neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Příspěvekod **jaro3** » 21 zář 2015 09:00

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Reklama

petrnavra · Příspěvekod **petrnavra** » 21 zář 2015 10:38

RogueKiller V10.10.5.0 (x64) [Sep 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8 (6.2.9200) 64 bits version
Spuštěno : Normální režim
Uživatel : Petr [Práva správce]
Started from : C:\Users\Petr\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 09/21/2015 10:37:02

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wdii (System32\drivers\nrpnpjic.sys) -> Smazáno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.211.45.3 212.96.160.7 ([CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.211.45.3 212.96.160.7 ([CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{07D27F10-D303-4F87-9CD1-40A8846AB018} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6F5574DD-3951-4458-BCBC-A95D4C7AA2E2} | DhcpNameServer : 213.211.45.3 212.96.160.7 ([CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{07D27F10-D303-4F87-9CD1-40A8846AB018} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6F5574DD-3951-4458-BCBC-A95D4C7AA2E2} | DhcpNameServer : 213.211.45.3 212.96.160.7 ([CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()

¤¤¤ Úlohy : 5 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\9sIUttZbtc48zSoNayUowFhYY.job -- C:\Users\Petr\AppData\Roaming\9sIUttZbtc48zSoNayUowFhYY.exe (--c=jcBPO5W4RaLeC+MzXO3BXS/R6sRORpXpVOK89q0T5SEe+MZN2cO70tkH/JT+u166YwnDCOrIr/+5bJ5aA0lGL4wKnTe4qWScCLfKg/gidP/mlMTOamOqlB4s7CCrEoEeP1HbZpxgRcwWOBWF0YliPR1XANcuyG2N+wNRhc9VxpNTEuV6FD+LZ6ekP0cBQD6lgMUAL4WloTWBsF5Ygeww9lxBUcaBXO/4lFuwYMqv6P+Ha1jFtiaXLr8fm7M7cX17fLezzubN/uJhTd61KV2va6qbAZS4A8eSa2p9qzpm/rROgEBH+6ktHh4Apd6m1UDf/nBFsdM8rl2CvaZo034Bdw==) -> Smazáno
[Suspicious.Path] %WINDIR%\Tasks\hrexWxS1mZm2uHVaJrMQPhPZh2.job -- C:\Users\Petr\AppData\Roaming\hrexWxS1mZm2uHVaJrMQPhPZh2.exe (--c=MZL6YwXqaEoyDT0yHw9DXv7rO8pHpuAxWtmh0fNnJ0E4CcTuX5za06OtUUnZrkG6v+JdCL3OUyST+biaCwKjbWXExHvP9fRWNXXsimy8M1T5IDTSwdvC6PYtNN1H4cxy2oLolRxZS0ud/RO9JKZhKSr3CVY7lDgsd3DNTZu4Jl2cwXWLRZws5Gv9aefKBHEblAJbuKOt4AG5LaQIDEjN90M2sMvMrnxKrwe8c4d+LL92R3yVdg59SiAkyT/JtN4tLGYQqSUffGlG88ZVpLuXaWZc+wNGWRy69t2U3T661lg6Q/pGDEQDgiD+3+zKdq8yXnRqQAneMGZZHNK8Blfynw==) -> Smazáno
[Suspicious.Path] \9sIUttZbtc48zSoNayUowFhYY -- C:\Users\Petr\AppData\Roaming\9sIUttZbtc48zSoNayUowFhYY.exe (--c=jcBPO5W4RaLeC+MzXO3BXS/R6sRORpXpVOK89q0T5SEe+MZN2cO70tkH/JT+u166YwnDCOrIr/+5bJ5aA0lGL4wKnTe4qWScCLfKg/gidP/mlMTOamOqlB4s7CCrEoEeP1HbZpxgRcwWOBWF0YliPR1XANcuyG2N+wNRhc9VxpNTEuV6FD+LZ6ekP0cBQD6lgMUAL4WloTWBsF5Ygeww9lxBUcaBXO/4lFuwYMqv6P+Ha1jFtiaXLr8fm7M7cX17fLezzubN/uJhTd61KV2va6qbAZS4A8eSa2p9qzpm/rROgEBH+6ktHh4Apd6m1UDf/nBFsdM8rl2CvaZo034Bdw==) -> Smazáno
[Suspicious.Path] \hrexWxS1mZm2uHVaJrMQPhPZh2 -- C:\Users\Petr\AppData\Roaming\hrexWxS1mZm2uHVaJrMQPhPZh2.exe (--c=MZL6YwXqaEoyDT0yHw9DXv7rO8pHpuAxWtmh0fNnJ0E4CcTuX5za06OtUUnZrkG6v+JdCL3OUyST+biaCwKjbWXExHvP9fRWNXXsimy8M1T5IDTSwdvC6PYtNN1H4cxy2oLolRxZS0ud/RO9JKZhKSr3CVY7lDgsd3DNTZu4Jl2cwXWLRZws5Gv9aefKBHEblAJbuKOt4AG5LaQIDEjN90M2sMvMrnxKrwe8c4d+LL92R3yVdg59SiAkyT/JtN4tLGYQqSUffGlG88ZVpLuXaWZc+wNGWRy69t2U3T661lg6Q/pGDEQDgiD+3+zKdq8yXnRqQAneMGZZHNK8Blfynw==) -> ERROR [0]
[Suspicious.Path] \psv_zwoa11ll -- cmd.exe (/c regedit.exe /s "C:\ProgramData\Saophase\knu4esv5.vus.reg" & del "C:\ProgramData\Saophase\knu4esv5.vus.reg" & SCHTASKS /Delete /TN "psv_zwoa11ll" /F) -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\storport.sys - IRP_MJ_CREATE[0] : Unknown @ 0x418c549600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\storport.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x418c549600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\storport.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x418c549600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\storport.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x418c549600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\storport.sys - IRP_MJ_POWER[22] : Unknown @ 0x418c549600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\storport.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x418c549600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\storport.sys - IRP_MJ_PNP[27] : Unknown @ 0x418c549600000000

