vyskokovací okno famousaactors

Příspěvekod **jaro3** » 05 led 2017 19:09

RK---musíš ty nákazy zatrhnout všechny..

Reklama

jarek865 · Příspěvekod **jarek865** » 05 led 2017 22:07

RK-- při skenu detekoval nejspíše kámen úrazu ve - win32k.sys - avšak odstranit (zaškrtnout v programu nelze)
C:\Windows\System32\win32k.sys....
mam ho zkusit nějak nahradit ručně?

Příspěvekod **jaro3** » 05 led 2017 22:16

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\System32\win32k.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

ten soubor myslíš:
¤¤¤ Registry : 7 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} (C:\PROGRA~1\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.116.100.65 10.116.100.1 ([X][X]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.116.100.65 10.116.100.1 ([X][X]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0C960F73-74A7-4D47-85DC-78AE28ED7E44} | DhcpNameServer : 10.116.100.1 ([X]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8F89DE2F-DEDA-480C-B624-713D2C5F3098} | DhcpNameServer : 10.116.100.65 10.116.100.1 ([X][X]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0C960F73-74A7-4D47-85DC-78AE28ED7E44} | DhcpNameServer : 10.116.100.1 ([X]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8F89DE2F-DEDA-480C-B624-713D2C5F3098} | DhcpNameServer : 10.116.100.65 10.116.100.1 ([X][X]) -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Nahrán) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwDeleteAtom[99] : C:\Windows\System32\win32k.sys @ 0xffffffff932c8261 (call dword [0x81f45d14]) ??
to je v pořádku.

je třeba zatrhnout ty , kde je napsáno "Nalezeno"

dej nový Combofix.

jarek865 · Příspěvekod **jarek865** » 06 led 2017 10:28

Přikládam nejnovější log, okno neustale vyskakuje, jak mam prosím pokračovat?

