-11-12 17:37 . 2016-12-14 20:50 4608000 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-11-12 17:36 . 2016-12-14 20:50 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-11-12 17:36 . 2016-12-14 20:50 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35 . 2016-12-14 20:50 2920960 ----a-w- c:\windows\system32\wininet.dll
2016-11-12 17:20 . 2016-12-14 20:50 1543680 ----a-w- c:\windows\system32\urlmon.dll
2016-11-12 17:11 . 2016-12-14 20:50 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-11-12 17:05 . 2016-12-14 20:50 2444800 ----a-w- c:\windows\SysWow64\wininet.dll
2016-11-11 19:49 . 2016-11-11 19:49 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2016-11-11 19:49 . 2016-11-11 19:49 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2016-11-11 19:49 . 2016-11-11 19:49 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2016-11-11 19:49 . 2016-11-11 19:49 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2016-11-10 23:48 . 2016-11-17 09:45 1951680 ----a-w- c:\windows\system32\nvdispco6437586.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 14:26 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 14:26 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 14:26 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2016-11-14 15:56 564736 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2016-11-14 15:56 564736 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2016-11-14 15:56 564736 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2017-01-19 2881824]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-12-20 27250144]
"Discord"="c:\users\Josef\AppData\Local\Discord\app-0.0.297\Discord.exe" [2017-01-04 64290304]
"SmartHID"="c:\users\Josef\AppData\Local\SmartGenius\resources\KeyboardDriver\SmartHID.exe" [2016-11-26 771584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-03-23 296216]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-12-27 4509184]
"BrStsInd00"="c:\program files (x86)\BrownyInd\Brother\BrIndicator.exe" [2012-12-18 1885184]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" [2016-12-23 1870928]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
.
c:\users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MEGAsync.lnk - c:\users\Josef\AppData\Local\MEGAsync\MEGAsync.exe [2015-12-16 5124560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 NTIOLib_MB;NTIOLib_MB;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tmhidusb;Thrustmaster HID USB Driver;c:\windows\system32\DRIVERS\tmhidusb.sys;c:\windows\SYSNATIVE\DRIVERS\tmhidusb.sys [x]
R3 tmwbulk;Thrustmaster Series Bulk Driver (tmwbulk);c:\windows\system32\Drivers\tmwbulk.sys;c:\windows\SYSNATIVE\Drivers\tmwbulk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 BfLwf;Killer Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 GamingApp_Service;GamingApp_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 tmInstall;Thrustmaster® Device Driver Installer;c:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE;c:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 gKbdfltr;gKbd Upper Filter;c:\windows\system32\DRIVERS\gKbdfltr.sys;c:\windows\SYSNATIVE\DRIVERS\gKbdfltr.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ioFakDrv;ioVirtual Device;c:\windows\system32\DRIVERS\ioFakDrv.sys;c:\windows\SYSNATIVE\DRIVERS\ioFakDrv.sys [x]
S3 ioFakMap;MiniHid Driver Service for ioFakeDrv Interface layer;c:\windows\system32\DRIVERS\ioFakMap.sys;c:\windows\SYSNATIVE\DRIVERS\ioFakMap.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for Killer e2201/e2202 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 16:03 1384792 ----a-w- c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{AC76BA86-0000-0000-7760-7E8A45000000}]
2016-12-23 18:11 387152 ----a-w- c:\program files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2017-01-21 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-13 17:15]
.
2017-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-13 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 14:22 2351920 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 14:22 2351920 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 14:22 2351920 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2016-11-14 15:56 592384 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2016-11-14 15:56 592384 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2016-11-14 15:56 592384 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-06-12 8484056]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2014-02-21 41088]
"ISCT Tray"="c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe" [2014-08-25 5860656]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2016-07-01 508128]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2016-12-14 2776528]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer a OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-1720767912_is1 - c:\gog games\Transport Fever\unins000.exe
AddRemove-Car Mechanic Simulator 2015 Gold Edition_is1 - c:\program files (x86)\Car Mechanic Simulator 2015 Gold Edition\unins000.exe
AddRemove-Mafia III - Digital Deluxe Edition_is1 - c:\program files (x86)\Mafia III - Digital Deluxe Edition\unins000.exe
AddRemove-MHD Simulator 2009 - SCORE edice - c:\program files (x86)\MHD Simulator 2009\Uninstal.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{3ee5e5bb-b7cc-4556-8861-a00a82977d6c} - c:\programdata\Package Cache\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}\VC_redist.x64.exe
AddRemove-{74d0e5db-b326-4dae-a6b2-445b9de1836e} - c:\programdata\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{c7f54569-0018-439c-809a-48046a4d4ebc} - c:\programdata\Package Cache\{c7f54569-0018-439c-809a-48046a4d4ebc}\SetupChipset.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{D9EF3C3F-F9DC-4A6A-A2AB-0118509F3CCD}_is1 - c:\program files (x86)\Steam\steamapps\common\OMSI 2\___SDK\Simple Spline Creator\unins000.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
AddRemove-Counter-Strike 1.6_is1 - c:\program files (x86)\unins000.exe
AddRemove-RW_Tools V7 - c:\program files (x86)\TS2016 - 103 DLC\RW_Tools\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1320624249-1157925965-138866719-1000\Software\˘0×0ę0±0ü0·0ç0ó0 *¦0Ł0¶0ü0É0g0ubU0Ś0_0í0ü0«0ë0 *˘0×0ę0±0ü0·0ç0ó0]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-01-21 23:03:51
ComboFix-quarantined-files.txt 2017-01-21 22:03
.
Před spuštěním: Volných bajtů: 478 186 262 528
Po spuštění: Volných bajtů: 477 878 104 064
.
- - End Of File - - 7A79990BD438E277A5D67A7B3BB3EE66
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 22 led 2017 09:20