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD103SI SCSI Disk Device +++++
--- User ---
[MBR] b1f7d6ea2fb5b78abecb5cb9c9a91272
[BSP] 8004430ad8ba76467bf17119ac7b2bae : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 253517 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 519921664 | Size: 699999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )

petrnavra · Příspěvekod **petrnavra** » 21 zář 2015 11:07

Zoek.exe v5.0.0.0 Updated 21-09-2015
Tool run by Petr on po 21. 09. 2015 at 10:39:04,57.
Microsoft Windows 8 Pro 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Petr\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21. 9. 2015 10:40:13 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\044ac850-89dc-4e0f-ae71-926999ab476c deleted successfully
C:\PROGRA~2\31454a64-4584-414e-aa57-81b4b2ed0940 deleted successfully
C:\PROGRA~2\697ee8b4-26f2-4620-9d17-d4b89952b2ca deleted successfully
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Nokia deleted successfully
C:\PROGRA~2\Seznam.cz deleted successfully
C:\Users\Default\AppData\Roaming\Apple Computer deleted successfully
C:\Users\Petr\AppData\Roaming\Nokia deleted successfully
C:\Users\Petr\AppData\Roaming\Nokia Suite deleted successfully
C:\Users\Petr\AppData\Roaming\Opera Software deleted successfully
C:\Users\Petr\AppData\Roaming\Spyware Terminator deleted successfully
C:\Users\Petr\AppData\Local\Opera Software deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4087970696-2359579625-4084102647-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\044ac850-89dc-4e0f-ae71-926999ab476c not found
C:\PROGRA~2\31454a64-4584-414e-aa57-81b4b2ed0940 not found
C:\PROGRA~2\697ee8b4-26f2-4620-9d17-d4b89952b2ca not found
C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\Nokia not found
C:\PROGRA~2\Seznam.cz not found
C:\PROGRA~2\RocketDock deleted
C:\PROGRA~2\Alawar.cs deleted
C:\PROGRA~2\Splashtop deleted
C:\task.vbs deleted
C:\Users\Petr\AppData\Roaming\SIMLORDON.MTBF.txt deleted
C:\Users\Petr\AppData\Roaming\__AvidCloudManager.log deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Petr\AppData\Local\donelectronics.exe deleted
C:\Users\Petr\AppData\Local\donelectronics.exe.config deleted
"C:\Users\Petr\AppData\Roaming\9sIUttZbtc48zSoNayUowFhYY" deleted
"C:\Users\Petr\AppData\Roaming\hrexWxS1mZm2uHVaJrMQPhPZh2" deleted

==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

BIODIGITAL HUMAN - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak
HD for YouTube™ - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf
Angry Birds - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
GooNow - Voice Search - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bniejnipfeaoocpolpocebkkklagoobh
AdBlock - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Voice Recognition - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn
PT - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke
Until AM Web App - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk
Google Play - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi
Google Drive App Launcher - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
3D Solar System Web - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd
AdBlock - Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Drive App Launcher - Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Shop and Save Up - Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ablgnpngfaaficpckehadaljnjgjkhbi
GoHD - Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk
Voice Recognition - Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn
Google Play - Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi
Webcam Toy - Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lfbgimoladefibpklnfmkpknadbklade
Google Drive App Launcher - Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Send from Gmail (by Google) - Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc

==== Chromium Fix ======================

C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\http_search.safefinder.com_0.localstorage deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\http_search.safefinder.com_0.localstorage-journal deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\http_www.mystartsearch.com_0.localstorage deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\http_www.mystartsearch.com_0.localstorage-journal deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ablgnpngfaaficpckehadaljnjgjkhbi deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\chrome-extension_ablgnpngfaaficpckehadaljnjgjkhbi_0.localstorage deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\chrome-extension_ablgnpngfaaficpckehadaljnjgjkhbi_0.localstorage-journal deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\databases\chrome-extension_ablgnpngfaaficpckehadaljnjgjkhbi_0 deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Local Extension Settings\ablgnpngfaaficpckehadaljnjgjkhbi deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\chrome-extension_fijhlnmmmgflacagjecncpmpnhjieggk_0.localstorage deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\chrome-extension_fijhlnmmmgflacagjecncpmpnhjieggk_0.localstorage-journal deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\databases\chrome-extension_fijhlnmmmgflacagjecncpmpnhjieggk_0 deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Local Extension Settings\fijhlnmmmgflacagjecncpmpnhjieggk deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{F4998B04-5702-4230-9936-18AC705CC607} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194"

==== Reset Google Chrome ======================

C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences~RF109415f6.TMP was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2040 folders=252 682911695 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Petr\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Petr\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 21. 09. 2015 at 11:03:11,59 ======================