ComboFix 17-01-04.01 - uživatel 05.01.2017 23:46:35.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2047.1008 [GMT 1:00]
Spuštěný z: c:\users\u×ivatel\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 9.0.407.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: ESET NOD32 Antivirus 9.0.407.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-12-05 do 2017-01-05 )))))))))))))))))))))))))))))))
.
.
2017-01-05 22:53 . 2017-01-05 22:53 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2017-01-05 22:53 . 2017-01-05 22:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2017-01-05 22:53 . 2017-01-05 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-05 22:53 . 2017-01-05 22:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2017-01-04 19:05 . 2017-01-04 19:27 -------- d-----w- C:\EEK
2017-01-03 21:05 . 2017-01-03 21:05 181496 ----a-w- c:\windows\system32\drivers\zam32.sys
2017-01-03 20:58 . 2017-01-04 10:09 -------- d-----w- c:\program files\Zemana AntiMalware
2017-01-03 20:57 . 2017-01-03 20:57 -------- d-----w- c:\users\uživatel\AppData\Local\Zemana
2017-01-03 20:43 . 2017-01-03 20:09 24064 ----a-w- c:\windows\zoek-delete.exe
2017-01-03 20:43 . 2017-01-05 22:53 -------- d-----w- c:\users\uživatel\AppData\Local\Temp
2017-01-03 20:09 . 2017-01-03 20:37 -------- d-----w- C:\zoek_backup
2017-01-03 10:55 . 2017-01-03 10:55 -------- d-----w- c:\programdata\Sophos
2017-01-03 10:53 . 2017-01-03 10:53 -------- d-----w- c:\program files\Sophos
2017-01-02 10:43 . 2017-01-03 20:53 87496 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-01-02 10:43 . 2017-01-03 11:52 63264 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-01-02 10:43 . 2017-01-05 22:42 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-01-02 10:43 . 2017-01-02 10:43 59968 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-01-02 10:42 . 2017-01-02 10:42 -------- d-----w- c:\program files\Malwarebytes
2017-01-02 09:05 . 2017-01-05 20:06 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-01-02 09:05 . 2017-01-02 09:05 -------- d-----w- c:\users\uživatel\AppData\Local\CrashDumps
2017-01-02 09:00 . 2017-01-02 09:00 -------- d-----w- c:\program files\RogueKiller
2017-01-02 09:00 . 2017-01-02 09:10 -------- d-----w- c:\programdata\RogueKiller
2017-01-02 04:59 . 2017-01-02 05:00 -------- d-----w- C:\KVRT_Data
2017-01-01 19:48 . 2017-01-05 22:42 219072 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-01 19:47 . 2017-01-02 10:43 153024 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-01-01 18:55 . 2017-01-04 13:38 -------- d-----w- C:\AdwCleaner
2017-01-01 17:26 . 2017-01-01 19:14 -------- d-----w- c:\program files\Spyware Terminator
2017-01-01 14:42 . 2017-01-02 10:42 -------- d-----w- c:\programdata\Malwarebytes
2017-01-01 14:42 . 2017-01-01 19:14 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2017-01-01 14:01 . 2017-01-01 14:01 -------- d-----w- c:\users\uživatel\AppData\Local\Crashpad
2017-01-01 14:00 . 2017-01-03 21:20 -------- d-----w- c:\users\uživatel\AppData\Roaming\Seznam Browser
2017-01-01 10:43 . 2017-01-01 10:43 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2016-12-26 11:06 . 2016-12-26 11:06 -------- d-----w- C:\Graphics
2016-12-26 11:05 . 2016-12-26 11:05 -------- d-----w- c:\program files\Shape Viewer
2016-12-26 08:05 . 2016-12-26 08:05 2977792 ----a-w- c:\users\uživatel\SView15.msi
2016-12-26 08:04 . 2016-12-26 08:04 -------- d-----w- c:\users\uživatel\Reports
2016-12-26 08:04 . 2016-12-26 08:04 1664 ----a-w- c:\users\uživatel\settings.bin
2016-12-24 10:20 . 2016-12-24 10:20 -------- d-----w- c:\users\uživatel\AppData\Roaming\Nero
2016-12-24 09:55 . 2016-12-24 09:55 -------- d-----w- c:\program files\Nero
2016-12-24 09:54 . 2016-12-24 09:56 -------- d-----w- c:\program files\Common Files\Nero
2016-12-24 09:54 . 2016-12-24 09:55 -------- d-----w- c:\programdata\Nero
2016-12-22 18:23 . 2016-12-22 18:34 -------- d-----w- c:\windows\$regcmp$
2016-12-20 15:21 . 2016-12-20 15:23 -------- d-----w- c:\users\uživatel\AppData\Local\YoutubeSoft
2016-12-20 15:21 . 2016-12-20 15:21 -------- d-----w- c:\users\uživatel\AppData\Roaming\YoutubeSoft
2016-12-20 15:21 . 2016-12-20 15:21 -------- d-----w- c:\programdata\YoutubeSoft
2016-12-20 15:20 . 2016-12-20 15:20 -------- d-----w- c:\program files\YouTubeSoft
2016-12-20 14:42 . 2016-12-20 14:43 -------- d-----w- c:\users\uživatel\AppData\Roaming\YouTubeByClick
2016-12-20 14:40 . 2016-12-20 15:19 -------- d-----w- c:\users\uživatel\AppData\Local\Downloaded Installations
2016-12-20 14:29 . 2016-12-20 14:29 -------- d-----w- C:\Download
2016-12-08 08:50 . 2016-12-08 08:50 -------- d-----w- c:\users\uživatel\AppData\Roaming\Hewlett-Packard
2016-12-08 08:44 . 2016-12-08 08:44 -------- d-----w- C:\System.sav
2016-12-08 08:43 . 2016-12-08 08:43 -------- d-----w- c:\users\uživatel\AppData\Roaming\hpqLog
2016-12-08 08:40 . 2017-01-01 14:46 -------- d-----w- c:\programdata\Hewlett-Packard
2016-12-08 08:38 . 2016-12-08 08:38 -------- d-----w- c:\users\uživatel\AppData\Local\HP
2016-12-08 08:37 . 2016-12-08 08:37 -------- d-----w- c:\programdata\WEBREG
2016-12-08 08:37 . 2016-12-08 08:38 -------- d-----w- c:\users\uživatel\AppData\Roaming\HP
2016-12-08 08:37 . 2016-12-08 08:32 315904 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll
2016-12-08 08:35 . 2016-12-15 10:01 -------- d-----w- c:\users\uživatel\AppData\Roaming\HpUpdate
2016-12-08 08:34 . 2016-12-08 08:34 -------- d-----w- c:\programdata\HP Product Assistant
2016-12-08 08:33 . 2016-12-08 08:33 -------- d-----w- c:\program files\Common Files\HP
2016-12-08 08:33 . 2016-12-08 08:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2016-12-08 08:32 . 2016-12-08 08:32 123904 ----a-w- c:\windows\system32\hpf3l70w.dll
2016-12-08 08:30 . 2016-12-08 08:35 -------- d-----w- c:\program files\HP
2016-12-08 08:30 . 2016-12-08 08:37 -------- d-----w- c:\programdata\HP
2016-12-08 08:30 . 2016-12-08 08:32 452408 ----a-w- c:\windows\system32\hpzids01.dll
2016-12-08 08:29 . 2016-12-08 08:32 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2016-12-08 08:29 . 2016-12-08 08:32 713728 ----a-w- c:\windows\system32\hposwia_d02d.dll
2016-12-08 08:29 . 2016-12-08 08:32 589824 ----a-w- c:\windows\system32\hpost_d02d.dll
2016-12-08 08:29 . 2016-12-08 08:32 315392 ----a-w- c:\windows\system32\hposc_d02a.dll
2016-12-08 08:25 . 2016-12-08 09:19 -------- d-----w- c:\users\uživatel\AppData\Local\Hewlett-Packard
2016-12-08 08:24 . 2017-01-01 13:56 -------- d-----w- c:\program files\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-26 08:05 . 2016-12-26 08:05 2977792 ----a-w- c:\users\uživatel\SView15.msi
2016-12-26 08:05 . 2016-12-26 08:05 2977792 ----a-w- c:\users\uživatel\SView15.msi
2016-12-26 08:04 . 2016-12-26 08:04 1664 ----a-w- c:\users\uživatel\settings.bin
2016-12-26 08:04 . 2016-12-26 08:04 1664 ----a-w- c:\users\uživatel\settings.bin
2016-12-14 06:06 . 2015-10-07 15:42 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-12-14 06:06 . 2015-10-07 15:42 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-12-14 05:42 . 2016-12-14 05:42 254464 ----a-w- c:\windows\system32\schannel.dll
2016-12-14 05:42 . 2016-12-14 05:42 141312 ----a-w- c:\windows\system32\rpchttp.dll
2016-12-08 08:36 . 2015-10-06 21:22 16384 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2016-12-08 08:36 . 2015-10-07 12:47 36352 ----a-w- c:\windows\system32\drivers\usbscan.sys
2016-12-08 08:36 . 2009-07-13 23:45 131072 ----a-w- c:\windows\system32\drivers\Dot4.sys
2016-12-08 08:36 . 2009-07-13 23:45 36864 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2016-12-04 12:02 . 2011-08-17 08:57 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2016-12-04 12:02 . 2011-08-17 08:57 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2016-12-04 12:02 . 2011-08-17 08:57 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2016-12-04 12:02 . 2011-08-17 08:56 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2016-12-04 12:02 . 2011-05-18 06:09 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2016-12-03 16:44 . 2015-09-23 07:30 206472 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-12-03 16:44 . 2015-09-23 07:30 156288 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-12-03 16:44 . 2015-09-23 07:30 141448 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2016-11-29 21:34 . 2016-11-29 21:34 28352 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-09 19:23 . 2016-11-09 19:23 202240 ----a-w- c:\windows\system32\input.dll
2016-11-09 19:23 . 2016-11-09 19:23 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2016-11-09 19:23 . 2016-11-09 19:23 126976 ----a-w- c:\windows\system32\tintlgnt.ime
2016-11-09 19:23 . 2016-11-09 19:23 125952 ----a-w- c:\windows\system32\quick.ime
2016-11-09 19:23 . 2016-11-09 19:23 125952 ----a-w- c:\windows\system32\qintlgnt.ime
2016-11-09 19:23 . 2016-11-09 19:23 125952 ----a-w- c:\windows\system32\phon.ime
2016-11-09 19:23 . 2016-11-09 19:23 125952 ----a-w- c:\windows\system32\chajei.ime
2016-11-09 19:23 . 2016-11-09 19:23 125952 ----a-w- c:\windows\system32\cintlgnt.ime
2016-11-09 19:23 . 2016-11-09 19:23 2291712 ----a-w- c:\windows\system32\MSVidCtl.dll
2016-11-09 19:23 . 2016-11-09 19:23 90112 ----a-w- c:\windows\system32\pintlgnt.ime
2016-11-09 19:23 . 2016-11-09 19:23 497152 ----a-w- c:\windows\system32\win32spl.dll
2016-11-09 19:23 . 2016-11-09 19:23 308456 ----a-w- c:\windows\system32\atmfd.dll
2016-11-09 19:23 . 2016-11-09 19:23 741888 ----a-w- c:\windows\system32\inetcomm.dll
2016-11-09 19:23 . 2016-11-09 19:23 41984 ----a-w- c:\windows\system32\UtcResources.dll
2016-11-09 19:23 . 2016-11-09 19:23 90624 ----a-w- c:\windows\system32\olepro32.dll
2016-11-09 19:23 . 2016-11-09 19:23 68608 ----a-w- c:\windows\system32\drivers\bowser.sys
2016-11-09 19:23 . 2016-11-09 19:23 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2016-11-09 19:23 . 2016-11-09 19:23 1027584 ----a-w- c:\windows\system32\IMJP10.IME
2016-11-09 19:23 . 2016-11-09 19:23 67584 ----a-w- c:\windows\system32\asycfilt.dll
2016-11-09 19:23 . 2016-11-09 19:23 829952 ----a-w- c:\windows\system32\msctf.dll
2016-11-09 19:23 . 2016-11-09 19:23 430080 ----a-w- c:\windows\system32\imkr80.ime
2016-11-09 19:23 . 2016-11-09 19:23 581632 ----a-w- c:\windows\system32\oleaut32.dll
2016-11-09 19:23 . 2016-11-09 19:23 84480 ----a-w- c:\windows\system32\INETRES.dll
2016-11-09 19:23 . 2016-11-09 19:23 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-11-09 19:23 . 2016-11-09 19:23 26112 ----a-w- c:\windows\system32\lpk.dll
2016-11-09 19:23 . 2016-11-09 19:23 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-11-09 19:23 . 2016-11-09 19:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-11-09 19:21 . 2016-11-09 19:22 935424 ----a-w- c:\windows\system32\diagtrack.dll
2016-10-30 11:05 . 2016-10-30 11:05 123904 ----a-w- c:\windows\system32\poqexec.exe
2016-10-11 23:24 . 2016-10-11 23:24 67816 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-10-11 23:24 . 2016-10-11 23:24 488448 ----a-w- c:\windows\system32\devinv.dll
2016-10-11 23:24 . 2016-10-11 23:24 478208 ----a-w- c:\windows\system32\generaltel.dll
2016-10-11 23:24 . 2016-10-11 23:24 184320 ----a-w- c:\windows\system32\aepic.dll
2016-10-11 23:24 . 2016-10-11 23:24 1406976 ----a-w- c:\windows\system32\appraiser.dll
2016-10-11 23:24 . 2016-10-11 23:24 107008 ----a-w- c:\windows\system32\acmigration.dll
2016-10-11 23:24 . 2016-10-11 23:24 1017856 ----a-w- c:\windows\system32\aeinv.dll
2016-10-11 23:24 . 2016-10-11 23:24 268800 ----a-w- c:\windows\system32\invagent.dll
2016-10-11 23:24 . 2016-10-11 23:24 213504 ----a-w- c:\windows\system32\centel.dll
2016-10-11 23:24 . 2016-10-11 23:24 3209216 ----a-w- c:\windows\system32\mf.dll
2016-10-11 23:24 . 2016-10-11 23:24 988160 ----a-w- c:\windows\system32\drmv2clt.dll
2016-10-11 23:24 . 2016-10-11 23:24 744960 ----a-w- c:\windows\system32\blackbox.dll
2016-10-11 23:23 . 2016-10-11 23:23 437248 ----a-w- c:\windows\system32\scavengeui.dll
2016-10-11 23:23 . 2016-10-11 23:23 1178112 ----a-w- c:\windows\system32\WsmSvc.dll
2016-10-11 23:23 . 2016-10-11 23:23 617984 ----a-w- c:\windows\system32\wmdrmsdk.dll
2016-10-11 23:23 . 2016-10-11 23:23 1329664 ----a-w- c:\windows\system32\quartz.dll
2016-10-11 23:23 . 2016-10-11 23:23 489984 ----a-w- c:\windows\system32\evr.dll
2016-10-11 23:23 . 2016-10-11 23:23 519680 ----a-w- c:\windows\system32\qdvd.dll
2016-10-11 23:23 . 2016-10-11 23:23 474624 ----a-w- c:\windows\system32\audiosrv.dll
2016-10-11 23:23 . 2016-10-11 23:23 442368 ----a-w- c:\windows\system32\AUDIOKSE.dll
2016-10-11 23:23 . 2016-10-11 23:23 406016 ----a-w- c:\windows\system32\drmmgrtn.dll
2016-10-11 23:23 . 2016-10-11 23:23 249344 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2016-10-11 23:23 . 2016-10-11 23:23 374784 ----a-w- c:\windows\system32\AudioEng.dll
2016-10-11 23:23 . 2016-10-11 23:23 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2016-10-11 23:23 . 2016-10-11 23:23 199168 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2016-10-11 23:23 . 2016-10-11 23:23 1005056 ----a-w- c:\windows\system32\cryptui.dll
2016-10-11 23:23 . 2016-10-11 23:23 593920 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2016-10-11 23:23 . 2016-10-11 23:23 354816 ----a-w- c:\windows\system32\mfplat.dll
2016-10-11 23:23 . 2016-10-11 23:23 78568 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2016-10-11 23:23 . 2016-10-11 23:23 275968 ----a-w- c:\windows\system32\EncDump.dll
2016-10-11 23:23 . 2016-10-11 23:23 195072 ----a-w- c:\windows\system32\AudioSes.dll
2016-10-11 23:23 . 2016-10-11 23:23 157184 ----a-w- c:\windows\system32\pcasvc.dll
2016-10-11 23:23 . 2016-10-11 23:23 146944 ----a-w- c:\windows\system32\WsmAuto.dll
2016-10-11 23:23 . 2016-10-11 23:23 1251328 ----a-w- c:\windows\system32\DWrite.dll
2016-10-11 23:23 . 2016-10-11 23:23 12574208 ----a-w- c:\windows\system32\wmploc.DLL
2016-10-11 23:23 . 2016-10-11 23:23 909824 ----a-w- c:\windows\system32\FntCache.dll
2016-10-11 23:23 . 2016-10-11 23:23 81408 ----a-w- c:\windows\system32\drivers\dfsc.sys
2016-10-11 23:23 . 2016-10-11 23:23 80896 ----a-w- c:\windows\system32\cryptsp.dll
2016-10-11 23:23 . 2016-10-11 23:23 103424 ----a-w- c:\windows\system32\mfps.dll
2016-10-11 23:23 . 2016-10-11 23:23 76800 ----a-w- c:\windows\system32\adsmsext.dll
2016-10-11 23:23 . 2016-10-11 23:23 117248 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-10-11 23:23 . 2016-10-11 23:23 100352 ----a-w- c:\windows\system32\audiodg.exe
2016-10-11 23:23 . 2016-10-11 23:23 504320 ----a-w- c:\windows\system32\msscp.dll
2016-10-11 23:23 . 2016-10-11 23:23 265216 ----a-w- c:\windows\system32\msnetobj.dll
2016-10-11 23:23 . 2016-10-11 23:23 23040 ----a-w- c:\windows\system32\mfpmp.exe
2016-10-11 23:23 . 2016-10-11 23:23 208896 ----a-w- c:\windows\system32\WebClnt.dll
2016-10-11 23:23 . 2016-10-11 23:23 28160 ----a-w- c:\windows\system32\pcadm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\uživatel\AppData\Local\FluxSoftware\Flux\flux.exe" [2016-09-06 1017224]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-05-13 6690008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2015-08-18 1278920]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 4045432]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-02 2776528]
"ZAM"="c:\users\uživatel\Desktop\Zemana AntiMalware\ZAM.exe" [2017-01-03 14073072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-10-06 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-05-13 17:43 6690008 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2016-12-08 08:35 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2016-07-15 15:46 164152 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2015-08-18 08:47 2585744 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2010-08-03 08:00 6043888 ----a-w- c:\program files\WebcamMax\WebcamMax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard32.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-01-29 327296]
R2 ZAMSvc;ZAM Controller Service;c:\users\uživatel\Desktop\Zemana AntiMalware\ZAM.exe [2017-01-03 14073072]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2015-08-31 24424]
R3 DFX12;DFX Audio Enhancer;c:\windows\system32\drivers\dfx12.sys [2015-11-12 26104]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-12-14 102912]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2017-01-05 39360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-01-05 219072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2015-10-08 243128]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-12-03 206472]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2016-12-03 156288]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-10-06 23840]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam32.sys [2017-01-03 181496]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2016-12-03 2167696]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2016-12-03 141448]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-08-18 915600]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-07 31776]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-01-02 3381200]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-08-18 1706128]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-08-18 19775632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-08-17 409776]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2000-01-01 27768]
S3 JMCF;JMCF;c:\windows\system32\DRIVERS\jmcf.sys [2000-01-01 68720]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-08-18 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2015-08-18 32912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 716504]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-10-22 1841272]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 03:25 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2017-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-07 06:06]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 10.116.100.65 10.116.100.1
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-01-05 23:55:26
ComboFix-quarantined-files.txt 2017-01-05 22:55
ComboFix2.txt 2017-01-05 17:52
ComboFix3.txt 2017-01-04 19:46
.
Před spuštěním: Volných bajtů: 303 822 442 496
Po spuštění: Volných bajtů: 303 766 917 120
.
- - End Of File - - B98ED2A49B70DEC6A5454F92F95A3B70
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 06 led 2017 18:16

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\program files\Skype\Updater