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\Adobe Flash Player Updater.job

Folder::
c:\users\Josef\AppData\Roaming\VIPRE
c:\users\Josef\AppData\Local\VIPRE
c:\programdata\McAfee
c:\program files (x86)\Skype\Updater

Driver::
SkypeUpdate

RegLock::
[HKEY_USERS\S-1-5-21-1320624249-1157925965-138866719-1000\Software\˘0×0ę0±0ü0•0ç0ó0 *¦0Ł0¶0ü0É0g0¬u bU0Ś0_0í0ü0«0ë0 *˘0×0ę0±0ü0•0ç0ó0]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Na konci klepni na tlačítko Nastavení (ozubené kolo v rohu)> Advanced> ""
- "Přečetl jsem si upozornění a chci pokračovat stejně .....
Zaškrtnutí Auto Launch
Nezaškrtnutí Auto upload
Zaškrtnutí All Browser Extensions (Všechna rozšíření prohlížeče)
Inteligentní nastavení skenování jako náhrada za hloubkové prověření
Zavři všechny otevřené soubory, složky a prohlížeče
Klepni na tlačítko Scan now (Skenovat) a začne sken hrozeb.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.

tfc · Příspěvekod **tfc** » 22 led 2017 14:04

U Zemana AM v záložce Pokročilé All Browser Extensions chybí. Nachází se tam pouze zmíněné a Detect suspicious certifikates (nevím, zda jsem to měl zaškrtnout, tak jsem to zaškrtl). A po dodělání skenu mi nevyskočil log, lze ho nějak dohledat? Našlo to pouze hrozbu u domovské stránky v prohlížeči (opět forum.omsi.cz).