petrnavra · Příspěvekod **petrnavra** » 21 zář 2015 12:55

ComboFix 15-09-21.01 - Petr . 09. 2015 11:09:49.1.4 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.4096.2958 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Feed Notifier\notifier.exe
c:\users\Petr\AppData\Local\Temp\_MEI42722\_ctypes.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\_elementtree.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\_hashlib.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\_multiprocessing.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\_psutil_windows.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\_socket.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\_ssl.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\_yappi.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\common.time34.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\hashobjs_ext.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\pyexpat.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\pysqlite2._sqlite.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\python27.dll
c:\users\Petr\AppData\Local\Temp\_MEI42722\pythoncom27.dll
c:\users\Petr\AppData\Local\Temp\_MEI42722\PyWinTypes27.dll
c:\users\Petr\AppData\Local\Temp\_MEI42722\select.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\unicodedata.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\usb_ext.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32api.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32com.shell.shell.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32crypt.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32event.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32file.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32gui.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32inet.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32pdh.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32pipe.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32process.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32profile.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32security.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\win32ts.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\windows._lib_cacheinvalidation.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\wx._animate.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\wx._controls_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\wx._core_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\wx._gdi_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\wx._html2.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\wx._misc_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\wx._windows_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\wx._wizard.pyd
c:\users\Petr\AppData\Local\Temp\_MEI42722\wxbase30u_net_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI42722\wxbase30u_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI42722\wxmsw30u_adv_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI42722\wxmsw30u_core_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI42722\wxmsw30u_html_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI42722\wxmsw30u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-21 do 2015-09-21 )))))))))))))))))))))))))))))))
.
.
2015-09-21 09:45 . 2015-09-21 09:45 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C0543A4-F78F-486C-B26F-CF23321BED49}\offreg.dll
2015-09-21 09:28 . 2015-09-21 09:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-21 08:58 . 2015-09-21 08:39 24064 ----a-w- c:\windows\zoek-delete.exe
2015-09-21 08:58 . 2015-09-21 10:21 -------- d-----w- c:\users\Petr\AppData\Local\Temp
2015-09-21 08:45 . 2015-09-21 08:45 -------- d-----w- c:\users\Petr\AppData\Local\CrashDumps
2015-09-21 08:39 . 2015-09-21 08:57 -------- d-----w- C:\zoek_backup
2015-09-20 21:44 . 2015-09-21 08:10 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-20 21:44 . 2015-09-20 22:16 -------- d-----w- c:\programdata\RogueKiller
2015-09-20 21:33 . 2015-09-20 21:33 79064 ----a-w- c:\windows\system32\drivers\nrpnpjic.sys
2015-09-20 19:48 . 2015-09-20 20:59 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-20 19:48 . 2015-09-20 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-09-20 19:48 . 2015-09-20 19:48 -------- d-----w- c:\programdata\Malwarebytes
2015-09-20 19:48 . 2015-06-18 06:42 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-20 19:48 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-20 19:48 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-20 19:44 . 2015-09-20 20:52 -------- d-----w- C:\AdwCleaner
2015-09-20 19:27 . 2015-09-20 19:41 -------- d-----w- c:\programdata\Spyware Terminator
2015-09-20 19:27 . 2015-09-20 19:29 -------- d-----w- c:\program files (x86)\Spyware Terminator
2015-09-20 19:21 . 2015-09-21 09:18 -------- d-----w- c:\program files (x86)\Feed Notifier
2015-09-20 19:09 . 2015-09-20 19:09 -------- d-----w- c:\users\Petr\AppData\Roaming\Enigma Software Group
2015-09-20 19:09 . 2015-09-20 19:09 -------- d-----w- C:\sh4ldr
2015-09-20 19:08 . 2015-09-20 19:08 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2015-09-20 19:08 . 2015-09-20 19:08 -------- d-----w- c:\program files\Enigma Software Group
2015-09-19 21:39 . 2015-09-19 21:39 5224982 ----a-w- c:\program files\Common Files\ymkxc4vf.exe
2015-09-19 21:24 . 2015-09-19 21:24 -------- d-----w- c:\program files\Common Files\cphtz5xw
2015-09-19 20:35 . 2015-09-19 21:06 -------- d-----w- c:\users\Petr\temp
2015-09-19 20:34 . 2015-09-19 21:01 -------- d-----w- c:\users\Petr\AppData\Local\Pinnacle
2015-09-19 20:17 . 2015-09-19 20:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-09-19 20:15 . 2015-09-19 20:21 -------- d-----w- c:\program files (x86)\Opera
2015-09-19 20:14 . 2015-09-19 20:37 -------- d-----w- c:\users\Petr\AppData\Roaming\Seznam.cz
2015-09-19 19:54 . 2015-09-19 19:54 -------- d-----w- C:\Objects
2015-09-19 19:54 . 2015-09-19 19:54 -------- d-----w- C:\logs
2015-09-19 19:52 . 2015-09-20 17:58 -------- d-----w- c:\program files (x86)\AirMovie
2015-09-19 19:52 . 2015-09-21 09:30 -------- d-----w- c:\program files (x86)\RemoteX
2015-09-19 18:39 . 2015-09-19 20:01 -------- d-----w- c:\users\Petr\AppData\Local\Sony
2015-09-19 18:39 . 2015-09-19 20:00 -------- d-----w- c:\program files (x86)\Sony
2015-09-19 18:39 . 2015-09-19 18:39 -------- d-----w- c:\program files\Sony
2015-09-19 18:29 . 2015-09-19 18:29 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging
2015-09-19 18:26 . 2015-09-19 18:32 -------- d-----w- c:\program files (x86)\Pinnacle
2015-09-19 18:16 . 2015-09-19 18:26 -------- d-----w- c:\programdata\Pinnacle
2015-09-17 19:33 . 2015-09-17 19:33 -------- d-----w- c:\program files\iPod
2015-09-17 19:33 . 2015-09-17 19:34 -------- d-----w- c:\program files\iTunes
2015-09-17 19:33 . 2015-09-17 19:34 -------- d-----w- c:\program files (x86)\iTunes
2015-09-17 19:31 . 2015-09-17 19:31 -------- d-----w- c:\program files\Bonjour
2015-09-17 19:31 . 2015-09-17 19:31 -------- d-----w- c:\program files (x86)\Bonjour
2015-09-17 19:30 . 2015-09-17 19:30 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-09-17 19:29 . 2015-09-17 19:29 -------- d-----w- c:\program files (x86)\QuickTime
2015-08-27 11:46 . 2015-08-27 11:46 -------- d-----w- c:\users\Petr\AppData\Local\NVIDIA Corporation
2015-08-26 11:22 . 2015-08-18 08:48 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-26 11:22 . 2015-08-18 08:48 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-26 11:22 . 2015-08-18 08:48 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-26 11:22 . 2015-08-18 08:48 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-26 11:21 . 2015-08-17 21:43 608048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-08-26 11:19 . 2015-08-26 11:20 -------- d-----w- c:\windows\LastGood.Tmp
2015-08-26 11:15 . 2015-08-26 11:15 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-06 04:32 . 2015-08-02 14:12 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-08-18 08:48 . 2014-11-17 15:45 72880 ----a-w- c:\windows\system32\OpenCL.dll
2015-08-18 08:48 . 2014-11-17 15:45 60720 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-08-18 08:48 . 2014-08-19 21:14 14497760 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-08-18 08:48 . 2014-08-19 21:14 3209736 ----a-w- c:\windows\system32\nvapi64.dll
2015-08-18 08:48 . 2014-08-19 21:13 2824176 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-08-18 08:48 . 2012-07-25 20:22 18634264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-08-18 08:48 . 2012-07-25 20:22 16128576 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-08-18 00:07 . 2014-11-17 15:45 6783280 ----a-w- c:\windows\system32\nvcpl.dll
2015-08-18 00:07 . 2014-11-17 15:45 3522168 ----a-w- c:\windows\system32\nvsvc64.dll
2015-08-18 00:07 . 2014-11-17 15:45 933168 ----a-w- c:\windows\system32\nvvsvc.exe
2015-08-18 00:07 . 2014-11-17 15:45 62768 ----a-w- c:\windows\system32\nvshext.dll
2015-08-18 00:07 . 2014-11-17 15:45 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-08-18 00:07 . 2014-11-17 15:45 2558768 ----a-w- c:\windows\system32\nvsvcr.dll
2015-08-18 00:06 . 2014-11-17 15:45 5147024 ----a-w- c:\windows\system32\nvcoproc.bin
2015-08-12 14:03 . 2015-08-12 14:03 96528 ----a-w- c:\windows\system32\dns-sd.exe
2015-08-12 14:03 . 2015-08-12 14:03 86288 ----a-w- c:\windows\system32\dnssd.dll
2015-08-12 14:03 . 2015-08-12 14:03 61712 ----a-w- c:\windows\system32\jdns_sd.dll
2015-08-12 14:03 . 2015-08-12 14:03 213264 ----a-w- c:\windows\system32\dnssdX.dll
2015-08-12 14:03 . 2015-08-12 14:03 84240 ----a-w- c:\windows\SysWow64\dns-sd.exe
2015-08-12 14:03 . 2015-08-12 14:03 72976 ----a-w- c:\windows\SysWow64\dnssd.dll
2015-08-12 14:03 . 2015-08-12 14:03 50960 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2015-08-12 14:03 . 2015-08-12 14:03 178960 ----a-w- c:\windows\SysWow64\dnssdX.dll
2015-08-06 09:43 . 2015-08-06 09:43 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-08-06 09:43 . 2015-08-06 09:43 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-07-27 14:45 . 2015-07-27 14:45 381608 ----a-w- c:\windows\system32\drivers\sptd.sys
2015-07-27 13:39 . 2015-07-27 13:39 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 09:17 683200 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-07-29 22344224]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-04-26 43816]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2015-04-26 43816]
"TiVme Agent"="c:\program files (x86)\GIGABYTE\vivoTV\ScheduleAgent.exe" [2012-07-10 137728]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-08-19 2899136]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]
"GoogleChromeAutoLaunch_795A6C1EC44E0A41F3030B5EF87A210A"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-09-12 815944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Hornet"="c:\program files (x86)\Yenkee\Gaming Mouse Driver\Monitor.exe" [2014-05-22 434176]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2015-09-15 157456]
"RemoteX"="c:\program files (x86)\RemoteX\RemoteXUser.exe" [2011-02-14 185344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2014-12-31 848384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\System32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 sthid;Splashtop Virtual Hid;c:\windows\System32\drivers\sthid.sys;c:\windows\SYSNATIVE\drivers\sthid.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 __RemoteX__;RemoteX Server;c:\program files (x86)\RemoteX\RemoteX.exe;c:\program files (x86)\RemoteX\RemoteX.exe [x]
S2 __XSERVER__;AirMovie Server Service;c:\program files (x86)\AirMovie\\xserver.exe;c:\program files (x86)\AirMovie\\xserver.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
S2 ST2012_Svc;Spyware Terminator 2015 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\System32\drivers\dtlitescsibus.sys;c:\windows\SYSNATIVE\drivers\dtlitescsibus.sys [x]
S3 GM312Fltr;Gaming Mouse 312;c:\windows\system32\drivers\GM312Fltr.sys;c:\windows\SYSNATIVE\drivers\GM312Fltr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17 17:59]
.
2015-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 09:17 803520 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-18 2585744]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-04-20 161984]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-18 1514528]
"AirMovie Server Service"="c:\program files (x86)\AirMovie\xtray.exe" [2014-03-31 79432]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.211.45.3 212.96.160.7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RocketDock - c:\program files (x86)\RocketDock\RocketDock.exe
Wow6432Node-HKCU-Run-Viber - c:\users\Petr\AppData\Local\Viber\Viber.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk - c:\program files (x86)\Feed Notifier\notifier.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-The Treasures Of Montezuma 4 - c:\program files (x86)\Alawar.cs\The Treasures Of Montezuma 4\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\slsvc.exe
c:\program files (x86)\AirMovie\xserver.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
c:\program files (x86)\Steam\bin\steamwebhelper.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Celkový čas: 2015-09-21 12:44:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-09-21 10:44
.
Před spuštěním: 185 728 970 752 bytes free
Po spuštění: 185 090 519 040 bytes free
.
- - End Of File - - E949EACC983A89F6FA00E009ADFEA8B2
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **Orcus** » 21 zář 2015 13:12