Driver::
SkypeUpdate

DDS::
uInternet Settings,ProxyOverride = *.local

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

jarek865 · Příspěvekod **jarek865** » 06 led 2017 19:03

ComboFix 17-01-04.01 - uživatel 06.01.2017 18:50:35.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2047.1172 [GMT 1:00]
Spuštěný z: c:\users\u×ivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\u×ivatel\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 9.0.407.0 *Disabled/Outdated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: ESET NOD32 Antivirus 9.0.407.0 *Disabled/Outdated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-12-06 do 2017-01-06 )))))))))))))))))))))))))))))))
.
.
2017-01-06 17:57 . 2017-01-06 17:57 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2017-01-06 17:57 . 2017-01-06 17:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2017-01-06 17:57 . 2017-01-06 17:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-06 17:57 . 2017-01-06 17:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2017-01-04 19:05 . 2017-01-04 19:27 -------- d-----w- C:\EEK
2017-01-03 21:05 . 2017-01-03 21:05 181496 ----a-w- c:\windows\system32\drivers\zam32.sys
2017-01-03 20:58 . 2017-01-04 10:09 -------- d-----w- c:\program files\Zemana AntiMalware
2017-01-03 20:57 . 2017-01-03 20:57 -------- d-----w- c:\users\uživatel\AppData\Local\Zemana
2017-01-03 20:43 . 2017-01-03 20:09 24064 ----a-w- c:\windows\zoek-delete.exe
2017-01-03 20:43 . 2017-01-06 17:57 -------- d-----w- c:\users\uživatel\AppData\Local\Temp
2017-01-03 20:09 . 2017-01-03 20:37 -------- d-----w- C:\zoek_backup
2017-01-03 10:55 . 2017-01-03 10:55 -------- d-----w- c:\programdata\Sophos
2017-01-03 10:53 . 2017-01-03 10:53 -------- d-----w- c:\program files\Sophos
2017-01-02 10:43 . 2017-01-03 20:53 87496 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-01-02 10:43 . 2017-01-03 11:52 63264 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-01-02 10:43 . 2017-01-06 07:38 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-01-02 10:43 . 2017-01-02 10:43 59968 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-01-02 10:42 . 2017-01-02 10:42 -------- d-----w- c:\program files\Malwarebytes
2017-01-02 09:05 . 2017-01-05 20:06 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-01-02 09:05 . 2017-01-02 09:05 -------- d-----w- c:\users\uživatel\AppData\Local\CrashDumps
2017-01-02 09:00 . 2017-01-02 09:00 -------- d-----w- c:\program files\RogueKiller
2017-01-02 09:00 . 2017-01-02 09:10 -------- d-----w- c:\programdata\RogueKiller
2017-01-02 04:59 . 2017-01-02 05:00 -------- d-----w- C:\KVRT_Data
2017-01-01 19:48 . 2017-01-06 07:38 219072 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-01 19:47 . 2017-01-02 10:43 153024 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-01-01 18:55 . 2017-01-04 13:38 -------- d-----w- C:\AdwCleaner
2017-01-01 17:26 . 2017-01-01 19:14 -------- d-----w- c:\program files\Spyware Terminator
2017-01-01 14:42 . 2017-01-02 10:42 -------- d-----w- c:\programdata\Malwarebytes
2017-01-01 14:42 . 2017-01-01 19:14 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2017-01-01 14:01 . 2017-01-01 14:01 -------- d-----w- c:\users\uživatel\AppData\Local\Crashpad
2017-01-01 14:00 . 2017-01-03 21:20 -------- d-----w- c:\users\uživatel\AppData\Roaming\Seznam Browser
2017-01-01 10:43 . 2017-01-01 10:43 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2016-12-26 11:06 . 2016-12-26 11:06 -------- d-----w- C:\Graphics
2016-12-26 11:05 . 2016-12-26 11:05 -------- d-----w- c:\program files\Shape Viewer
2016-12-26 08:05 . 2016-12-26 08:05 2977792 ----a-w- c:\users\uživatel\SView15.msi
2016-12-26 08:04 . 2016-12-26 08:04 -------- d-----w- c:\users\uživatel\Reports
2016-12-26 08:04 . 2016-12-26 08:04 1664 ----a-w- c:\users\uživatel\settings.bin
2016-12-24 10:20 . 2016-12-24 10:20 -------- d-----w- c:\users\uživatel\AppData\Roaming\Nero
2016-12-24 09:55 . 2016-12-24 09:55 -------- d-----w- c:\program files\Nero
2016-12-24 09:54 . 2016-12-24 09:56 -------- d-----w- c:\program files\Common Files\Nero
2016-12-24 09:54 . 2016-12-24 09:55 -------- d-----w- c:\programdata\Nero
2016-12-22 18:23 . 2016-12-22 18:34 -------- d-----w- c:\windows\$regcmp$
2016-12-20 15:21 . 2016-12-20 15:23 -------- d-----w- c:\users\uživatel\AppData\Local\YoutubeSoft
2016-12-20 15:21 . 2016-12-20 15:21 -------- d-----w- c:\users\uživatel\AppData\Roaming\YoutubeSoft
2016-12-20 15:21 . 2016-12-20 15:21 -------- d-----w- c:\programdata\YoutubeSoft
2016-12-20 15:20 . 2016-12-20 15:20 -------- d-----w- c:\program files\YouTubeSoft
2016-12-20 14:42 . 2016-12-20 14:43 -------- d-----w- c:\users\uživatel\AppData\Roaming\YouTubeByClick
2016-12-20 14:40 . 2016-12-20 15:19 -------- d-----w- c:\users\uživatel\AppData\Local\Downloaded Installations
2016-12-20 14:29 . 2016-12-20 14:29 -------- d-----w- C:\Download
2016-12-08 08:50 . 2016-12-08 08:50 -------- d-----w- c:\users\uživatel\AppData\Roaming\Hewlett-Packard
2016-12-08 08:44 . 2016-12-08 08:44 -------- d-----w- C:\System.sav
2016-12-08 08:43 . 2016-12-08 08:43 -------- d-----w- c:\users\uživatel\AppData\Roaming\hpqLog
2016-12-08 08:40 . 2017-01-01 14:46 -------- d-----w- c:\programdata\Hewlett-Packard
2016-12-08 08:38 . 2016-12-08 08:38 -------- d-----w- c:\users\uživatel\AppData\Local\HP
2016-12-08 08:37 . 2016-12-08 08:37 -------- d-----w- c:\programdata\WEBREG
2016-12-08 08:37 . 2016-12-08 08:38 -------- d-----w- c:\users\uživatel\AppData\Roaming\HP
2016-12-08 08:37 . 2016-12-08 08:32 315904 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll
2016-12-08 08:35 . 2016-12-15 10:01 -------- d-----w- c:\users\uživatel\AppData\Roaming\HpUpdate
2016-12-08 08:34 . 2016-12-08 08:34 -------- d-----w- c:\programdata\HP Product Assistant
2016-12-08 08:33 . 2016-12-08 08:33 -------- d-----w- c:\program files\Common Files\HP
2016-12-08 08:33 . 2016-12-08 08:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2016-12-08 08:32 . 2016-12-08 08:32 123904 ----a-w- c:\windows\system32\hpf3l70w.dll
2016-12-08 08:30 . 2016-12-08 08:35 -------- d-----w- c:\program files\HP
2016-12-08 08:30 . 2016-12-08 08:37 -------- d-----w- c:\programdata\HP
2016-12-08 08:30 . 2016-12-08 08:32 452408 ----a-w- c:\windows\system32\hpzids01.dll
2016-12-08 08:29 . 2016-12-08 08:32 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2016-12-08 08:29 . 2016-12-08 08:32 713728 ----a-w- c:\windows\system32\hposwia_d02d.dll
2016-12-08 08:29 . 2016-12-08 08:32 589824 ----a-w- c:\windows\system32\hpost_d02d.dll
2016-12-08 08:29 . 2016-12-08 08:32 315392 ----a-w- c:\windows\system32\hposc_d02a.dll
2016-12-08 08:25 . 2016-12-08 09:19 -------- d-----w- c:\users\uživatel\AppData\Local\Hewlett-Packard
2016-12-08 08:24 . 2017-01-01 13:56 -------- d-----w- c:\program files\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-26 08:05 . 2016-12-26 08:05 2977792 ----a-w- c:\users\uživatel\SView15.msi
2016-12-26 08:05 . 2016-12-26 08:05 2977792 ----a-w- c:\users\uživatel\SView15.msi
2016-12-26 08:04 . 2016-12-26 08:04 1664 ----a-w- c:\users\uživatel\settings.bin
2016-12-26 08:04 . 2016-12-26 08:04 1664 ----a-w- c:\users\uživatel\settings.bin
2016-12-14 06:06 . 2015-10-07 15:42 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-12-14 06:06 . 2015-10-07 15:42 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-12-14 05:42 . 2016-12-14 05:42 254464 ----a-w- c:\windows\system32\schannel.dll
2016-12-14 05:42 . 2016-12-14 05:42 141312 ----a-w- c:\windows\system32\rpchttp.dll
2016-12-08 08:36 . 2015-10-06 21:22 16384 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2016-12-08 08:36 . 2015-10-07 12:47 36352 ----a-w- c:\windows\system32\drivers\usbscan.sys
2016-12-08 08:36 . 2009-07-13 23:45 131072 ----a-w- c:\windows\system32\drivers\Dot4.sys
2016-12-08 08:36 . 2009-07-13 23:45 36864 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2016-12-04 12:02 . 2011-08-17 08:57 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2016-12-04 12:02 . 2011-08-17 08:57 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2016-12-04 12:02 . 2011-08-17 08:57 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2016-12-04 12:02 . 2011-08-17 08:56 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2016-12-04 12:02 . 2011-05-18 06:09 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2016-12-03 16:44 . 2015-09-23 07:30 206472 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-12-03 16:44 . 2015-09-23 07:30 156288 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-12-03 16:44 . 2015-09-23 07:30 141448 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2016-11-29 21:34 . 2016-11-29 21:34 28352 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-09 19:23 . 2016-11-09 19:23 202240 ----a-w- c:\windows\system32\input.dll
2016-11-09 19:23 . 2016-11-09 19:23 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2016-11-09 19:23 . 2016-11-09 19:23 126976 ----a-w- c:\windows\system32\tintlgnt.ime
2016-11-09 19:23 . 2016-11-09 19:23 125952 ----a-w- c:\windows\system32\quick.ime
2016-11-09 19:23 . 2016-11-09 19:23 125952 ----a-w- c:\windows\system32\qintlgnt.ime
2016-11-09 19:23 . 2016-11-09 19:23 125952 ----a-w- c:\windows\system32\phon.ime
2016-11-09 19:23 . 2016-11-09 19:23 125952 ----a-w- c:\windows\system32\chajei.ime
2016-11-09 19:23 . 2016-11-09 19:23 125952 ----a-w- c:\windows\system32\cintlgnt.ime
2016-11-09 19:23 . 2016-11-09 19:23 2291712 ----a-w- c:\windows\system32\MSVidCtl.dll
2016-11-09 19:23 . 2016-11-09 19:23 90112 ----a-w- c:\windows\system32\pintlgnt.ime
2016-11-09 19:23 . 2016-11-09 19:23 497152 ----a-w- c:\windows\system32\win32spl.dll
2016-11-09 19:23 . 2016-11-09 19:23 308456 ----a-w- c:\windows\system32\atmfd.dll
2016-11-09 19:23 . 2016-11-09 19:23 741888 ----a-w- c:\windows\system32\inetcomm.dll
2016-11-09 19:23 . 2016-11-09 19:23 41984 ----a-w- c:\windows\system32\UtcResources.dll
2016-11-09 19:23 . 2016-11-09 19:23 90624 ----a-w- c:\windows\system32\olepro32.dll
2016-11-09 19:23 . 2016-11-09 19:23 68608 ----a-w- c:\windows\system32\drivers\bowser.sys
2016-11-09 19:23 . 2016-11-09 19:23 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2016-11-09 19:23 . 2016-11-09 19:23 1027584 ----a-w- c:\windows\system32\IMJP10.IME
2016-11-09 19:23 . 2016-11-09 19:23 67584 ----a-w- c:\windows\system32\asycfilt.dll
2016-11-09 19:23 . 2016-11-09 19:23 829952 ----a-w- c:\windows\system32\msctf.dll
2016-11-09 19:23 . 2016-11-09 19:23 430080 ----a-w- c:\windows\system32\imkr80.ime
2016-11-09 19:23 . 2016-11-09 19:23 581632 ----a-w- c:\windows\system32\oleaut32.dll
2016-11-09 19:23 . 2016-11-09 19:23 84480 ----a-w- c:\windows\system32\INETRES.dll
2016-11-09 19:23 . 2016-11-09 19:23 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-11-09 19:23 . 2016-11-09 19:23 26112 ----a-w- c:\windows\system32\lpk.dll
2016-11-09 19:23 . 2016-11-09 19:23 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-11-09 19:23 . 2016-11-09 19:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-11-09 19:21 . 2016-11-09 19:22 935424 ----a-w- c:\windows\system32\diagtrack.dll
2016-10-30 11:05 . 2016-10-30 11:05 123904 ----a-w- c:\windows\system32\poqexec.exe
2016-10-11 23:24 . 2016-10-11 23:24 67816 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-10-11 23:24 . 2016-10-11 23:24 488448 ----a-w- c:\windows\system32\devinv.dll
2016-10-11 23:24 . 2016-10-11 23:24 478208 ----a-w- c:\windows\system32\generaltel.dll
2016-10-11 23:24 . 2016-10-11 23:24 184320 ----a-w- c:\windows\system32\aepic.dll
2016-10-11 23:24 . 2016-10-11 23:24 1406976 ----a-w- c:\windows\system32\appraiser.dll
2016-10-11 23:24 . 2016-10-11 23:24 107008 ----a-w- c:\windows\system32\acmigration.dll
2016-10-11 23:24 . 2016-10-11 23:24 1017856 ----a-w- c:\windows\system32\aeinv.dll
2016-10-11 23:24 . 2016-10-11 23:24 268800 ----a-w- c:\windows\system32\invagent.dll
2016-10-11 23:24 . 2016-10-11 23:24 213504 ----a-w- c:\windows\system32\centel.dll
2016-10-11 23:24 . 2016-10-11 23:24 3209216 ----a-w- c:\windows\system32\mf.dll
2016-10-11 23:24 . 2016-10-11 23:24 988160 ----a-w- c:\windows\system32\drmv2clt.dll
2016-10-11 23:24 . 2016-10-11 23:24 744960 ----a-w- c:\windows\system32\blackbox.dll
2016-10-11 23:23 . 2016-10-11 23:23 437248 ----a-w- c:\windows\system32\scavengeui.dll
2016-10-11 23:23 . 2016-10-11 23:23 1178112 ----a-w- c:\windows\system32\WsmSvc.dll
2016-10-11 23:23 . 2016-10-11 23:23 617984 ----a-w- c:\windows\system32\wmdrmsdk.dll
2016-10-11 23:23 . 2016-10-11 23:23 1329664 ----a-w- c:\windows\system32\quartz.dll
2016-10-11 23:23 . 2016-10-11 23:23 489984 ----a-w- c:\windows\system32\evr.dll
2016-10-11 23:23 . 2016-10-11 23:23 519680 ----a-w- c:\windows\system32\qdvd.dll
2016-10-11 23:23 . 2016-10-11 23:23 474624 ----a-w- c:\windows\system32\audiosrv.dll
2016-10-11 23:23 . 2016-10-11 23:23 442368 ----a-w- c:\windows\system32\AUDIOKSE.dll
2016-10-11 23:23 . 2016-10-11 23:23 406016 ----a-w- c:\windows\system32\drmmgrtn.dll
2016-10-11 23:23 . 2016-10-11 23:23 249344 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2016-10-11 23:23 . 2016-10-11 23:23 374784 ----a-w- c:\windows\system32\AudioEng.dll
2016-10-11 23:23 . 2016-10-11 23:23 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2016-10-11 23:23 . 2016-10-11 23:23 199168 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2016-10-11 23:23 . 2016-10-11 23:23 1005056 ----a-w- c:\windows\system32\cryptui.dll
2016-10-11 23:23 . 2016-10-11 23:23 593920 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2016-10-11 23:23 . 2016-10-11 23:23 354816 ----a-w- c:\windows\system32\mfplat.dll
2016-10-11 23:23 . 2016-10-11 23:23 78568 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2016-10-11 23:23 . 2016-10-11 23:23 275968 ----a-w- c:\windows\system32\EncDump.dll
2016-10-11 23:23 . 2016-10-11 23:23 195072 ----a-w- c:\windows\system32\AudioSes.dll
2016-10-11 23:23 . 2016-10-11 23:23 157184 ----a-w- c:\windows\system32\pcasvc.dll
2016-10-11 23:23 . 2016-10-11 23:23 146944 ----a-w- c:\windows\system32\WsmAuto.dll
2016-10-11 23:23 . 2016-10-11 23:23 1251328 ----a-w- c:\windows\system32\DWrite.dll
2016-10-11 23:23 . 2016-10-11 23:23 12574208 ----a-w- c:\windows\system32\wmploc.DLL
2016-10-11 23:23 . 2016-10-11 23:23 909824 ----a-w- c:\windows\system32\FntCache.dll
2016-10-11 23:23 . 2016-10-11 23:23 81408 ----a-w- c:\windows\system32\drivers\dfsc.sys
2016-10-11 23:23 . 2016-10-11 23:23 80896 ----a-w- c:\windows\system32\cryptsp.dll
2016-10-11 23:23 . 2016-10-11 23:23 103424 ----a-w- c:\windows\system32\mfps.dll
2016-10-11 23:23 . 2016-10-11 23:23 76800 ----a-w- c:\windows\system32\adsmsext.dll
2016-10-11 23:23 . 2016-10-11 23:23 117248 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-10-11 23:23 . 2016-10-11 23:23 100352 ----a-w- c:\windows\system32\audiodg.exe
2016-10-11 23:23 . 2016-10-11 23:23 504320 ----a-w- c:\windows\system32\msscp.dll
2016-10-11 23:23 . 2016-10-11 23:23 265216 ----a-w- c:\windows\system32\msnetobj.dll
2016-10-11 23:23 . 2016-10-11 23:23 23040 ----a-w- c:\windows\system32\mfpmp.exe
2016-10-11 23:23 . 2016-10-11 23:23 208896 ----a-w- c:\windows\system32\WebClnt.dll
2016-10-11 23:23 . 2016-10-11 23:23 28160 ----a-w- c:\windows\system32\pcadm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\uživatel\AppData\Local\FluxSoftware\Flux\flux.exe" [2016-09-06 1017224]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-05-13 6690008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2015-08-18 1278920]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 4045432]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-02 2776528]
"ZAM"="c:\users\uživatel\Desktop\Zemana AntiMalware\ZAM.exe" [2017-01-03 14073072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-10-06 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-05-13 17:43 6690008 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2016-12-08 08:35 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2016-07-15 15:46 164152 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2015-08-18 08:47 2585744 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2010-08-03 08:00 6043888 ----a-w- c:\program files\WebcamMax\WebcamMax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard32.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-01-29 327296]
R2 ZAMSvc;ZAM Controller Service;c:\users\uživatel\Desktop\Zemana AntiMalware\ZAM.exe [2017-01-03 14073072]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2015-08-31 24424]
R3 DFX12;DFX Audio Enhancer;c:\windows\system32\drivers\dfx12.sys [2015-11-12 26104]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-12-14 102912]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2017-01-06 39360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-01-06 219072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2015-10-08 243128]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-12-03 206472]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2016-12-03 156288]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-10-06 23840]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam32.sys [2017-01-03 181496]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2016-12-03 2167696]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2016-12-03 141448]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-08-18 915600]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-07 31776]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-01-02 3381200]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-08-18 1706128]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-08-18 19775632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-08-17 409776]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2000-01-01 27768]
S3 JMCF;JMCF;c:\windows\system32\DRIVERS\jmcf.sys [2000-01-01 68720]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-08-18 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2015-08-18 32912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 716504]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-10-22 1841272]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 03:25 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2017-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-07 06:06]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 10.116.100.65 10.116.100.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-01-06 18:58:55
ComboFix-quarantined-files.txt 2017-01-06 17:58
ComboFix2.txt 2017-01-05 22:55
ComboFix3.txt 2017-01-05 17:52
ComboFix4.txt 2017-01-04 19:46
.
Před spuštěním: Volných bajtů: 303 892 283 392
Po spuštění: Volných bajtů: 303 833 804 800
.
- - End Of File - - E4F29C78B4CD7F79771B69631B5FEBD8
A36C5E4F47E84449FF07ED3517B43A31