COMBOFIX:
ComboFix 17-01-13.01 - Josef 22.01.2017 13:02:52.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.8141.5877 [GMT 1:00]
Spuštěný z: c:\users\Josef\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Josef\Desktop\CFScript.txt
AV: ESET Smart Security 9.0.407.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Personální firewall *Disabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.407.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\McAfee
c:\programdata\McAfee\MCLOGS\McInst\bca.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\bca.inf001.log
c:\programdata\McAfee\MCLOGS\McInst\bcaredist.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\Cleanup000.log
c:\programdata\McAfee\MCLOGS\McInst\Common000.log
c:\programdata\McAfee\MCLOGS\McInst\Common001.log
c:\programdata\McAfee\MCLOGS\McInst\mccsp.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\mccsp.inf001.log
c:\programdata\McAfee\MCLOGS\McInst\Mcupdmgr.inf001.log
c:\programdata\McAfee\MCLOGS\McInst\mtkcpoemres.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\mtkenrolloemres.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\mtkli_full.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\mtkpboemres.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\mtkuninstalleroemres.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\mtkuninstalleroemres.inf001.log
c:\programdata\McAfee\MCLOGS\McInst\pbcore.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkcoreservice.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkcp.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkcpres.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkenable2.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkenroll.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkenrollres.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkenrollres.inf001.log
c:\programdata\McAfee\MCLOGS\McInst\tkintutil.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkitaplug.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tknlog.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tknotify.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkoobe.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkpf.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkpost.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkpost.inf001.log
c:\programdata\McAfee\MCLOGS\McInst\tksdkapi.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkschedule.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tksqlite.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkstopall.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tksync.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkthrift.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkuninstaller.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkuninstaller.inf001.log
c:\programdata\McAfee\MCLOGS\McInst\tkuninstallerres.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkuninstallerres.inf001.log
c:\programdata\McAfee\MCLOGS\McInst\tkupdater.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkupdaterres.inf000.log
c:\programdata\McAfee\MCLOGS\McInst\tkvault.inf000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\836A3345-3030-4BA0-A7C8-28CCAD4A56E9\836A3345-3030-4BA0-A7C8-28CCAD4A56E9000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\Au_\Au_000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\programdata\McAfee\MCLOGS\Remediation\upgrade\upgrade000.log
c:\programdata\McAfee\WinCore\persist.mtk
C:\setup.exe
c:\users\Josef\AppData\Local\VIPRE
c:\users\Josef\AppData\Local\VIPRE\Setup\CartDefinitions-EN-715.zip
c:\users\Josef\AppData\Local\VIPRE\Setup\CARTSDK-EN-38.zip
c:\users\Josef\AppData\Local\VIPRE\Setup\CartSdk\amd64\gfibto.sys
c:\users\Josef\AppData\Local\VIPRE\Setup\CartSdk\amd64\sbbd.exe
c:\users\Josef\AppData\Local\VIPRE\Setup\CartSdk\CartDefinitions.xml
c:\users\Josef\AppData\Local\VIPRE\Setup\CartSdk\CartResults.xml
c:\users\Josef\AppData\Local\VIPRE\Setup\CartSdk\CartSdk.dll
c:\users\Josef\AppData\Local\VIPRE\Setup\CartSdk\CartSdk64.exe
c:\users\Josef\AppData\Local\VIPRE\Setup\CartSdk\i386\gfibto.sys
c:\users\Josef\AppData\Local\VIPRE\Setup\CartSdk\i386\sbbd.exe
c:\users\Josef\AppData\Local\VIPRE\Setup\CartSdk\sbrc.exe
c:\users\Josef\AppData\Local\VIPRE\Setup\XceedZip.dll
c:\users\Josef\AppData\Roaming\VIPRE
c:\users\Josef\AppData\Roaming\VIPRE\ConfigFiles\UserPreferencesConfig.xml
c:\users\Josef\AppData\Roaming\VIPRE\Logs\InstallVIPRE.csv
c:\users\Josef\AppData\Roaming\VIPRE\Logs\SBAMTray.csv
c:\users\Josef\AppData\Roaming\VIPRE\Logs\vipre.csv
c:\windows\SysWow64\DEBUG.log
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-12-22 do 2017-01-22 )))))))))))))))))))))))))))))))
.
.
2017-01-22 12:12 . 2017-01-22 12:12 -------- d-----w- c:\users\Jana\AppData\Local\temp
2017-01-22 12:12 . 2017-01-22 12:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-21 21:36 . 2017-01-21 21:42 -------- d-----w- C:\zoek