Odinstaluj:
Spyware Terminator
SpyHunter 4

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

Obrázek

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

====================================================

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

petrnavra · Příspěvekod **petrnavra** » 21 zář 2015 17:10

ComboFix 15-09-21.01 - Petr . 09. 2015 14:14:24.2.4 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.4096.2622 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.28.15\goopdate.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.28.15\psmachine.dll
c:\program files (x86)\Google\Update\1.3.28.15\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.28.15\psuser.dll
c:\program files (x86)\Google\Update\1.3.28.15\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\1.24.9931.5480\gsync.msi
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.15\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.93\45.0.2454.93_45.0.2454.85_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\7.1.5.1557\GoogleEarth-Win-Bundle-7.1.5.1557.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{07A55EBE-21A5-4F33-A5D6-0289201DA05E}\45.0.2454.85_44.0.2403.157_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{1D500ABA-7DBB-4180-9768-3E665FE165FB}\42.0.2311.135_42.0.2311.90_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{2CDF19B3-ED35-465A-85CC-3BD76C24E6B9}\44.0.2403.130_44.0.2403.125_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{32FD59E0-9F77-41EE-BD9C-5DE5D2D308D2}\42.0.2311.152_42.0.2311.135_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{3461F1D8-3AF5-4679-99B0-F4A0184D8E81}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{4D7634DF-9BA2-449C-B5EE-7BD960800157}\42.0.2311.90_41.0.2272.118_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{4EC204FB-6080-43A3-9117-549F36094B80}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{530B0725-544E-45D0-AFF4-329EF890EED3}\gsync.msi
c:\program files (x86)\Google\Update\Install\{530B0725-544E-45D0-AFF4-329EF890EED3}\gsync.msi.log
c:\program files (x86)\Google\Update\Install\{57F615B0-DA88-4559-8CDC-D225835DA268}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{5D58A309-E559-4D4F-8628-F9A5EA3959CF}\43.0.2357.81_43.0.2357.65_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{6BD246FA-C9BF-45CA-AC6A-0A30BD2B16A9}\gsync.msi
c:\program files (x86)\Google\Update\Install\{6BD246FA-C9BF-45CA-AC6A-0A30BD2B16A9}\gsync.msi.log
c:\program files (x86)\Google\Update\Install\{742B1FF7-D930-4D35-B51B-88A89A079AE6}\gsync.msi
c:\program files (x86)\Google\Update\Install\{742B1FF7-D930-4D35-B51B-88A89A079AE6}\gsync.msi.log
c:\program files (x86)\Google\Update\Install\{769E0BF5-D298-4CFD-A258-0D21E3C14B9F}\41.0.2272.89_40.0.2214.115_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{7AB1B10E-5CD2-4959-9366-CB5B832C2CBF}\44.0.2403.125_44.0.2403.107_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{7BAC9984-E4DB-4326-9D29-846C35C1F7CF}\GoogleEarth-Win-Bundle-7.1.5.1557.exe
c:\program files (x86)\Google\Update\Install\{7CDA4DBD-E883-4280-AB32-D66C8AF385CD}\40.0.2214.111_40.0.2214.94_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{7FF7C746-C0B8-46BC-ABC2-3022BBB7AC83}\gsync.msi
c:\program files (x86)\Google\Update\Install\{7FF7C746-C0B8-46BC-ABC2-3022BBB7AC83}\gsync.msi.log
c:\program files (x86)\Google\Update\Install\{810B57B3-534F-4C6C-BDD7-642F7AD010B1}\43.0.2357.124_43.0.2357.81_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{85B4CFEC-D1DB-4995-B758-7FCE8F12C1AC}\45.0.2454.93_45.0.2454.85_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{931FC795-4D2A-4B56-AA0E-9594D791700C}\43.0.2357.65_42.0.2311.152_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{9B276D8E-A3BF-405B-B11F-0BA533F182B5}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{9F69C0C0-F6B8-469C-9074-71F9F831F841}\44.0.2403.157_44.0.2403.155_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{A47396A5-DFE4-4E76-94DE-07EDC1207040}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{AA1DF54A-26F8-4B62-87F5-C30C80D7DFAB}\44.0.2403.89_43.0.2357.134_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{B7CFECB5-23E1-4CF3-809B-CE20A88E550C}\43.0.2357.130_43.0.2357.124_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{BCE2D6C8-F6EF-457E-99D9-A4B3A4B9935B}\43.0.2357.134_43.0.2357.132_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{CB424DDE-7897-4EFE-8A2B-D1D9CC90B555}\41.0.2272.101_41.0.2272.89_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{D2580438-D416-45DB-B73A-1F5A154B611D}\41.0.2272.118_41.0.2272.101_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{D56FDF3B-6256-4B0B-981B-DAE3B1684A01}\44.0.2403.155_44.0.2403.130_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{DB920281-99AF-4472-9B42-ECD7D50A10CB}\gsync.msi
c:\program files (x86)\Google\Update\Install\{DB920281-99AF-4472-9B42-ECD7D50A10CB}\gsync.msi.log
c:\program files (x86)\Google\Update\Install\{E6A178E0-8279-4444-9093-1AB9FBBDF3CB}\43.0.2357.132_43.0.2357.130_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{EBE1580F-00F2-4991-B374-9638BDE6F134}\44.0.2403.107_44.0.2403.89_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{F3103F9F-ACEB-4577-848A-6BD7FCFF497E}\GoogleUpdateSetup.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\users\Petr\AppData\Local\Temp\_MEI50242\_ctypes.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\_elementtree.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\_hashlib.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\_multiprocessing.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\_psutil_windows.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\_socket.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\_ssl.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\_yappi.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\common.time34.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\hashobjs_ext.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\pyexpat.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\pysqlite2._sqlite.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\python27.dll
c:\users\Petr\AppData\Local\Temp\_MEI50242\pythoncom27.dll
c:\users\Petr\AppData\Local\Temp\_MEI50242\PyWinTypes27.dll
c:\users\Petr\AppData\Local\Temp\_MEI50242\select.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\unicodedata.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\usb_ext.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32api.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32com.shell.shell.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32crypt.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32event.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32file.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32gui.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32inet.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32pdh.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32pipe.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32process.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32profile.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32security.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\win32ts.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\windows._lib_cacheinvalidation.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\wx._animate.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\wx._controls_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\wx._core_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\wx._gdi_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\wx._html2.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\wx._misc_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\wx._windows_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\wx._wizard.pyd
c:\users\Petr\AppData\Local\Temp\_MEI50242\wxbase30u_net_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI50242\wxbase30u_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI50242\wxmsw30u_adv_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI50242\wxmsw30u_core_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI50242\wxmsw30u_html_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI50242\wxmsw30u_webview_vc90.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Legacy_gupdate
-------\Legacy_gupdatem
-------\Legacy_gupdate
-------\Legacy_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-21 do 2015-09-21 )))))))))))))))))))))))))))))))
.
.
2015-09-21 12:32 . 2015-09-21 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-21 08:58 . 2015-09-21 08:39 24064 ----a-w- c:\windows\zoek-delete.exe