jarek865 · Příspěvekod **jarek865** » 06 led 2017 19:03

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:01:36, on 6.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\uživatel\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM\..\Run: [ZAM] "C:\Users\uživatel\Desktop\Zemana AntiMalware\ZAM.exe" /minimized
O4 - HKCU\..\Run: [f.lux] "C:\Users\uživatel\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Users\uživatel\Desktop\Zemana AntiMalware\ZAM.exe

--
End of file - 6927 bytes

jarek865 · Příspěvekod **jarek865** » 06 led 2017 19:21

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-01-06 19:10:32
-----------------------------
19:10:32.377 OS Version: Windows 6.1.7601 Service Pack 1
19:10:32.377 Number of processors: 2 586 0x170A
19:10:32.377 ComputerName: UŽIVATEL-PC UserName: uživatel
19:10:33.859 Initialize success
19:10:33.859 VM: initialized successfully
19:10:33.859 VM: Intel CPU supported
19:10:40.224 VM: supported disk I/O ataport.SYS
19:10:43.734 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:10:43.734 Disk 0 Vendor: WDC_WD20EFRX-68EUZN0 80.00A80 Size: 1907729MB BusType: 3
19:10:43.749 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
19:10:43.749 Disk 1 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
19:10:43.843 VM: Disk 1 MBR read successfully
19:10:43.843 Disk 1 MBR scan
19:10:43.859 Disk 1 Windows 7 default MBR code
19:10:43.859 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:10:43.859 Disk 1 Boot: NTFS code=1
19:10:43.874 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
19:10:43.874 Disk 1 scanning sectors +976771072
19:10:43.937 Disk 1 scanning C:\Windows\system32\drivers
19:10:50.847 Service scanning
19:10:53.780 Service ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys **LOCKED** 5
19:10:54.061 Service epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys **LOCKED** 5
19:11:04.685 Modules scanning
19:11:04.685 Disk 1 trace - called modules:
19:11:04.700 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
19:11:04.700 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x84ab2030]
19:11:04.716 3 CLASSPNP.SYS[8827259e] -> nt!IofCallDriver -> [0x849d4788]
19:11:04.716 5 ACPI.sys[880393d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x849b6610]
19:11:04.716 Disk 1 statistics 78041/0/274 @ 6,89 MB/s
19:11:04.716 Scan finished successfully
19:11:18.772 Disk 1 MBR has been saved successfully to "C:\Users\uživatel\Desktop\MBR.dat"
19:11:18.772 The log file has been saved successfully to "C:\Users\uživatel\Desktop\999 aswMBR.txt"

jarek865 · Příspěvekod **jarek865** » 06 led 2017 19:22

OTL logfile created on: 6.1.2017 19:12:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\uživatel\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18537)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 53,86% Memory free
4,00 Gb Paging File | 2,82 Gb Available in Paging File | 70,59% Paging File free
Paging file location(s): d:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 283,02 Gb Free Space | 60,78% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 918,05 Gb Free Space | 49,28% Space Free | Partition Type: NTFS
Drive G: | 582,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: UŽIVATEL-PC | User Name: uživatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\uživatel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Users\uživatel\Desktop\Zemana AntiMalware\ZAMShellExt32.dll ()
MOD - C:\Program Files\CCleaner\Lang\lang-1029.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()

========== Services (SafeList) ==========

SRV - (ZAMSvc) -- C:\Users\uživatel\Desktop\Zemana AntiMalware\ZAM.exe (Zemana Ltd.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (HPSupportSolutionsFrameworkService) -- C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc.)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (DiagTrack) -- C:\Windows\System32\diagtrack.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV - (NvNetworkService) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (GfExperienceService) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (VIAKaraokeService) -- C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.)