2017-01-21 15:58 . 2017-01-21 20:50 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-01-21 15:58 . 2017-01-21 19:39 -------- d-----w- c:\programdata\RogueKiller
2017-01-21 14:31 . 2017-01-21 14:31 176064 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-01-21 14:31 . 2017-01-21 14:32 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-01-21 14:31 . 2017-01-21 14:31 102856 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-01-21 14:31 . 2017-01-21 14:31 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-01-21 14:31 . 2017-01-22 12:15 250816 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-21 14:30 . 2016-12-14 11:55 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-01-21 14:30 . 2017-01-21 14:30 -------- d-----w- c:\program files\Malwarebytes
2017-01-21 14:09 . 2017-01-21 15:47 -------- d-----w- C:\AdwCleaner
2017-01-21 00:44 . 2017-01-21 00:44 -------- d-----w- c:\users\Josef\AppData\Local\IsolatedStorage
2017-01-21 00:21 . 2016-08-04 11:59 34448 ----a-w- c:\windows\system32\drivers\WebExaminer64.sys
2017-01-21 00:19 . 2017-01-21 01:38 -------- d-----w- c:\programdata\VIPRE
2017-01-20 23:56 . 2017-01-21 14:30 -------- d-----w- c:\programdata\Malwarebytes
2017-01-20 22:52 . 2017-01-06 01:07 57792 ----a-w- c:\windows\system32\drivers\nvvhci.sys
2017-01-20 22:52 . 2017-01-06 01:07 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-01-20 22:52 . 2017-01-06 01:07 156608 ----a-w- c:\windows\system32\nvaudcap64v.dll
2017-01-20 22:52 . 2017-01-06 01:07 124352 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2017-01-20 12:53 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0967908C-EC96-494A-81CF-226B651F9643}\mpengine.dll
2017-01-16 21:07 . 2017-01-16 21:09 -------- d-----w- c:\program files (x86)\City Car Driving
2017-01-16 18:08 . 2017-01-16 18:08 -------- d-----w- c:\users\Josef\AppData\Roaming\SolidDocuments
2017-01-13 17:11 . 2017-01-13 17:11 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2017-01-13 17:10 . 2017-01-13 17:52 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-13 17:10 . 2017-01-13 17:52 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-12 19:34 . 2017-01-13 17:52 -------- d-----w- c:\windows\system32\Macromed
2017-01-12 18:54 . 2017-01-12 18:54 -------- d-----w- c:\users\Josef\AppData\Roaming\SmartGenius
2017-01-12 18:30 . 2017-01-12 18:30 -------- d-----w- c:\users\Josef\AppData\Local\TeamSpeak 3
2017-01-12 18:30 . 2017-01-12 18:30 -------- d-----w- c:\users\Josef\.TeamSpeak 3
2017-01-12 18:30 . 2017-01-12 18:30 -------- d-----w- c:\users\Josef\.QtWebEngineProcess
2017-01-12 18:29 . 2016-11-26 07:36 35928 ----a-w- c:\windows\system32\drivers\ioFakDrv.sys
2017-01-12 18:29 . 2016-11-26 07:36 26472 ----a-w- c:\windows\system32\drivers\gKbdfltr.sys
2017-01-12 18:29 . 2016-11-26 07:36 24664 ----a-w- c:\windows\system32\drivers\ioFakMap.sys
2017-01-12 18:29 . 2017-01-12 18:29 -------- d-----w- c:\users\Josef\AppData\Local\SmartGenius
2017-01-11 19:40 . 2016-12-12 02:37 1953336 ----a-w- c:\windows\system32\nvdispco6437633.dll
2017-01-11 19:40 . 2016-12-12 02:37 1586744 ----a-w- c:\windows\system32\nvdispgenco6437633.dll
2017-01-11 19:39 . 2017-01-11 19:37 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2017-01-11 19:37 . 2017-01-11 19:37 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2017-01-11 19:23 . 2017-01-11 19:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2017-01-07 15:14 . 2017-01-07 15:15 -------- d-----w- c:\program files (x86)\Adobe Pro
2017-01-04 14:28 . 2017-01-04 14:28 34712112 ----a-w- c:\windows\system32\nvoglv64.dll
2017-01-04 14:28 . 2017-01-04 14:28 28148792 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2017-01-04 14:28 . 2017-01-04 14:28 14081592 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2017-01-04 14:27 . 2017-01-04 14:27 446904 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2017-01-04 14:27 . 2017-01-04 14:27 398904 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2017-01-04 14:27 . 2017-01-04 14:27 951224 ----a-w- c:\windows\system32\NvIFR64.dll
2017-01-04 14:27 . 2017-01-04 14:27 903096 ----a-w- c:\windows\SysWow64\NvIFR.dll
2017-01-04 14:26 . 2017-01-04 14:26 54728 ----a-w- c:\windows\system32\nvhdap64.dll
2017-01-04 14:26 . 2017-01-04 14:26 1604152 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2017-01-04 14:26 . 2017-01-04 14:26 221632 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2017-01-04 14:26 . 2017-01-04 14:26 1044920 ----a-w- c:\windows\system32\NvFBC64.dll
2017-01-04 14:26 . 2017-01-04 14:26 982456 ----a-w- c:\windows\SysWow64\NvFBC.dll
2017-01-04 14:26 . 2017-01-04 14:26 1964600 ----a-w- c:\windows\system32\nvdispco6437653.dll
2017-01-04 14:26 . 2017-01-04 14:26 1600056 ----a-w- c:\windows\system32\nvdispgenco6437653.dll
2017-01-04 14:25 . 2017-01-04 14:25 3647416 ----a-w- c:\windows\system32\nvcuvid.dll
2017-01-04 14:25 . 2017-01-04 14:25 3216440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2017-01-04 14:25 . 2017-01-04 14:25 40132536 ----a-w- c:\windows\system32\nvcompiler.dll