2015-09-21 08:58 . 2015-09-21 14:29 -------- d-----w- c:\users\Petr\AppData\Local\Temp
2015-09-21 08:45 . 2015-09-21 08:45 -------- d-----w- c:\users\Petr\AppData\Local\CrashDumps
2015-09-21 08:39 . 2015-09-21 08:57 -------- d-----w- C:\zoek_backup
2015-09-20 21:44 . 2015-09-21 08:10 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-20 21:44 . 2015-09-20 22:16 -------- d-----w- c:\programdata\RogueKiller
2015-09-20 21:33 . 2015-09-20 21:33 79064 ----a-w- c:\windows\system32\drivers\nrpnpjic.sys
2015-09-20 19:48 . 2015-09-20 20:59 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-20 19:48 . 2015-09-20 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-09-20 19:48 . 2015-09-20 19:48 -------- d-----w- c:\programdata\Malwarebytes
2015-09-20 19:48 . 2015-06-18 06:42 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-20 19:48 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-20 19:48 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-20 19:44 . 2015-09-20 20:52 -------- d-----w- C:\AdwCleaner
2015-09-20 19:21 . 2015-09-21 11:56 -------- d-----w- c:\program files (x86)\Feed Notifier
2015-09-19 21:39 . 2015-09-19 21:39 5224982 ----a-w- c:\program files\Common Files\ymkxc4vf.exe
2015-09-19 21:24 . 2015-09-19 21:24 -------- d-----w- c:\program files\Common Files\cphtz5xw
2015-09-19 20:35 . 2015-09-19 21:06 -------- d-----w- c:\users\Petr\temp
2015-09-19 20:34 . 2015-09-19 21:01 -------- d-----w- c:\users\Petr\AppData\Local\Pinnacle
2015-09-19 20:17 . 2015-09-19 20:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-09-19 20:15 . 2015-09-19 20:21 -------- d-----w- c:\program files (x86)\Opera
2015-09-19 20:14 . 2015-09-19 20:37 -------- d-----w- c:\users\Petr\AppData\Roaming\Seznam.cz
2015-09-19 19:54 . 2015-09-19 19:54 -------- d-----w- C:\Objects
2015-09-19 19:54 . 2015-09-19 19:54 -------- d-----w- C:\logs
2015-09-19 19:52 . 2015-09-20 17:58 -------- d-----w- c:\program files (x86)\AirMovie
2015-09-19 19:52 . 2015-09-21 12:34 -------- d-----w- c:\program files (x86)\RemoteX
2015-09-19 18:39 . 2015-09-19 20:01 -------- d-----w- c:\users\Petr\AppData\Local\Sony
2015-09-19 18:39 . 2015-09-19 20:00 -------- d-----w- c:\program files (x86)\Sony
2015-09-19 18:39 . 2015-09-19 18:39 -------- d-----w- c:\program files\Sony
2015-09-19 18:29 . 2015-09-19 18:29 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging
2015-09-19 18:26 . 2015-09-19 18:32 -------- d-----w- c:\program files (x86)\Pinnacle
2015-09-19 18:16 . 2015-09-19 18:26 -------- d-----w- c:\programdata\Pinnacle
2015-09-17 19:33 . 2015-09-17 19:33 -------- d-----w- c:\program files\iPod
2015-09-17 19:33 . 2015-09-17 19:34 -------- d-----w- c:\program files\iTunes
2015-09-17 19:33 . 2015-09-17 19:34 -------- d-----w- c:\program files (x86)\iTunes
2015-09-17 19:31 . 2015-09-17 19:31 -------- d-----w- c:\program files\Bonjour
2015-09-17 19:31 . 2015-09-17 19:31 -------- d-----w- c:\program files (x86)\Bonjour
2015-09-17 19:30 . 2015-09-17 19:30 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-09-17 19:29 . 2015-09-17 19:29 -------- d-----w- c:\program files (x86)\QuickTime
2015-08-27 11:46 . 2015-08-27 11:46 -------- d-----w- c:\users\Petr\AppData\Local\NVIDIA Corporation
2015-08-26 11:22 . 2015-08-18 08:48 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-26 11:22 . 2015-08-18 08:48 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-26 11:22 . 2015-08-18 08:48 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-26 11:22 . 2015-08-18 08:48 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-26 11:21 . 2015-08-17 21:43 608048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-08-26 11:19 . 2015-08-26 11:20 -------- d-----w- c:\windows\LastGood.Tmp
2015-08-26 11:15 . 2015-08-26 11:15 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-06 04:32 . 2015-08-02 14:12 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-08-18 08:48 . 2014-11-17 15:45 72880 ----a-w- c:\windows\system32\OpenCL.dll
2015-08-18 08:48 . 2014-11-17 15:45 60720 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-08-18 08:48 . 2014-08-19 21:14 14497760 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-08-18 08:48 . 2014-08-19 21:14 3209736 ----a-w- c:\windows\system32\nvapi64.dll
2015-08-18 08:48 . 2014-08-19 21:13 2824176 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-08-18 08:48 . 2012-07-25 20:22 18634264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-08-18 08:48 . 2012-07-25 20:22 16128576 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-08-18 00:07 . 2014-11-17 15:45 6783280 ----a-w- c:\windows\system32\nvcpl.dll
2015-08-18 00:07 . 2014-11-17 15:45 3522168 ----a-w- c:\windows\system32\nvsvc64.dll
2015-08-18 00:07 . 2014-11-17 15:45 933168 ----a-w- c:\windows\system32\nvvsvc.exe
2015-08-18 00:07 . 2014-11-17 15:45 62768 ----a-w- c:\windows\system32\nvshext.dll
2015-08-18 00:07 . 2014-11-17 15:45 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-08-18 00:07 . 2014-11-17 15:45 2558768 ----a-w- c:\windows\system32\nvsvcr.dll
2015-08-18 00:06 . 2014-11-17 15:45 5147024 ----a-w- c:\windows\system32\nvcoproc.bin
2015-08-12 14:03 . 2015-08-12 14:03 96528 ----a-w- c:\windows\system32\dns-sd.exe
2015-08-12 14:03 . 2015-08-12 14:03 86288 ----a-w- c:\windows\system32\dnssd.dll
2015-08-12 14:03 . 2015-08-12 14:03 61712 ----a-w- c:\windows\system32\jdns_sd.dll
2015-08-12 14:03 . 2015-08-12 14:03 213264 ----a-w- c:\windows\system32\dnssdX.dll
2015-08-12 14:03 . 2015-08-12 14:03 84240 ----a-w- c:\windows\SysWow64\dns-sd.exe
2015-08-12 14:03 . 2015-08-12 14:03 72976 ----a-w- c:\windows\SysWow64\dnssd.dll
2015-08-12 14:03 . 2015-08-12 14:03 50960 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2015-08-12 14:03 . 2015-08-12 14:03 178960 ----a-w- c:\windows\SysWow64\dnssdX.dll
2015-08-06 09:43 . 2015-08-06 09:43 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-08-06 09:43 . 2015-08-06 09:43 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-07-27 14:45 . 2015-07-27 14:45 381608 ----a-w- c:\windows\system32\drivers\sptd.sys
2015-07-27 13:39 . 2015-07-27 13:39 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 09:17 683200 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-07-29 22344224]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-04-26 43816]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2015-04-26 43816]
"TiVme Agent"="c:\program files (x86)\GIGABYTE\vivoTV\ScheduleAgent.exe" [2012-07-10 137728]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-08-19 2899136]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]
"GoogleChromeAutoLaunch_795A6C1EC44E0A41F3030B5EF87A210A"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-09-12 815944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Hornet"="c:\program files (x86)\Yenkee\Gaming Mouse Driver\Monitor.exe" [2014-05-22 434176]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2015-09-15 157456]
"RemoteX"="c:\program files (x86)\RemoteX\RemoteXUser.exe" [2011-02-14 185344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\System32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 sthid;Splashtop Virtual Hid;c:\windows\System32\drivers\sthid.sys;c:\windows\SYSNATIVE\drivers\sthid.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 __RemoteX__;RemoteX Server;c:\program files (x86)\RemoteX\RemoteX.exe;c:\program files (x86)\RemoteX\RemoteX.exe [x]
S2 __XSERVER__;AirMovie Server Service;c:\program files (x86)\AirMovie\\xserver.exe;c:\program files (x86)\AirMovie\\xserver.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\System32\drivers\dtlitescsibus.sys;c:\windows\SYSNATIVE\drivers\dtlitescsibus.sys [x]
S3 GM312Fltr;Gaming Mouse 312;c:\windows\system32\drivers\GM312Fltr.sys;c:\windows\SYSNATIVE\drivers\GM312Fltr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 09:17 803520 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-18 2585744]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-04-20 161984]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-18 1514528]
"AirMovie Server Service"="c:\program files (x86)\AirMovie\xtray.exe" [2014-03-31 79432]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.211.45.3 212.96.160.7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\slsvc.exe
c:\program files (x86)\AirMovie\xserver.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
c:\program files (x86)\Steam\bin\steamwebhelper.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Celkový čas: 2015-09-21 16:53:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-09-21 14:52
ComboFix2.txt 2015-09-21 10:45
.
Před spuštěním: 185 174 863 872 bytes free
Po spuštění: 184 662 831 104 bytes free
.
- - End Of File - - 31B30054D8426CCB08A0807CD0753A67
A36C5E4F47E84449FF07ED3517B43A31