========== Driver Services (SafeList) ==========

DRV - (ZAM_Guard) -- C:\Windows\System32\drivers\zamguard32.sys File not found
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (CFRMD) -- system32\DRIVERS\CFRMD.sys File not found
DRV - (catchme) -- C:\Users\UIVATE~1\AppData\Local\Temp\catchme.sys File not found
DRV - (aswVmm) -- C:\Users\UIVATE~1\AppData\Local\Temp\aswVmm.sys File not found
DRV - (aswMBR) -- C:\Users\UIVATE~1\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MBAMProtection) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV - (ZAM) -- C:\Windows\System32\drivers\zam32.sys (Zemana Ltd.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
DRV - (DFX12) -- C:\Windows\System32\drivers\dfx12.sys (Windows (R) Win 7 DDK provider)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (HWiNFO32) -- C:\Windows\System32\drivers\HWiNFO32.SYS (REALiX(tm))
DRV - (DFX11_1) -- C:\Windows\System32\drivers\dfx11_1.sys (Windows (R) Win 7 DDK provider)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvvad_WaveExtensible) -- C:\Windows\System32\drivers\nvvad32v.sys (NVIDIA Corporation)
DRV - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (JMCF) -- C:\Windows\System32\drivers\jmcf.sys (JMicron Technology Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{A600EB27-B382-4905-B3D2-32DA7E19ECB9}: "URL" = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.60.2: C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2: C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016.12.08 09:35:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016.12.08 09:35:27 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5516.1005.0.3_0\

O1 HOSTS File: ([2017.01.05 23:53:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ZAM] C:\Users\uživatel\Desktop\Zemana AntiMalware\ZAM.exe (Zemana Ltd.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [f.lux] C:\Users\uživatel\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.116.100.65 10.116.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F89DE2F-DEDA-480C-B624-713D2C5F3098}: DhcpNameServer = 10.116.100.65 10.116.100.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2017.01.06 19:05:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\uživatel\Desktop\OTL.exe
[2017.01.06 19:05:31 | 005,200,384 | ---- | C] (AVAST Software) -- C:\Users\uživatel\Desktop\aswmbr.exe
[2017.01.06 18:58:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017.01.05 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\uživatel\Start Menu
[2017.01.05 18:35:01 | 002,853,048 | ---- | C] (COMODO) -- C:\ProgramData\cisC133.exe
[2017.01.04 20:33:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2017.01.04 20:33:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2017.01.04 20:33:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2017.01.04 20:29:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2017.01.04 20:28:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2017.01.04 20:05:29 | 000,000,000 | ---D | C] -- C:\EEK
[2017.01.04 20:00:58 | 005,659,315 | R--- | C] (Swearware) -- C:\Users\uživatel\Desktop\ComboFix.exe
[2017.01.03 22:05:32 | 000,181,496 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\zam32.sys
[2017.01.03 22:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[2017.01.03 22:05:29 | 000,000,000 | ---D | C] -- C:\Users\uživatel\Desktop\Zemana AntiMalware
[2017.01.03 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Zemana AntiMalware
[2017.01.03 21:57:38 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\Zemana
[2017.01.03 21:43:10 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2017.01.03 21:43:10 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\Temp
[2017.01.03 21:09:56 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2017.01.03 11:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2017.01.03 11:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2017.01.03 11:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2017.01.03 11:46:40 | 159,652,168 | ---- | C] (Sophos Limited) -- C:\Users\uživatel\Desktop\Sophos Virus Removal Tool.exe
[2017.01.02 11:43:38 | 000,087,496 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017.01.02 11:43:38 | 000,063,264 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017.01.02 11:43:31 | 000,039,360 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017.01.02 11:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017.01.02 11:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017.01.02 11:41:53 | 054,199,488 | ---- | C] (Malwarebytes ) -- C:\Users\uživatel\Desktop\mb3-setup-consumer-3.0.5.1299.exe
[2017.01.02 11:32:41 | 001,663,040 | ---- | C] (Malwarebytes) -- C:\Users\uživatel\Desktop\JRT.exe
[2017.01.02 10:05:06 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\CrashDumps
[2017.01.02 10:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
[2017.01.02 10:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\RogueKiller
[2017.01.02 10:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2017.01.02 09:58:51 | 034,211,496 | ---- | C] (Adlice Software ) -- C:\Users\uživatel\Desktop\setup.exe
[2017.01.02 09:30:10 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\uživatel\Desktop\HijackThis.exe
[2017.01.02 05:59:32 | 000,000,000 | ---D | C] -- C:\KVRT_Data
[2017.01.01 20:48:28 | 000,219,072 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2017.01.01 20:47:53 | 000,153,024 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2017.01.01 19:55:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017.01.01 18:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2017.01.01 15:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2017.01.01 15:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017.01.01 15:01:42 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\Crashpad
[2017.01.01 15:00:08 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\Seznam Browser
[2017.01.01 11:43:54 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2017.01.01 11:20:35 | 000,000,000 | ---D | C] -- C:\Users\uživatel\Documents\CardRecovery
[2016.12.26 12:06:51 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW Graphics
[2016.12.26 12:06:51 | 000,000,000 | ---D | C] -- C:\Graphics
[2016.12.26 12:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Shape Viewer
[2016.12.26 09:04:40 | 000,000,000 | ---D | C] -- C:\Users\uživatel\Reports
[2016.12.24 11:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2016.12.24 11:20:37 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\Nero
[2016.12.24 10:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2016.12.24 10:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2016.12.24 10:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2016.12.24 10:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2016.12.22 19:23:11 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2016.12.20 16:21:05 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\YoutubeSoft
[2016.12.20 16:21:05 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\YoutubeSoft
[2016.12.20 16:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeSoft
[2016.12.20 16:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTubeSoft
[2016.12.20 16:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\YouTubeSoft
[2016.12.20 15:42:28 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\YouTubeByClick
[2016.12.20 15:40:26 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\Downloaded Installations
[2016.12.20 15:29:18 | 000,000,000 | ---D | C] -- C:\Download
[2016.12.19 05:43:02 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\HP_Development_Company,_L
[2016.12.16 19:45:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2016.12.14 06:42:54 | 004,608,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2016.12.14 06:42:54 | 002,399,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2016.12.14 06:42:54 | 000,534,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2016.12.14 06:42:53 | 004,000,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2016.12.14 06:42:53 | 003,944,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2016.12.14 06:42:53 | 000,346,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2016.12.14 06:42:53 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2016.12.14 06:42:53 | 000,105,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2016.12.14 06:42:53 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2016.12.14 06:42:51 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll
[2016.12.14 06:42:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2016.12.14 06:42:50 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2016.12.14 06:42:49 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2016.12.14 06:42:49 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2016.12.14 06:42:49 | 000,693,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2016.12.14 06:42:48 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2016.12.14 06:42:48 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2016.12.14 06:42:48 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2016.12.14 06:42:47 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2016.12.14 06:42:46 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2016.12.14 06:42:45 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2016.12.14 06:42:45 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2016.12.14 06:42:45 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2016.12.14 06:42:45 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2016.12.14 06:42:44 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2016.12.14 06:42:43 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2016.12.14 06:42:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2016.12.14 06:42:42 | 000,689,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2016.12.14 06:42:42 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2016.12.14 06:42:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2016.12.14 06:42:42 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2016.12.14 06:42:42 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2016.12.14 06:42:42 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2016.12.14 06:42:42 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2016.12.14 06:42:42 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2016.12.14 06:42:42 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2016.12.14 06:42:42 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2016.12.14 06:42:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll
[2016.12.14 06:42:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2016.12.14 06:42:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2016.12.14 06:42:42 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2016.12.14 06:42:42 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2016.12.14 06:42:42 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2016.12.14 06:42:42 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2016.12.14 06:42:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2016.12.14 06:42:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2016.12.14 06:42:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2016.12.14 06:42:41 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2016.12.14 06:42:40 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2016.12.14 06:42:40 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2016.12.14 06:42:40 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2016.12.14 06:42:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2016.12.14 06:42:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2016.12.08 09:50:49 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\Hewlett-Packard
[2016.12.08 09:44:10 | 000,000,000 | ---D | C] -- C:\System.sav
[2016.12.08 09:43:04 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\hpqLog
[2016.12.08 09:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2016.12.08 09:38:02 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\HP
[2016.12.08 09:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2016.12.08 09:37:40 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\HP
[2016.12.08 09:35:37 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Roaming\HpUpdate
[2016.12.08 09:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2016.12.08 09:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2016.12.08 09:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2016.12.08 09:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2016.12.08 09:32:32 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l70w.dll
[2016.12.08 09:31:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2016.12.08 09:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2016.12.08 09:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2016.12.08 09:30:00 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2016.12.08 09:29:59 | 000,713,728 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hposwia_d02d.dll
[2016.12.08 09:29:59 | 000,589,824 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_d02d.dll
[2016.12.08 09:29:59 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2016.12.08 09:29:59 | 000,315,392 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_d02a.dll
[2016.12.08 09:25:13 | 000,000,000 | ---D | C] -- C:\Users\uživatel\AppData\Local\Hewlett-Packard
[2016.12.08 09:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2016.12.08 09:17:14 | 000,000,000 | R--D | C] -- C:\Users\uživatel\Documents\Scanned Documents
[2016.12.08 09:17:14 | 000,000,000 | ---D | C] -- C:\Users\uživatel\Documents\Fax