2017-01-04 14:25 . 2017-01-04 14:25 35231160 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2017-01-04 14:05 . 2017-01-04 14:05 419704 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2017-01-04 14:05 . 2017-01-04 14:05 11016832 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2017-01-04 14:05 . 2017-01-04 14:05 9000152 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2017-01-04 14:04 . 2017-01-04 14:04 10898544 ----a-w- c:\windows\system32\nvopencl.dll
2017-01-04 14:04 . 2017-01-04 14:04 9240240 ----a-w- c:\windows\SysWow64\nvopencl.dll
2017-01-04 14:04 . 2017-01-04 14:04 163632 ----a-w- c:\windows\system32\nvoglshim64.dll
2017-01-04 14:04 . 2017-01-04 14:04 141768 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2017-01-04 14:04 . 2017-01-04 14:04 181280 ----a-w- c:\windows\system32\nvinitx.dll
2017-01-04 14:04 . 2017-01-04 14:04 158208 ----a-w- c:\windows\SysWow64\nvinit.dll
2017-01-04 14:04 . 2017-01-04 14:04 698728 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2017-01-04 14:04 . 2017-01-04 14:04 586968 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-01-04 14:04 . 2017-01-04 14:04 534600 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2017-01-04 14:04 . 2017-01-04 14:04 448800 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2017-01-04 14:04 . 2017-01-04 14:04 17598144 ----a-w- c:\windows\system32\nvd3dumx.dll
2017-01-04 14:03 . 2017-01-04 14:03 10444784 ----a-w- c:\windows\system32\nvcuda.dll
2017-01-04 14:03 . 2017-01-04 14:03 8839216 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-12-27 19:16 . 2016-12-27 19:16 -------- d-----w- c:\programdata\Intel Telemetry
2016-12-27 19:14 . 2016-12-27 19:14 -------- d-----w- c:\program files (x86)\Common Files\Intel
2016-12-27 19:14 . 2016-12-27 19:14 -------- d-----w- c:\program files\Common Files\Intel
2016-12-24 14:58 . 2017-01-21 00:27 -------- d-----w- c:\program files (x86)\DiRT Rally
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-11 19:12 . 2016-01-16 15:40 135657872 -c--a-w- c:\windows\system32\MRT.exe
2017-01-05 18:52 . 2017-01-11 16:18 345600 ----a-w- c:\windows\system32\schannel.dll
2017-01-05 18:52 . 2017-01-11 16:18 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-01-05 17:43 . 2017-01-11 16:18 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-01-05 17:43 . 2017-01-11 16:18 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-01-04 14:05 . 2016-01-16 14:53 20130624 ----a-w- c:\windows\system32\nvwgf2umx.dll
2017-01-04 14:05 . 2016-11-17 09:46 17537912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2017-01-04 14:05 . 2016-10-23 13:36 504936 ----a-w- c:\windows\system32\nvumdshimx.dll
2017-01-04 14:03 . 2016-10-23 13:36 14545352 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2017-01-04 14:03 . 2016-01-16 14:53 3985104 ----a-w- c:\windows\system32\nvapi64.dll
2017-01-04 14:03 . 2016-01-16 14:53 3518872 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-12-11 18:47 . 2016-01-16 14:54 6384576 ----a-w- c:\windows\system32\nvcpl.dll
2016-12-11 18:47 . 2016-01-16 14:54 2475968 ----a-w- c:\windows\system32\nvsvc64.dll
2016-12-11 18:47 . 2016-01-16 14:54 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-12-11 18:47 . 2016-01-16 14:54 71224 ----a-w- c:\windows\system32\nvshext.dll
2016-12-11 18:47 . 2016-01-16 14:54 548408 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-12-11 18:47 . 2016-01-16 14:54 392128 ----a-w- c:\windows\system32\nvmctray.dll
2016-12-11 18:47 . 2016-01-16 14:54 1764408 ----a-w- c:\windows\system32\nvsvcr.dll
2016-12-09 08:52 . 2016-01-16 14:54 7639617 ----a-w- c:\windows\system32\nvcoproc.bin
2016-11-29 21:34 . 2016-11-29 21:34 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-28 15:09 . 2016-12-22 12:18 116896 ----a-w- c:\windows\system32\tmInstall.exe
2016-11-28 15:09 . 2016-12-22 12:18 193696 ----a-w- c:\windows\system32\drivers\tmhidusb.sys
2016-11-28 12:54 . 2016-12-22 12:18 221696 ----a-w- c:\windows\system32\tmpid.dll
2016-11-28 12:54 . 2016-12-22 12:18 183296 ----a-w- c:\windows\SysWow64\tmpid.dll
2016-11-24 20:54 . 2016-11-30 20:35 1951680 ----a-w- c:\windows\system32\nvdispco6437609.dll
2016-11-24 20:54 . 2016-11-30 20:35 1586744 ----a-w- c:\windows\system32\nvdispgenco6437609.dll
2016-11-22 00:52 . 2016-11-22 00:52 54344 ----a-w- c:\windows\system32\drivers\XtuAcpiDriver.sys
2016-11-22 00:51 . 2016-11-22 00:51 1805064 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2016-11-21 18:12 . 2016-12-14 20:50 109568 ----a-w- c:\windows\system32\hlink.dll
2016-11-20 16:19 . 2016-12-14 20:50 84992 ----a-w- c:\windows\SysWow64\hlink.dll
2016-11-20 14:07 . 2016-12-14 20:50 467392 ----a-w- c:\windows\system32\drivers\cng.sys
2016-11-17 16:41 . 2016-12-14 20:50 370920 ----a-w- c:\windows\system32\clfs.sys
2016-11-17 02:04 . 2016-11-19 17:19 1953336 ----a-w- c:\windows\system32\nvdispco6437595.dll
2016-11-17 02:04 . 2016-11-19 17:19 1585088 ----a-w- c:\windows\system32\nvdispgenco6437595.dll