petrnavra · Příspěvekod **petrnavra** » 21 zář 2015 17:12

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-09-21 17:11:49
-----------------------------
17:11:49.582 OS Version: Windows x64 6.2.9200
17:11:49.582 Number of processors: 4 586 0x502
17:11:49.582 ComputerName: SIMLORDON UserName: Petr
17:11:51.061 Initialize success
17:11:51.132 VM: initialized successfully
17:11:51.132 VM: Amd CPU supported
17:11:55.465 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000034
17:11:55.469 Disk 0 Vendor: SAMSUNG_ 1AG0 Size: 953868MB BusType: 3
17:11:55.489 Disk 0 MBR read successfully
17:11:55.492 Disk 0 MBR scan
17:11:55.494 Disk 0 Windows 7 default MBR code
17:11:55.507 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
17:11:55.523 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 253517 MB offset 718848
17:11:55.539 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 699999 MB offset 519921664
17:11:55.554 Disk 0 scanning C:\Windows\system32\drivers
17:12:02.463 Service scanning
17:12:15.702 Modules scanning
17:12:15.702 Disk 0 trace - called modules:
17:12:15.734 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80038772c0]<<sptd.sys storport.sys hal.dll nvstor.sys
17:12:15.749 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004772060]
17:12:15.749 3 CLASSPNP.SYS[fffff8800137be0a] -> nt!IofCallDriver -> [0xfffffa80036c0e40]
17:12:15.749 5 ACPI.sys[fffff88001154a91] -> nt!IofCallDriver -> \Device\00000034[0xfffffa800446c060]
17:12:15.765 \Driver\nvstor[0xfffffa800446fe60] -> IRP_MJ_CREATE -> 0xfffffa80038772c0
17:12:15.765 Disk 0 statistics 105290/0/0 @ 8,41 MB/s
17:12:15.765 Scan finished successfully
17:12:27.959 Disk 0 MBR has been saved successfully to "C:\Users\Petr\Desktop\MBR.dat"
17:12:27.975 The log file has been saved successfully to "C:\Users\Petr\Desktop\aswMBR.txt"

Příspěvekod **jerabina** » 21 zář 2015 19:51

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.