========== Files - Modified Within 30 Days ==========

[2017.01.06 19:11:41 | 000,618,232 | ---- | M] () -- C:\Windows\ZAM.krnl.trace
[2017.01.06 19:11:18 | 000,000,512 | ---- | M] () -- C:\Users\uživatel\Desktop\MBR.dat
[2017.01.06 19:06:09 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2017.01.06 19:04:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\uživatel\Desktop\OTL.exe
[2017.01.06 19:04:29 | 005,200,384 | ---- | M] (AVAST Software) -- C:\Users\uživatel\Desktop\aswmbr.exe
[2017.01.06 19:01:36 | 000,006,928 | ---- | M] () -- C:\Users\uživatel\Desktop\999hijackthis
[2017.01.06 10:31:29 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017.01.06 10:31:29 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017.01.06 08:38:35 | 000,039,360 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017.01.06 08:38:34 | 000,219,072 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2017.01.06 08:37:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017.01.05 23:53:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2017.01.05 21:06:28 | 000,024,688 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2017.01.05 18:34:50 | 000,132,284 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2017.01.05 18:34:50 | 000,093,134 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2017.01.04 20:21:57 | 000,001,037 | ---- | M] () -- C:\Users\uživatel\Desktop\start emergency kit scanner – zástupce.lnk
[2017.01.04 20:00:45 | 005,659,315 | R--- | M] (Swearware) -- C:\Users\uživatel\Desktop\ComboFix.exe
[2017.01.03 22:51:37 | 000,020,313 | ---- | M] () -- C:\Windows\ZAM_Guard.krnl.trace
[2017.01.03 22:05:32 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\zam32.sys
[2017.01.03 22:05:30 | 000,001,648 | ---- | M] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2017.01.03 21:53:21 | 000,087,496 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017.01.03 21:09:55 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2017.01.03 21:08:52 | 001,309,184 | ---- | M] () -- C:\Users\uživatel\Desktop\zoek.exe
[2017.01.03 12:52:28 | 000,063,264 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017.01.03 11:53:35 | 000,002,747 | ---- | M] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2017.01.03 11:49:14 | 159,652,168 | ---- | M] (Sophos Limited) -- C:\Users\uživatel\Desktop\Sophos Virus Removal Tool.exe
[2017.01.03 11:48:48 | 021,526,600 | ---- | M] () -- C:\Users\uživatel\Desktop\RogueKiller.exe
[2017.01.02 11:43:48 | 000,153,024 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2017.01.02 11:43:14 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.01.02 11:43:08 | 000,059,968 | ---- | M] () -- C:\Windows\System32\drivers\mbae.sys
[2017.01.02 11:42:40 | 054,199,488 | ---- | M] (Malwarebytes ) -- C:\Users\uživatel\Desktop\mb3-setup-consumer-3.0.5.1299.exe
[2017.01.02 11:32:43 | 001,663,040 | ---- | M] (Malwarebytes) -- C:\Users\uživatel\Desktop\JRT.exe
[2017.01.02 10:00:20 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\RogueKiller.lnk
[2017.01.02 09:59:21 | 034,211,496 | ---- | M] (Adlice Software ) -- C:\Users\uživatel\Desktop\setup.exe
[2017.01.02 09:30:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\uživatel\Desktop\HijackThis.exe
[2017.01.01 20:11:32 | 299,491,581 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2017.01.01 19:55:56 | 003,977,168 | ---- | M] () -- C:\Users\uživatel\Desktop\adwcleaner_6.041.exe
[2017.01.01 16:31:46 | 000,001,651 | ---- | M] () -- C:\Users\uživatel\Desktop\eu4 – zástupce.lnk
[2017.01.01 11:43:54 | 000,089,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2016.12.28 11:16:56 | 000,574,298 | ---- | M] () -- C:\Users\uživatel\Desktop\20161228_111656.jpg
[2016.12.26 09:42:16 | 000,000,000 | ---- | M] () -- C:\Users\uživatel\AppData\Roaming\FileOut.cns
[2016.12.26 09:42:16 | 000,000,000 | ---- | M] () -- C:\Users\uživatel\AppData\Roaming\FileIn.cns
[2016.12.26 09:05:03 | 002,977,792 | ---- | M] () -- C:\Users\uživatel\SView15.msi
[2016.12.26 09:04:41 | 000,001,664 | ---- | M] () -- C:\Users\uživatel\settings.bin
[2016.12.24 12:32:32 | 000,000,882 | ---- | M] () -- C:\Users\uživatel\Desktop\Microsoft Games – zástupce.lnk
[2016.12.24 10:03:40 | 000,000,698 | ---- | M] () -- C:\Users\uživatel\Desktop\Program Files – zástupce.lnk
[2016.12.24 09:48:59 | 000,000,359 | ---- | M] () -- C:\Users\uživatel\Desktop\Počítač – zástupce.lnk
[2016.12.24 07:43:29 | 000,000,778 | ---- | M] () -- C:\Users\uživatel\Desktop\BYT LEJSTRA – zástupce.lnk
[2016.12.22 18:10:43 | 000,112,474 | ---- | M] () -- C:\Users\uživatel\Documents\cc_20161222_181035.reg
[2016.12.21 07:14:30 | 000,030,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2016.12.21 07:14:30 | 000,019,434 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2016.12.18 13:53:20 | 000,000,981 | ---- | M] () -- C:\Users\uživatel\Desktop\openttd – zástupce.lnk
[2016.12.17 05:37:55 | 000,489,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2016.12.15 04:37:53 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016.12.14 20:06:13 | 000,001,515 | ---- | M] () -- C:\Users\uživatel\Desktop\Windows Media Player.lnk
[2016.12.14 07:06:36 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2016.12.14 07:06:36 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2016.12.14 06:42:55 | 004,608,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2016.12.14 06:42:54 | 002,399,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2016.12.14 06:42:54 | 000,534,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2016.12.14 06:42:53 | 004,000,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2016.12.14 06:42:53 | 003,944,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2016.12.14 06:42:53 | 000,346,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2016.12.14 06:42:53 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2016.12.14 06:42:53 | 000,105,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2016.12.14 06:42:53 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2016.12.14 06:42:51 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll

jarek865 · Příspěvekod **jarek865** » 06 led 2017 19:23

[2016.12.14 06:42:51 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2016.12.14 06:42:50 | 002,055,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2016.12.14 06:42:50 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2016.12.14 06:42:49 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2016.12.14 06:42:49 | 000,693,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2016.12.14 06:42:48 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2016.12.14 06:42:48 | 000,476,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2016.12.14 06:42:48 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2016.12.14 06:42:46 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2016.12.14 06:42:46 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2016.12.14 06:42:45 | 000,416,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2016.12.14 06:42:45 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2016.12.14 06:42:45 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2016.12.14 06:42:44 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2016.12.14 06:42:43 | 000,689,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2016.12.14 06:42:43 | 000,400,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2016.12.14 06:42:43 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2016.12.14 06:42:43 | 000,141,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2016.12.14 06:42:43 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2016.12.14 06:42:43 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2016.12.14 06:42:43 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2016.12.14 06:42:43 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2016.12.14 06:42:43 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2016.12.14 06:42:43 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2016.12.14 06:42:43 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2016.12.14 06:42:43 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2016.12.14 06:42:42 | 000,262,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2016.12.14 06:42:42 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2016.12.14 06:42:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll
[2016.12.14 06:42:42 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2016.12.14 06:42:42 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2016.12.14 06:42:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2016.12.14 06:42:42 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2016.12.14 06:42:42 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2016.12.14 06:42:42 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2016.12.14 06:42:42 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2016.12.14 06:42:40 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2016.12.14 06:42:40 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2016.12.14 06:42:40 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2016.12.14 06:42:40 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2016.12.14 06:42:40 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2016.12.08 09:37:41 | 000,227,956 | ---- | M] () -- C:\Windows\hpoins46.dat
[2016.12.08 09:32:36 | 000,372,736 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2016.12.08 09:32:33 | 000,452,408 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2016.12.08 09:32:32 | 000,123,904 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l70w.dll
[2016.12.08 09:32:28 | 000,713,728 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\hposwia_d02d.dll
[2016.12.08 09:32:28 | 000,589,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_d02d.dll
[2016.12.08 09:32:28 | 000,315,392 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_d02a.dll

========== Files Created - No Company Name ==========

[2017.01.06 19:11:18 | 000,000,512 | ---- | C] () -- C:\Users\uživatel\Desktop\MBR.dat
[2017.01.06 19:01:36 | 000,006,928 | ---- | C] () -- C:\Users\uživatel\Desktop\999hijackthis
[2017.01.04 20:33:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2017.01.04 20:33:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2017.01.04 20:33:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2017.01.04 20:33:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2017.01.04 20:33:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2017.01.04 20:21:57 | 000,001,037 | ---- | C] () -- C:\Users\uživatel\Desktop\start emergency kit scanner – zástupce.lnk
[2017.01.03 22:05:30 | 000,001,648 | ---- | C] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2017.01.03 21:58:13 | 000,618,232 | ---- | C] () -- C:\Windows\ZAM.krnl.trace
[2017.01.03 21:58:13 | 000,020,313 | ---- | C] () -- C:\Windows\ZAM_Guard.krnl.trace
[2017.01.03 21:43:11 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2017.01.03 21:08:43 | 001,309,184 | ---- | C] () -- C:\Users\uživatel\Desktop\zoek.exe
[2017.01.03 11:53:35 | 000,002,747 | ---- | C] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2017.01.03 11:47:51 | 021,526,600 | ---- | C] () -- C:\Users\uživatel\Desktop\RogueKiller.exe
[2017.01.02 11:43:14 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.01.02 11:43:08 | 000,059,968 | ---- | C] () -- C:\Windows\System32\drivers\mbae.sys
[2017.01.02 10:05:47 | 000,024,688 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2017.01.02 10:00:20 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\RogueKiller.lnk
[2017.01.01 20:30:05 | 003,977,168 | ---- | C] () -- C:\Users\uživatel\Desktop\adwcleaner_6.041.exe
[2017.01.01 20:00:00 | 299,491,581 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2017.01.01 16:31:46 | 000,001,651 | ---- | C] () -- C:\Users\uživatel\Desktop\eu4 – zástupce.lnk
[2016.12.28 11:17:32 | 000,574,298 | ---- | C] () -- C:\Users\uživatel\Desktop\20161228_111656.jpg
[2016.12.26 09:05:05 | 002,977,792 | ---- | C] () -- C:\Users\uživatel\SView15.msi
[2016.12.26 09:04:23 | 000,001,664 | ---- | C] () -- C:\Users\uživatel\settings.bin
[2016.12.24 12:32:32 | 000,000,882 | ---- | C] () -- C:\Users\uživatel\Desktop\Microsoft Games – zástupce.lnk
[2016.12.24 10:03:40 | 000,000,698 | ---- | C] () -- C:\Users\uživatel\Desktop\Program Files – zástupce.lnk
[2016.12.24 09:48:59 | 000,000,359 | ---- | C] () -- C:\Users\uživatel\Desktop\Počítač – zástupce.lnk
[2016.12.24 07:43:29 | 000,000,778 | ---- | C] () -- C:\Users\uživatel\Desktop\BYT LEJSTRA – zástupce.lnk
[2016.12.22 18:10:39 | 000,112,474 | ---- | C] () -- C:\Users\uživatel\Documents\cc_20161222_181035.reg
[2016.12.18 13:53:20 | 000,000,981 | ---- | C] () -- C:\Users\uživatel\Desktop\openttd – zástupce.lnk
[2016.12.14 20:06:13 | 000,001,515 | ---- | C] () -- C:\Users\uživatel\Desktop\Windows Media Player.lnk
[2016.12.08 09:30:25 | 000,227,956 | ---- | C] () -- C:\Windows\hpoins46.dat
[2016.12.08 09:30:25 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2016.06.07 10:27:37 | 000,007,626 | ---- | C] () -- C:\Users\uživatel\AppData\Local\resmon.resmoncfg
[2015.10.19 18:39:50 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2015.10.09 18:12:22 | 000,000,000 | ---- | C] () -- C:\Users\uživatel\AppData\Roaming\FileOut.cns
[2015.10.09 18:12:22 | 000,000,000 | ---- | C] () -- C:\Users\uživatel\AppData\Roaming\FileIn.cns
[2015.10.07 18:36:36 | 005,147,024 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2015.10.06 22:23:32 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2015.10.06 22:22:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.10.12 00:23:16 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2015.11.05 20:00:34 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Autodesk
[2015.10.07 19:43:39 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\AVG
[2017.01.01 18:55:56 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\DAEMON Tools Lite
[2016.12.16 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\foobar2000
[2016.10.03 18:50:59 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\GHISLER
[2016.01.09 20:47:53 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Machete
[2017.01.03 07:23:39 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\MPC-HC
[2015.10.15 20:26:37 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Opera Software
[2016.09.06 18:27:25 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\PDM
[2016.11.06 09:28:36 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Samsung
[2017.01.03 22:20:35 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\Seznam Browser
[2017.01.01 14:35:05 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\uTorrent
[2015.10.07 16:51:35 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\VitySoft
[2015.11.03 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\wargaming.net
[2015.11.16 09:01:51 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\WebcamMax
[2016.12.20 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\YouTubeByClick
[2016.12.20 16:21:05 | 000,000,000 | ---D | M] -- C:\Users\uživatel\AppData\Roaming\YoutubeSoft