2016-11-16 16:51 . 2016-11-16 16:51 153216 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-11-16 16:51 . 2016-02-09 07:27 84616 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-11-16 16:51 . 2016-02-09 07:27 61568 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-11-16 16:51 . 2016-02-09 07:27 262792 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-11-16 16:51 . 2016-02-09 07:27 208520 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-11-16 16:51 . 2016-02-09 07:27 197248 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-11-14 23:27 . 2016-12-14 20:50 394448 ----a-w- c:\windows\system32\iedkcs32.dll
2016-11-12 19:48 . 2016-12-14 20:50 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-11-12 19:48 . 2016-12-14 20:50 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-11-12 19:28 . 2016-12-14 20:50 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-11-12 19:26 . 2016-12-14 20:50 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-11-12 19:26 . 2016-12-14 20:50 417792 ----a-w- c:\windows\system32\html.iec
2016-11-12 19:25 . 2016-12-14 20:50 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-11-12 19:25 . 2016-12-14 20:50 576000 ----a-w- c:\windows\system32\vbscript.dll
2016-11-12 19:21 . 2016-12-14 20:50 2896384 ----a-w- c:\windows\system32\iertutil.dll
2016-11-12 19:15 . 2016-12-14 20:50 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-11-12 19:14 . 2016-12-14 20:50 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-11-12 19:09 . 2016-12-14 20:50 615936 ----a-w- c:\windows\system32\ieui.dll
2016-11-12 19:08 . 2016-12-14 20:50 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-11-12 19:08 . 2016-12-14 20:50 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-11-12 19:08 . 2016-12-14 20:50 25759744 ----a-w- c:\windows\system32\mshtml.dll
2016-11-12 19:07 . 2016-12-14 20:50 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-11-12 19:07 . 2016-12-14 20:50 817664 ----a-w- c:\windows\system32\jscript.dll
2016-11-12 18:56 . 2016-12-14 20:50 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-11-12 18:53 . 2016-12-14 20:50 6049280 ----a-w- c:\windows\system32\jscript9.dll
2016-11-12 18:52 . 2016-12-14 20:50 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-11-12 18:47 . 2016-12-14 20:50 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-11-12 18:41 . 2016-12-14 20:50 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-11-12 18:40 . 2016-12-14 20:50 107520 ----a-w- c:\windows\system32\inseng.dll
2016-11-12 18:35 . 2016-12-14 20:50 199680 ----a-w- c:\windows\system32\msrating.dll
2016-11-12 18:34 . 2016-12-14 20:50 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-11-12 18:31 . 2016-12-14 20:50 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-11-12 18:30 . 2016-12-14 20:50 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-11-12 18:29 . 2016-12-14 20:50 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29 . 2016-12-14 20:50 498688 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-11-12 18:29 . 2016-12-14 20:50 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-11-12 18:28 . 2016-12-14 20:50 152064 ----a-w- c:\windows\system32\occache.dll
2016-11-12 18:27 . 2016-12-14 20:50 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14 . 2016-12-14 20:50 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-11-12 18:14 . 2016-12-14 20:50 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-11-12 18:14 . 2016-12-14 20:50 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-11-12 18:11 . 2016-12-14 20:50 725504 ----a-w- c:\windows\system32\ie4uinit.exe
2016-11-12 18:10 . 2016-12-14 20:50 806912 ----a-w- c:\windows\system32\msfeeds.dll
2016-11-12 18:08 . 2016-12-14 20:50 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-11-12 18:08 . 2016-12-14 20:50 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
2016-11-12 17:57 . 2016-12-14 20:50 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:41 . 2016-12-14 20:50 15257088 ----a-w- c:\windows\system32\ieframe.dll
2016-11-12 17:37 . 2016-12-14 20:50 4608000 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-11-12 17:36 . 2016-12-14 20:50 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-11-12 17:36 . 2016-12-14 20:50 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35 . 2016-12-14 20:50 2920960 ----a-w- c:\windows\system32\wininet.dll
2016-11-12 17:20 . 2016-12-14 20:50 1543680 ----a-w- c:\windows\system32\urlmon.dll
2016-11-12 17:11 . 2016-12-14 20:50 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-11-12 17:05 . 2016-12-14 20:50 2444800 ----a-w- c:\windows\SysWow64\wininet.dll