Toto otestuj na Virustotal
c:\program files (x86)\RemoteX\RemoteXUser.exe
c:\program files (x86)\AirMovie\\xserver.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KilAll::

Folder::
c:\programdata\RogueKiller
c:\programdata\Spyware Terminator
c:\program files (x86)\Spyware Terminator
c:\program files (x86)\Feed Notifier
c:\users\Petr\AppData\Roaming\Enigma Software Group
c:\program files\Enigma Software Group
C:\sh4ldr

File::
c:\program files\Common Files\ymkxc4vf.exe
c:\program files\Common Files\cphtz5xw
c:\windows\LastGood.Tmp
c:\windows\system32\DRIVERS\stflt.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"=-
"DAEMON Tools Lite Automount"=-
"GoogleChromeAutoLaunch_795A6C1EC44E0A41F3030B5EF87A210A"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-

DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

petrnavra · Příspěvekod **petrnavra** » 22 zář 2015 12:25

https://www.virustotal.com/cs/file/cd86 ... 442917235/

https://www.virustotal.com/cs/file/5a82 ... 442917367/

Příspěvekod **Orcus** » 22 zář 2015 15:55

A log z Combofixu?

petrnavra · Příspěvekod **petrnavra** » 22 zář 2015 18:56

ComboFix 15-09-21.01 - Petr . 09. 2015 12:28:59.3.4 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.4096.2602 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\cphtz5xw"
"c:\program files\Common Files\ymkxc4vf.exe"
"c:\windows\LastGood.Tmp"
"c:\windows\system32\DRIVERS\stflt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Feed Notifier
c:\program files (x86)\Feed Notifier\feeds.dat
c:\program files (x86)\Feed Notifier\log.txt
c:\program files (x86)\Feed Notifier\notifier.exe.log
c:\program files\Common Files\ymkxc4vf.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
c:\programdata\RogueKiller
c:\programdata\RogueKiller\config.ini
c:\programdata\RogueKiller\Logs\RKreport_DEL_09212015_103702.json
c:\programdata\RogueKiller\Logs\RKreport_SCN_09212015_001148.json
c:\programdata\RogueKiller\Logs\RKreport_SCN_09212015_103507.json
c:\programdata\RogueKiller\vt.cache
c:\users\Petr\AppData\Local\Temp\_MEI71002\_ctypes.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\_elementtree.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\_hashlib.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\_multiprocessing.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\_psutil_windows.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\_socket.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\_ssl.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\_yappi.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\common.time34.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\hashobjs_ext.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\pyexpat.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\pysqlite2._sqlite.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\python27.dll
c:\users\Petr\AppData\Local\Temp\_MEI71002\pythoncom27.dll
c:\users\Petr\AppData\Local\Temp\_MEI71002\PyWinTypes27.dll
c:\users\Petr\AppData\Local\Temp\_MEI71002\select.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\unicodedata.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\usb_ext.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32api.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32com.shell.shell.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32crypt.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32event.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32file.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32gui.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32inet.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32pdh.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32pipe.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32process.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32profile.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32security.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\win32ts.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\windows._lib_cacheinvalidation.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\wx._animate.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\wx._controls_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\wx._core_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\wx._gdi_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\wx._html2.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\wx._misc_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\wx._windows_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\wx._wizard.pyd
c:\users\Petr\AppData\Local\Temp\_MEI71002\wxbase30u_net_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI71002\wxbase30u_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI71002\wxmsw30u_adv_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI71002\wxmsw30u_core_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI71002\wxmsw30u_html_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI71002\wxmsw30u_webview_vc90.dll
c:\windows\system32\DRIVERS\stflt.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-22 do 2015-09-22 )))))))))))))))))))))))))))))))
.
.
2015-09-22 10:55 . 2015-09-22 10:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-21 16:42 . 2015-08-31 13:45 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAC4044C-99EC-4469-8F5A-F2DF0CFE7CAA}\mpengine.dll
2015-09-21 08:58 . 2015-09-21 08:39 24064 ----a-w- c:\windows\zoek-delete.exe
2015-09-21 08:58 . 2015-09-22 16:06 -------- d-----w- c:\users\Petr\AppData\Local\Temp
2015-09-21 08:45 . 2015-09-21 08:45 -------- d-----w- c:\users\Petr\AppData\Local\CrashDumps
2015-09-21 08:39 . 2015-09-21 08:57 -------- d-----w- C:\zoek_backup
2015-09-20 21:44 . 2015-09-21 08:10 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-20 21:33 . 2015-09-20 21:33 79064 ----a-w- c:\windows\system32\drivers\nrpnpjic.sys
2015-09-20 19:48 . 2015-09-20 20:59 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-20 19:48 . 2015-09-20 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-09-20 19:48 . 2015-09-20 19:48 -------- d-----w- c:\programdata\Malwarebytes
2015-09-20 19:48 . 2015-06-18 06:42 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-20 19:48 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-20 19:48 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-20 19:44 . 2015-09-20 20:52 -------- d-----w- C:\AdwCleaner
2015-09-19 21:24 . 2015-09-19 21:24 -------- d-----w- c:\program files\Common Files\cphtz5xw
2015-09-19 20:35 . 2015-09-19 21:06 -------- d-----w- c:\users\Petr\temp
2015-09-19 20:34 . 2015-09-19 21:01 -------- d-----w- c:\users\Petr\AppData\Local\Pinnacle
2015-09-19 20:17 . 2015-09-19 20:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-09-19 20:15 . 2015-09-19 20:21 -------- d-----w- c:\program files (x86)\Opera
2015-09-19 20:14 . 2015-09-19 20:37 -------- d-----w- c:\users\Petr\AppData\Roaming\Seznam.cz
2015-09-19 19:54 . 2015-09-19 19:54 -------- d-----w- C:\Objects
2015-09-19 19:54 . 2015-09-19 19:54 -------- d-----w- C:\logs