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuwebv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wups2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wups.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wudriver.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wucltux.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuaueng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuauclt.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuapp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wu.upgrade.ps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmWmiPl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmRes.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wsmprovhost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wsmplpxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmAuto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSManMigrationPlugin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSManHTTPConfig.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmploc.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmdrmsdk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wintrust.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WinSetupUI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winload.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winipsec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wininet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\win32spl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\win32k.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\webio.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\webcheck.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WebClnt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wdigest.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wdfcoinstaller01009.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\vbscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\VB5DB.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\UtcResources.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\usp10.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\user32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\urlmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIAnimation.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\tzres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\tspkg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\tintlgnt.ime:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\sspisrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\sspicli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\srcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\srclient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\spwmp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\smss.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\schannel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\shell32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\setbcdlocale.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\secur32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\scavengeui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\rstrui.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\rrinstaller.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\rpchttp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\rpcrt4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\quick.ime:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\quartz.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\qintlgnt.ime:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\qdvd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\poqexec.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\polstore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\pintlgnt.ime:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\phon.ime:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\pcawrk.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\pcasvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\pcalua.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\pcaevts.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\pcadm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\olepro32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\oleaut32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\occache.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntoskrnl.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntkrnlpa.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntdll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nmwcdcocls.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nmwcdcls.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nlsbres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ncrypt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\MSVidCtl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msv1_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\MsSpellCheckingFacility.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msscp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msrating.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msobjs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msnetobj.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msmmsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msimsg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msihnd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msiexec.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtmlmedia.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtmled.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\MshtmlDac.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msfeeds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msdxm.ocx:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msctf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msaudite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfpmp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfplat.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mferror.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\lsass.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\lsasrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\lpk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\kerberos.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\jsproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\jscript9diag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\jscript9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\jscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\JavaScriptCollectionAgent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\IPSECSVC.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\invagent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\inseng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\input.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\INETRES.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\inetcpl.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\inetcomm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\imkr80.ime:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\IMJP10K.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\IMJP10.IME:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieUnatt.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iesetup.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iertutil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iernonce.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieframe.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieetwproxystub.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieetwcollectorres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieetwcollector.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iedkcs32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieapfltr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ie4uinit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\chajei.ime:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\hpzids01.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\hppldcoi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\hposwia_d02d.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\hpost_d02d.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\hposc_d02a.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\hpf3l70w.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\hlink.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\gpsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\gpscript.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\gpscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\gpprefcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\gpapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\generaltel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\gdi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\FwRemoteSvr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\fontsub.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\FntCache.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\FlashPlayerApp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ExplorerFrame.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\evr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\EncDump.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxtrans.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxtmsft.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxmasf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DWrite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drmv2clt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drmmgrtn.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbuhci.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbscan.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbport.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbohci.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbhub.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbehci.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbccgp.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srvnet.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srv2.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srv.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\PEAuth.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb20.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb10.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxdav.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mountmgr.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mbae.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ksecpkg.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ksecdd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\Dot4usb.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\Dot4Prt.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\Dot4.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\dfsc.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\cng.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ccdcmb.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\bowser.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\appid.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dns-sd.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\diagtrack.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\devinv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dciman32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\davclnt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\csrsrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptnet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptbase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\crypt32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\credssp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\consent.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\CompatTelRunner.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\clfs.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cintlgnt.ime:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\centel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ccdcmbwu.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\blackbox.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\bcryptprimitives.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\bcrypt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\bcdedit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\authui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\auditpol.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\audiosrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\AudioSes.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\AUDIOKSE.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\AudioEng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\audiodg.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atmlib.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atmfd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\asycfilt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\appraiser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\appinfo.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\appidsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\appidpolicyconverter.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\appidcertstorecheck.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\appidapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\apisetschema.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\aepic.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\aeinv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\advapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\adtschema.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\adsmsext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\acmigration.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\explorer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\uživatel\Desktop\Zemana AntiMalware\ZAM.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\uživatel\Desktop\Sophos Virus Removal Tool.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\uživatel\Desktop\setup.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\uživatel\Desktop\RogueKiller.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\uživatel\Desktop\mb3-setup-consumer-3.0.5.1299.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\uživatel\Desktop\JRT.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\uživatel\Desktop\HijackThis.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\uživatel\Desktop\ComboFix.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\uživatel\Desktop\adwcleaner_6.041.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\uživatel\AppData\Local\FluxSoftware\Flux\flux.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\ProgramData\cisC133.exe:$CmdTcID
@Alternate Data Stream - 26 bytes -> C:\Users\uživatel\Desktop\zoek.exe:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\uživatel\Desktop\Sophos Virus Removal Tool.exe:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\uživatel\Desktop\setup.exe:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\uživatel\Desktop\RogueKiller.exe:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\uživatel\Desktop\mb3-setup-consumer-3.0.5.1299.exe:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\uživatel\Desktop\JRT.exe:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\uživatel\Desktop\HijackThis.exe:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\uživatel\Desktop\ComboFix.exe:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\uživatel\Desktop\adwcleaner_6.041.exe:$CmdZnID