2016-11-11 19:49 . 2016-11-11 19:49 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2016-11-11 19:49 . 2016-11-11 19:49 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2016-11-11 19:49 . 2016-11-11 19:49 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2016-11-11 19:49 . 2016-11-11 19:49 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2016-11-10 23:48 . 2016-11-17 09:45 1951680 ----a-w- c:\windows\system32\nvdispco6437586.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 14:26 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 14:26 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 14:26 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2016-11-14 15:56 564736 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2016-11-14 15:56 564736 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2016-11-14 15:56 564736 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2017-01-19 2881824]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-12-20 27250144]
"Discord"="c:\users\Josef\AppData\Local\Discord\app-0.0.297\Discord.exe" [2017-01-04 64290304]
"SmartHID"="c:\users\Josef\AppData\Local\SmartGenius\resources\KeyboardDriver\SmartHID.exe" [2016-11-26 771584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-03-23 296216]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-12-27 4509184]
"BrStsInd00"="c:\program files (x86)\BrownyInd\Brother\BrIndicator.exe" [2012-12-18 1885184]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" [2016-12-23 1870928]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
.
c:\users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MEGAsync.lnk - c:\users\Josef\AppData\Local\MEGAsync\MEGAsync.exe [2015-12-16 5124560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 GamingApp_Service;GamingApp_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 NTIOLib_MB;NTIOLib_MB;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tmhidusb;Thrustmaster HID USB Driver;c:\windows\system32\DRIVERS\tmhidusb.sys;c:\windows\SYSNATIVE\DRIVERS\tmhidusb.sys [x]
R3 tmwbulk;Thrustmaster Series Bulk Driver (tmwbulk);c:\windows\system32\Drivers\tmwbulk.sys;c:\windows\SYSNATIVE\Drivers\tmwbulk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 BfLwf;Killer Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 tmInstall;Thrustmaster® Device Driver Installer;c:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE;c:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 gKbdfltr;gKbd Upper Filter;c:\windows\system32\DRIVERS\gKbdfltr.sys;c:\windows\SYSNATIVE\DRIVERS\gKbdfltr.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ioFakDrv;ioVirtual Device;c:\windows\system32\DRIVERS\ioFakDrv.sys;c:\windows\SYSNATIVE\DRIVERS\ioFakDrv.sys [x]
S3 ioFakMap;MiniHid Driver Service for ioFakeDrv Interface layer;c:\windows\system32\DRIVERS\ioFakMap.sys;c:\windows\SYSNATIVE\DRIVERS\ioFakMap.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for Killer e2201/e2202 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 16:03 1384792 ----a-w- c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{AC76BA86-0000-0000-7760-7E8A45000000}]
2016-12-23 18:11 387152 ----a-w- c:\program files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2017-01-21 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-13 17:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 14:22 2351920 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 14:22 2351920 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 14:22 2351920 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2016-11-14 15:56 592384 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2016-11-14 15:56 592384 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2016-11-14 15:56 592384 ----a-w- c:\users\Josef\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-06-12 8484056]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2014-02-21 41088]
"ISCT Tray"="c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe" [2014-08-25 5860656]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2016-07-01 508128]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2016-12-14 2776528]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer a OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-1720767912_is1 - c:\gog games\Transport Fever\unins000.exe
AddRemove-Car Mechanic Simulator 2015 Gold Edition_is1 - c:\program files (x86)\Car Mechanic Simulator 2015 Gold Edition\unins000.exe
AddRemove-Mafia III - Digital Deluxe Edition_is1 - c:\program files (x86)\Mafia III - Digital Deluxe Edition\unins000.exe
AddRemove-MHD Simulator 2009 - SCORE edice - c:\program files (x86)\MHD Simulator 2009\Uninstal.exe
AddRemove-{D9EF3C3F-F9DC-4A6A-A2AB-0118509F3CCD}_is1 - c:\program files (x86)\Steam\steamapps\common\OMSI 2\___SDK\Simple Spline Creator\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\openhardwaremonitor\OpenHardwareMonitor.sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1320624249-1157925965-138866719-1000\Software\˘0×0ę0±0ü0·0ç0ó0 *¦0Ł0¶0ü0É0g0ubU0Ś0_0í0ü0«0ë0 *˘0×0ę0±0ü0·0ç0ó0]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2017-01-22 13:20:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-01-22 12:20
ComboFix2.txt 2017-01-21 22:03
.
Před spuštěním: Volných bajtů: 477 483 044 864
Po spuštění: Volných bajtů: 476 938 268 672
.
- - End Of File - - B4859F959884284FAF42F3CE5C6884F4
A36C5E4F47E84449FF07ED3517B43A31

HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:22:51, on 22.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)

Boot mode: Normal

Running processes:
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Josef\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Josef\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll (file missing)
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BrStsInd00] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe /AUTORUN
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Discord] C:\Users\Josef\AppData\Local\Discord\app-0.0.297\Discord.exe
O4 - HKCU\..\Run: [SmartHID] C:\Users\Josef\AppData\Local\SmartGenius\resources\KeyboardDriver\SmartHID.exe
O4 - Startup: MEGAsync.lnk = Josef\AppData\Local\MEGAsync\MEGAsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Envoyer a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Cliquer pour appeler Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Cliquer pour appeler Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll (file missing)
O18 - Protocol: WSISVCUchrome - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamingApp_Service - Micro-Star Int'l Co., Ltd. - C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: Thrustmaster® Device Driver Installer (tmInstall) - Thrustmaster® - C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11362 bytes

aswMBR
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-01-22 13:24:15
-----------------------------
13:24:15.836 OS Version: Windows x64 6.1.7601 Service Pack 1
13:24:15.836 Number of processors: 4 586 0x3C03
13:24:15.836 ComputerName: WINDOWS7 UserName: Josef
13:24:16.912 Initialize success
13:24:16.928 VM: initialized successfully
13:24:16.928 VM: Intel CPU supported
13:24:24.057 VM: not used
13:24:27.115 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:24:27.115 Disk 0 Vendor: ST1000DM003-1SB10C CC41 Size: 953869MB BusType: 11
13:24:27.208 Disk 0 MBR read successfully
13:24:27.224 Disk 0 MBR scan
13:24:27.224 Disk 0 Windows 7 default MBR code
13:24:27.239 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:24:27.239 Disk 0 Boot: NTFS code=2
13:24:27.255 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
13:24:27.255 Disk 0 scanning C:\Windows\system32\drivers
13:24:36.194 Service scanning
13:24:44.774 Service NTIOLib_1_0_C D:\NTIOLib_X64.sys **LOCKED** 21
13:24:51.248 Modules scanning
13:24:51.263 Disk 0 trace - called modules:
13:24:51.279 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:24:51.279 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078db060]
13:24:51.279 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800761b060]
13:24:51.279 Disk 0 statistics 94668/0/0 @ 5,71 MB/s
13:24:51.295 Scan finished successfully
13:25:02.948 Disk 0 MBR has been saved successfully to "C:\Users\Josef\Desktop\MBR.dat"
13:25:02.948 The log file has been saved successfully to "C:\Users\Josef\Desktop\aswMBR.txt"

Příspěvekod **jerabina** » 22 led 2017 14:58

Zemana je tedy v pořádku, pokud to našlo jen tu domovskou stránku.

Instaloval jsi si na počítač VIPRE Antivirus? Pokud ano, tak ho odinstaluj + vymaž složku C:\Program Files (x86)\VIPRE pomocí shift+delete(i když jsi ho nenainstaloval).

Vypni trvale Windows Defender, ESET stačí.

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll (file missing)
O3 - Toolbar: VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O18 - Protocol: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll (file missing)
O18 - Protocol: WSISVCUchrome - (no CLSID) - (no file)

+ se ti tam spouští Steam, Skype a Discord při startu počítače, čímž se zpomaluje. Pokud nechceš, aby se spouštěly, tak v HJT fixni navíc tyto položky:

Kód: Vybrat vše

O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Discord] C:\Users\Josef\AppData\Local\Discord\app-0.0.297\Discord.exe

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?

tfc · Příspěvekod **tfc** » 22 led 2017 15:28

jerabina píše:Instaloval jsi si na počítač VIPRE Antivirus?

V minulosti jsem ho měl, již ho ale nějakou dobu nepoužívám.

# DelFix v1.013 - Logfile created 22/01/2017 at 15:24:03
# Updated 17/04/2016 by Xplode
# Username : Josef - WINDOWS7
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Josef\Desktop\AdwCleaner.exe
Deleted : C:\Users\Josef\Desktop\aswmbr.exe
Deleted : C:\Users\Josef\Desktop\aswMBR.txt
Deleted : C:\Users\Josef\Desktop\ComboFix.exe
Deleted : C:\Users\Josef\Desktop\JRT.exe
Deleted : C:\Users\Josef\Desktop\HijackThis.exe
Deleted : C:\Users\Josef\Desktop\hijackthis.log
Deleted : C:\Users\Josef\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Josef\Desktop\TFC.exe
Deleted : C:\Users\Josef\Desktop\zoek.exe
Deleted : C:\Users\Josef\Downloads\aswmbr.exe
Deleted : C:\Users\Josef\Downloads\ComboFix.exe
Deleted : C:\Users\Josef\Downloads\FRST.txt
Deleted : C:\Users\Josef\Downloads\JRT.exe
Deleted : C:\Users\Josef\Downloads\hijackthis.log
Deleted : C:\Users\Josef\Downloads\logfile.txt
Deleted : C:\Users\Josef\Downloads\RogueKillerX64.exe
Deleted : C:\Users\Josef\Downloads\TFC.exe
Deleted : C:\Users\Josef\Downloads\zoek.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #180 [Windows Update | 01/05/2017 11:15:52]
Deleted : RP #181 [Windows Update | 01/10/2017 16:18:28]
Deleted : RP #182 [Windows Update | 01/11/2017 19:10:59]
Deleted : RP #183 [Removed Java 8 Update 111 | 01/11/2017 19:38:27]
Deleted : RP #184 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 | 01/12/2017 18:26:46]
Deleted : RP #185 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 01/12/2017 18:27:38]
Deleted : RP #187 [paint.net 4.0.13 | 01/12/2017 18:36:21]
Deleted : RP #188 [Nainstalováno: Microsoft Visual C++ 2005 Redistributable | 01/16/2017 21:09:45]
Deleted : RP #189 [Nainstalováno rozhraní DirectX | 01/16/2017 21:12:49]
Deleted : RP #190 [Windows Update | 01/17/2017 12:50:29]
Deleted : RP #191 [Windows Update | 01/20/2017 12:52:32]
Deleted : RP #192 [Windows Update | 01/20/2017 16:05:58]
Deleted : RP #193 [JRT Pre-Junkware Removal | 01/21/2017 15:52:52]
Deleted : RP #194 [zoek.exe restore point | 01/21/2017 21:28:56]
Deleted : RP #195 [Restore Operation | 01/21/2017 22:15:10]

New restore point created !

########## - EOF - ##########

Příspěvekod **jaro3** » 23 led 2017 09:29

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.

Co problémy?

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online