2015-09-19 19:52 . 2015-09-20 17:58 -------- d-----w- c:\program files (x86)\AirMovie
2015-09-19 19:52 . 2015-09-22 10:57 -------- d-----w- c:\program files (x86)\RemoteX
2015-09-19 18:39 . 2015-09-19 20:01 -------- d-----w- c:\users\Petr\AppData\Local\Sony
2015-09-19 18:39 . 2015-09-19 20:00 -------- d-----w- c:\program files (x86)\Sony
2015-09-19 18:39 . 2015-09-19 18:39 -------- d-----w- c:\program files\Sony
2015-09-19 18:29 . 2015-09-19 18:29 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging
2015-09-19 18:26 . 2015-09-19 18:32 -------- d-----w- c:\program files (x86)\Pinnacle
2015-09-19 18:16 . 2015-09-19 18:26 -------- d-----w- c:\programdata\Pinnacle
2015-09-17 19:33 . 2015-09-17 19:33 -------- d-----w- c:\program files\iPod
2015-09-17 19:33 . 2015-09-17 19:34 -------- d-----w- c:\program files\iTunes
2015-09-17 19:33 . 2015-09-17 19:34 -------- d-----w- c:\program files (x86)\iTunes
2015-09-17 19:31 . 2015-09-17 19:31 -------- d-----w- c:\program files\Bonjour
2015-09-17 19:31 . 2015-09-17 19:31 -------- d-----w- c:\program files (x86)\Bonjour
2015-09-17 19:30 . 2015-09-17 19:30 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-09-17 19:29 . 2015-09-17 19:29 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-09-17 19:29 . 2015-09-17 19:29 -------- d-----w- c:\program files (x86)\QuickTime
2015-08-27 11:46 . 2015-08-27 11:46 -------- d-----w- c:\users\Petr\AppData\Local\NVIDIA Corporation
2015-08-26 11:22 . 2015-08-18 08:48 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-26 11:22 . 2015-08-18 08:48 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-26 11:22 . 2015-08-18 08:48 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-26 11:22 . 2015-08-18 08:48 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-26 11:21 . 2015-08-17 21:43 608048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-08-26 11:19 . 2015-08-26 11:20 -------- d-----w- c:\windows\LastGood.Tmp
2015-08-26 11:15 . 2015-08-26 11:15 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-06 04:32 . 2015-08-02 14:12 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-08-18 08:48 . 2014-11-17 15:45 72880 ----a-w- c:\windows\system32\OpenCL.dll
2015-08-18 08:48 . 2014-11-17 15:45 60720 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-08-18 08:48 . 2014-08-19 21:14 14497760 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-08-18 08:48 . 2014-08-19 21:14 3209736 ----a-w- c:\windows\system32\nvapi64.dll
2015-08-18 08:48 . 2014-08-19 21:13 2824176 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-08-18 08:48 . 2012-07-25 20:22 18634264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-08-18 08:48 . 2012-07-25 20:22 16128576 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-08-18 00:07 . 2014-11-17 15:45 6783280 ----a-w- c:\windows\system32\nvcpl.dll
2015-08-18 00:07 . 2014-11-17 15:45 3522168 ----a-w- c:\windows\system32\nvsvc64.dll
2015-08-18 00:07 . 2014-11-17 15:45 933168 ----a-w- c:\windows\system32\nvvsvc.exe
2015-08-18 00:07 . 2014-11-17 15:45 62768 ----a-w- c:\windows\system32\nvshext.dll
2015-08-18 00:07 . 2014-11-17 15:45 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-08-18 00:07 . 2014-11-17 15:45 2558768 ----a-w- c:\windows\system32\nvsvcr.dll
2015-08-18 00:06 . 2014-11-17 15:45 5147024 ----a-w- c:\windows\system32\nvcoproc.bin
2015-08-12 14:03 . 2015-08-12 14:03 96528 ----a-w- c:\windows\system32\dns-sd.exe
2015-08-12 14:03 . 2015-08-12 14:03 86288 ----a-w- c:\windows\system32\dnssd.dll
2015-08-12 14:03 . 2015-08-12 14:03 61712 ----a-w- c:\windows\system32\jdns_sd.dll
2015-08-12 14:03 . 2015-08-12 14:03 213264 ----a-w- c:\windows\system32\dnssdX.dll
2015-08-12 14:03 . 2015-08-12 14:03 84240 ----a-w- c:\windows\SysWow64\dns-sd.exe
2015-08-12 14:03 . 2015-08-12 14:03 72976 ----a-w- c:\windows\SysWow64\dnssd.dll
2015-08-12 14:03 . 2015-08-12 14:03 50960 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2015-08-12 14:03 . 2015-08-12 14:03 178960 ----a-w- c:\windows\SysWow64\dnssdX.dll
2015-08-06 09:43 . 2015-08-06 09:43 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-08-06 09:43 . 2015-08-06 09:43 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-07-27 14:45 . 2015-07-27 14:45 381608 ----a-w- c:\windows\system32\drivers\sptd.sys
2015-07-27 13:39 . 2015-07-27 13:39 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2015-07-05 10:08 . 2014-11-20 09:11 300704 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 09:17 683200 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-07-29 22344224]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-04-26 43816]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2015-04-26 43816]
"TiVme Agent"="c:\program files (x86)\GIGABYTE\vivoTV\ScheduleAgent.exe" [2012-07-10 137728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hornet"="c:\program files (x86)\Yenkee\Gaming Mouse Driver\Monitor.exe" [2014-05-22 434176]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2015-09-15 157456]
"RemoteX"="c:\program files (x86)\RemoteX\RemoteXUser.exe" [2011-02-14 185344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\System32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 sthid;Splashtop Virtual Hid;c:\windows\System32\drivers\sthid.sys;c:\windows\SYSNATIVE\drivers\sthid.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 __RemoteX__;RemoteX Server;c:\program files (x86)\RemoteX\RemoteX.exe;c:\program files (x86)\RemoteX\RemoteX.exe [x]
S2 __XSERVER__;AirMovie Server Service;c:\program files (x86)\AirMovie\\xserver.exe;c:\program files (x86)\AirMovie\\xserver.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\System32\drivers\dtlitescsibus.sys;c:\windows\SYSNATIVE\drivers\dtlitescsibus.sys [x]
S3 GM312Fltr;Gaming Mouse 312;c:\windows\system32\drivers\GM312Fltr.sys;c:\windows\SYSNATIVE\drivers\GM312Fltr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 09:17 803520 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-18 2585744]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-04-20 161984]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-18 1514528]
"AirMovie Server Service"="c:\program files (x86)\AirMovie\xtray.exe" [2014-03-31 79432]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.211.45.3 212.96.160.7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\slsvc.exe
c:\program files (x86)\AirMovie\xserver.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
**************************************************************************
.
Celkový čas: 2015-09-22 18:25:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-09-22 16:25
ComboFix2.txt 2015-09-21 14:53
ComboFix3.txt 2015-09-21 10:45
.
Před spuštěním: 182 301 941 760 bytes free
Po spuštění: 182 136 094 720 bytes free
.
- - End Of File - - B7A61ABC8EC40495F4262D9EA28F94BB
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jerabina** » 22 zář 2015 20:53

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Co problémy? + nový log z HJT

neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Re: neustále mi nabíhají instalace nějakých programů, PROSÍM o kontrolu logu

Kdo je online