< End of report >

jarek865 · Příspěvekod **jarek865** » 06 led 2017 19:23

OTL Extras logfile created on: 6.1.2017 19:12:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\uživatel\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18537)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 53,86% Memory free
4,00 Gb Paging File | 2,82 Gb Available in Paging File | 70,59% Paging File free
Paging file location(s): d:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 283,02 Gb Free Space | 60,78% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 918,05 Gb Free Space | 49,28% Space Free | Partition Type: NTFS
Drive G: | 582,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: UŽIVATEL-PC | User Name: uživatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03934622-B193-41CA-982E-80FD83B254F7}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{0A3E7B9B-3665-4F63-8961-0529F10139F9}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{105AB0D8-C7F7-46BA-84BB-7E2868BB9FD9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1539DAE4-7FA8-4AC7-A2EA-7F186A0090AE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AACD410-5219-4D47-8300-8E3A80F4223A}" = lport=138 | protocol=17 | dir=in | app=system |
"{20D01B56-71FF-445A-AF2D-383B8376E8E9}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B2589EB-4B55-45BF-9F34-037992C48EC7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{334BE864-F1E2-44B2-80C7-F411B0DC95BD}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{34D34B02-1F35-4ECB-A74B-5EE1780993AE}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{380BB764-2853-4477-82B4-9029E30FB3BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{43FA5E39-633E-4D04-9E64-F5FDAEE8680A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{473A91FF-E9F8-4BF4-B411-A37D8E4D105D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47BE46F4-92CC-427D-A4B7-93354338D4F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A777AC2-B476-42D0-AB9B-7F386234FC90}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{5D994A36-16B2-4F85-B2C6-DBEB64886A6A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{601C6A96-7C94-46DC-BF71-B81C7F140AC8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{61158085-B279-4BE1-B24C-30360E30866A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{750BD759-D203-476F-98A8-885BB91B5CE3}" = rport=138 | protocol=17 | dir=out | app=system |
"{7ADCE9B9-1346-40AA-9517-C05466CAF181}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{7D212EEA-C67E-4DC2-A999-81E487A60519}" = lport=139 | protocol=6 | dir=in | app=system |
"{861ED579-FC35-4D60-A538-F28653D6092D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{86943AE0-C6FE-49F1-80D3-826ED23C1AE8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A145E071-4170-4C9F-B081-33C112C32A16}" = rport=139 | protocol=6 | dir=out | app=system |
"{B70AE3B3-E48F-4D14-A01B-E4E459FA3EE4}" = rport=445 | protocol=6 | dir=out | app=system |
"{BC09C61D-94F6-41B2-8191-D765382F3290}" = lport=137 | protocol=17 | dir=in | app=system |
"{CDFDADD2-F21E-41EB-A33A-4221BA1ED723}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E693A2EB-F12F-41F4-B5FE-C0D0C57D349D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EE05B653-EA45-4CC4-BF17-DBEE7082ADFE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EE1CA2D4-58C8-48AF-AAC7-ACDA7FA36F53}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006AB279-1000-4429-AE07-E988C441FCB0}" = dir=out | app=d:\game\world_of_warplanes\wowplauncher.exe |
"{058C4998-2A46-4083-963E-3A788FD854A5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{07A03D25-A8DD-4E44-9A37-107196198A29}" = dir=in | app=d:\game\world_of_warplanes\wowplauncher.exe |
"{0E1D2096-6C9B-468B-B110-5BAB840BFE84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1E30313E-CF28-470B-8F0B-97D86B3DB3B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{214FCF29-A1FF-4FC4-96B3-A5CE295C8918}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{2328740A-5107-43C8-96FA-FFE5AE2A216A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{239398E0-8779-4F2D-97BB-D29622381CBC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{48CD80C8-CC95-4E18-9BC9-30D3BF1CC839}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{55D3F9F2-EBFB-4385-83E7-021C5AC98525}" = dir=out | app=d:\game\world_of_warplanes\worldofwarplanes.exe |
"{60C7E73D-C670-46D7-B7C9-FC95BCBBEC79}" = protocol=6 | dir=out | app=system |
"{65B62966-18B9-4BC8-8EEE-0806BAEB99BF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{6C3E5909-EC2B-49DD-99EF-13319D841D56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72C01E52-D67D-45E3-ABE6-48387EA984EB}" = dir=out | app=d:\game\world of warships\worldofwarships.exe |
"{7977E573-BF31-4611-A082-C467DD1BBDE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CA4C5E6-D22E-4528-8681-52842619EB00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D789FCC-4E7F-4AAA-B651-BAB4B13767AA}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8344CD47-25C1-4923-A1D3-2DACF44C0B39}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8D0C5D4F-625A-46FD-8A78-F95766FC8060}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8E0295AE-7DD0-4E0D-BE44-B37CD81F4640}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8F5BF701-EF47-45C3-A635-64F99FC1B5BB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{8FDBD9BC-9D35-4DCF-9CF6-66FB529ED837}" = protocol=6 | dir=in | app=c:\users\uživatel\appdata\roaming\utorrent\utorrent.exe |
"{990F35DD-789A-45DF-83AB-81BBAF3C05A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{99833B2F-503C-4501-B6B4-4BDFBFD7D077}" = dir=in | app=d:\game\world of warships\worldofwarships.exe |
"{9C97DB12-F2CD-4C0B-82E8-2451AB969ED0}" = dir=in | app=d:\game\world of warships\wowslauncher.exe |
"{A5F05E55-6706-410D-9E2A-8F2E28792BD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADAF21C6-C77E-435E-96B2-7AB7E80E0DE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{B4C3603D-5F17-4986-B8F1-963CCE8A2D1A}" = protocol=17 | dir=in | app=c:\users\uživatel\appdata\roaming\utorrent\utorrent.exe |
"{B8299D1C-0448-44DA-83A8-E10087A9ACC5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{BC240CEF-3906-438B-8A78-C8268693E083}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C06D5403-6F70-4796-95EA-1626C739A9BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2535D8B-4FFD-4799-A8A8-380080E6A1B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C497E683-FED4-4FB2-9A4B-E25484A0CD6F}" = dir=out | app=d:\game\world of warships\wowslauncher.exe |
"{C7C2A2A3-95EA-4DF4-A44C-223F03B3ABB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCCCE2C5-62B2-4426-85AA-7899D2970C9F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D51F7180-5887-495C-91D8-8C3CC9FCD213}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DA0A855D-2DFF-451A-8509-DE36049E8C01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DEB49DD6-6B88-4466-8B48-B51B94B307D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{E2824C13-A452-4BA3-A5BC-A3D454E26432}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E85EA956-BFBF-4238-83F9-8210082024CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EADAB258-1835-4CE2-A312-15137F0E9603}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EC402B5F-ACEF-410A-A86A-A5E9BF0ECADB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{ED01DA08-D9A5-4B51-883B-FE7AE9336569}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F33B0DE2-EFFE-41E0-A1EB-3FB2BAA83EF7}" = dir=in | app=d:\game\world_of_warplanes\worldofwarplanes.exe |
"{FA4ECCC6-72A3-4A43-8FEE-3918EDDBD75F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FA6201F6-092C-4F28-B927-AEA6A86AB85B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FD4F101D-C404-4631-BC7D-5BDBD6D5E4E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{FF240EDD-C9B3-4425-8EBC-2490F8AD24C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0ED19360-B856-474A-A018-EBE8D70064DA}C:\program files\java\jre1.8.0_60\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_60\bin\javaw.exe |
"TCP Query User{25BD803A-B173-47FB-94F9-1F3A819601F2}C:\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\warthunder\aces.exe |
"TCP Query User{BB0ACDBB-3ECA-4CCC-A215-9F083D68327B}C:\warthunder\launcher.exe" = protocol=6 | dir=in | app=c:\warthunder\launcher.exe |
"UDP Query User{210FFAE5-C894-4DED-B332-3324AF355A20}C:\warthunder\launcher.exe" = protocol=17 | dir=in | app=c:\warthunder\launcher.exe |
"UDP Query User{BC31DB53-6893-4685-92E4-58E6894EA506}C:\program files\java\jre1.8.0_60\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_60\bin\javaw.exe |
"UDP Query User{D0EDFD2C-B9DE-4B31-9F0F-42D8225F862B}C:\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\warthunder\aces.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{09677503-9221-4AC1-8CFC-FFEA2EBE4C23}" = Europa Universalis III Complete
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}" = Apple Mobile Device Support
"{1E9F92B4-91E8-48F0-90E7-3FB9841E44F0}" = Machete 4.4
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{236FBCAF-B282-4de6-ADA1-359E3E851B6E}" = JMicron JMB368 CF Host Controller Driver
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{26356515-5821-40FA-9C3D-9785052A1062}" = Podpora aplikací Apple (32bitová)
"{26A24AE4-039D-4CA4-87B4-2F83218060F0}" = Java 8 Update 60
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30500C7C-2206-3DC6-9792-96E95A04669D}" = Microsoft .NET Framework 4.6.1
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes verze 3.0.5.1299
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update
"{5783F2D7-8001-0405-0002-0060B0CE6BBA}" = AutoCAD 2010 - česky
"{5783F2D7-8001-0405-1002-0060B0CE6BBA}" = Jazykový balíček aplikace AutoCAD 2010 - čeština
"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.7.00819
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7C14EFF4-6BD4-4398-AF8D-41F40F8D71F1}" = iTunes
"{7C3170E8-E61A-41D9-8547-8E96445EA510}" = HP Support Solutions Framework
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B1DF0B1-6110-40AF-83CA-25C0288C0239}" = GeekBuddy
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1" = Zemana AntiMalware
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.6.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{97f2de60-b49d-4bf4-87d7-b6928b5db73b}" = Nero 9 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}" = Google Earth
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-0804-1033-1959-001824205020}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1029-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Czech
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 341.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 341.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 341.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.2.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 17.12.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 17.12.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BA820560-7F85-49EE-B70F-CF678F8936C1}_is1" = Cossacks - European Wars
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C7F00B1A-7FF2-475C-A1B9-E829D18E27EC}" = ESET NOD32 Antivirus
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D168AAD0-6686-47C1-B599-CDD4888B9D1A}" = Bonjour
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D66F7037-4BD8-4D35-8D11-F3AE5A20B561}" = YouTube Playlist Downloader
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9727CBE-5BEF-487F-ABF0-2215C7274A35}" = Stronghold Crusader
"{ED8BB1CA-535A-408D-85C9-ED1986D2B85E}" = Palm Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4C709E1-76EC-3A6B-A015-38AEB35CAED0}" = Microsoft .NET Framework 4.6.1 (CSY)
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.21
"8B3D7924-ED89-486B-8322-E8594065D5CB_is1" = RogueKiller verze 12.8.5.0
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 24 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 24 NPAPI
"AutoCAD 2010 - česky" = AutoCAD 2010 - česky
"Blitzkrieg" = Blitzkrieg
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2014-07-13
"ConBuilder" = ConBuilder
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Europa 1400 - The Guild Update 1.05 Beta 3" = Europa 1400 - The Guild Update 1.05 Beta 3
"foobar2000" = foobar2000 v1.3.8
"FormatFactory" = FormatFactory 3.3.4.0
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HWiNFO32_is1" = HWiNFO32 Version 5.04
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"MSTS Activity Mover_is1" = MSTS Activity Mover, 1.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 34.0.2036.25" = Opera Stable 34.0.2036.25
"Recuva" = Recuva
"Shop for HP Supplies" = Shop for HP Supplies
"SimCity 2000 Special Edition_is1" = SimCity 2000 Special Edition
"SimCity 3000" = SimCity 3000
"Strategic Command 2 Blitzkrieg_is1" = Strategic Command 2 Blitzkrieg
"Strategic Command European Theater_is1" = Strategic Command European Theater
"Strategic Command WWII Pacific Theater_is1" = Strategic Command WWII Pacific Theater
"Strategic Command_is1" = Strategic Command - European Theater v1.07
"Totalcmd" = Total Commander (Remove or Repair)
"Train Simulator 1.0" = Microsoft Train Simulator
"Trať Bratislava-Brno-Praha pro MSTS_is1" = Trať Bratislava-Brno-Praha pro MSTS verze BP86.02-T9-12.4.2011
"TuxGuitar_0" = TuxGuitar 1.2
"Video Rotator_is1" = Video Rotator V1.0
"VLC media player" = VLC media player
"WebcamMax" = WebcamMax
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813eu}_is1" = World of Warplanes
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1" = World of Warships
"Flux" = f.lux
"Seznam Browser" = Prohlížeč Seznam.cz

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6.7.2016 0:02:19 | Computer Name = uživatel-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 6.7.2016 0:02:19 | Computer Name = uživatel-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 6.7.2016 0:02:19 | Computer Name = uživatel-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 7.7.2016 2:18:36 | Computer Name = uživatel-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 7.7.2016 2:18:36 | Computer Name = uživatel-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 10.7.2016 14:14:29 | Computer Name = uživatel-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: explorer.exe, verze: 6.1.7601.23418, časové
razítko: 0x570896a1 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x0024f468 ID chybujícího procesu:
0x608 Čas spuštění chybující aplikace: 0x01d1dad6df88e297 Cesta k chybující aplikaci:
C:\Windows\explorer.exe Cesta k chybujícímu modulu: unknown ID zprávy: 23ecadcf-46ca-11e6-8015-002354521aa5

Error - 18.7.2016 9:10:33 | Computer Name = uživatel-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: jucheck.exe, verze: 2.8.60.27, časové razítko:
0x55c116b1 Název chybujícího modulu: jucheck.exe, verze: 2.8.60.27, časové razítko:
0x55c116b1 Kód výjimky: 0x40000015 Posun chyby: 0x00052d24 ID chybujícího procesu:
0x3ac Čas spuštění chybující aplikace: 0x01d1e0f5c3a425eb Cesta k chybující aplikaci:
C:\Program Files\Common Files\Java\Java Update\jucheck.exe Cesta k chybujícímu modulu:
C:\Program Files\Common Files\Java\Java Update\jucheck.exe ID zprávy: 02333485-4ce9-11e6-a425-002354521aa5

Error - 28.7.2016 22:32:41 | Computer Name = uživatel-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 28.7.2016 22:32:42 | Computer Name = uživatel-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 28.7.2016 22:32:42 | Computer Name = uživatel-PC | Source = NvStreamSvc | ID = 133073
Description =

[ System Events ]
Error - 5.1.2017 18:42:32 | Computer Name = uživatel-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: CFRMD

Error - 5.1.2017 18:43:23 | Computer Name = uživatel-PC | Source = Service Control Manager | ID = 7034
Description = Služba ZAM Controller Service byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 5.1.2017 18:46:21 | Computer Name = uživatel-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 5.1.2017 18:50:26 | Computer Name = uživatel-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 5.1.2017 18:53:41 | Computer Name = uživatel-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 6.1.2017 3:38:21 | Computer Name = uživatel-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: CFRMD

Error - 6.1.2017 13:48:24 | Computer Name = uživatel-PC | Source = Service Control Manager | ID = 7034
Description = Služba ZAM Controller Service byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 6.1.2017 13:50:21 | Computer Name = uživatel-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 6.1.2017 13:54:07 | Computer Name = uživatel-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 6.1.2017 13:57:14 | Computer Name = uživatel-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

< End of report >

Příspěvekod **jaro3** » 06 led 2017 22:15

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV - (ZAM_Guard) -- C:\Windows\System32\drivers\zamguard32.sys File not found
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (CFRMD) -- system32\DRIVERS\CFRMD.sys File not found
DRV - (catchme) -- C:\Users\UIVATE~1\AppData\Local\Temp\catchme.sys File not found
DRV - (aswVmm) -- C:\Users\UIVATE~1\AppData\Local\Temp\aswVmm.sys File not found
DRV - (aswMBR) -- C:\Users\UIVATE~1\AppData\Local\Temp\aswMBR.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{A600EB27-B382-4905-B3D2-32DA7E19ECB9}: "URL" = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
CHR - Extension: No name found = C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5516.1005.0.3_0\
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.10.12 00:23:16 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

:Files
C:\WINDOWS\System32\*.tmp 
C:\WINDOWS\*.tmp 
C:\WINDOWS\system32\*.tmp.dll 
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp
C:\ProgramData\cisC133.exe
C:\Users\uživatel\AppData\Roaming\AVG

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

tam nepořádek v antivirech , NOd32 , CIS , AVG..

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Users\uživatel\SView15.msi
C:\Windows\EReg072.dat

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

použij:
Chrome Cleanup Tool
https://www.google.com/chrome/cleanup-tool/

vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Re: vyskokovací okno famousaactors

Kdo je online