PC-HELP.CZ

Zdravím, dostal se mi do ruky velice neudržovaný PC. Při prvním zapnuti a po spuštění všech aplikaci při staru PC, bylo využití CPU kolem 60% a RAM 80%.
Pomohli byste mi zbavit PC havěti, která v něm je? Udělal jsem pár kroků ale to nejspíš nestačí. PC něco zatěžuje a asi toho bude dost.
1, Některé nepotřebné programy jsem odinstaloval,
2, Nainstaloval jsem a spustil CCleaner,
3, Nainstaloval a spustil MBAM (dva malwery a 48 potencionálně nechtěných aplikací) = do karantény
4, Nainstaloval a spustil Avast (Nic nenašel)
Sestav PC: Intel Core2Duo E8200, 2x2 GB RAM DDR2-800, Radeon HD 5770 1GB, ASRock G31M-GS, HDD Seagate 320GB.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:57:06, on 15.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

FIREFOX: 42.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kuba\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

--
End of file - 5239 bytes

AKTUÁLNÍ LOG Z MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15.12.2015
Čas skenování: 21:29
Protokol: mbam1.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.15.06
Databáze rootkitů: v2015.12.07.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: kuba

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 343203
Uplynulý čas: 13 min, 22 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
PUP.Optional.Linkury.ShrtCln, C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.newtab.url", "C:\\ProgramData\\Medlights\\ff.NT");), ,[90d2e3c2345791a5453204a422e2d729]
PUP.Optional.FindIt, C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.search.defaultenginename", "findit");), ,[f36f1491b1da37ff67e6c1e9df2559a7]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

VČEREJŠÍ LOG Z MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15.12.2015
Čas skenování: 0:04
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.14.06
Databáze rootkitů: v2015.12.07.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: kuba

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 381221
Uplynulý čas: 15 min, 20 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 1
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\privoxy.exe, 1936, , [cf2fd8cc8803132346fc0b6f07fc23dd]

Moduly: 1
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\mgwz.dll, , [cf2fd8cc8803132346fc0b6f07fc23dd],

Klíče registru: 18
PUP.Optional.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PrivoxyService, , [cf2fd8cc8803132346fc0b6f07fc23dd],
PUP.Optional.Linkury, HKLM\SOFTWARE\mtMedlight, , [2dd101a3b2d9f04641ee88206d95b44c],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, , [16e8d3d15536270f3ee40c7006fd41bf],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\TRACING\ApplicationHosting_RASAPI32, , [857911935c2fde58ad5bd72cb1536d93],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\TRACING\ApplicationHosting_RASMANCS, , [fd015252f794c76f7c8c49baf60ee917],
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\TRACING\hotnix_RASAPI32, , [6995554f4942a98d94251ce3e61d7a86],
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\TRACING\hotnix_RASMANCS, , [916d2282612aad895267f70817ec837d],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\TRACING\Medlight_RASAPI32, , [a35b168e8605a39367c4bcecfc06629e],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\TRACING\Medlight_RASMANCS, , [1ee0d2d24b409d99db508721a06243bd],
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, , [1de1a103b4d777bfea37d5adc63da060],
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, , [aa544d57f992af8736ebbec4c340da26],
PUP.Optional.Privoxy.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IT Viewer Viewer, , [a15d851fb5d668ceb3948c2111f15aa6],
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LaunchPreSignup, , [95690c986526ef47f5f77f27e61d6b95],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [14eae2c2ef9c0a2ce3ba5b6e61a29868],
PUP.Optional.Privoxy, HKLM\SOFTWARE\SECUREWEBCHANNEL, , [5ea0c0e4404b092de29a5ca755afc739],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, , [28d6c6de1e6d38fe1d66e9be41c154ac],
PUP.Optional.Linkury, HKU\S-1-5-21-3477047024-2134868446-3082669610-1000\SOFTWARE\mtMedlight, , [13eb94100586082e16119c0ce121d729],
PUP.Optional.Linkury, HKU\S-1-5-21-3477047024-2134868446-3082669610-501\SOFTWARE\mtMedlight, , [2ed0a400305b75c1b770a602ce343ac6],

Hodnoty registru: 9
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, , [16e8d3d15536270f3ee40c7006fd41bf]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... esvBA,,&q={searchTerms}, , [33cb4460cfbc4fe79f84daa2c73cfc04]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... esvBA,,&q={searchTerms}, , [c737ced61873241248dc5527c43ffc04]
PUP.Optional.Privoxy, HKLM\SOFTWARE\SECUREWEBCHANNEL|Channel, split24banner4, , [5ea0c0e4404b092de29a5ca755afc739]
PUP.Optional.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE|ImagePath, "C:\Program Files\IT Viewer\privoxy.exe" --service, , [e717762eb7d45bdb91b29edc38cb926e]
PUP.Optional.Linkury, HKU\S-1-5-21-3477047024-2134868446-3082669610-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F. ... hannelid=3, , [d22c8c18a6e50f274e9eb9e632d1c838]
PUP.Optional.Linkury, HKU\S-1-5-21-3477047024-2134868446-3082669610-1000\ENVIRONMENT|SNF, C:\ProgramData\Medlights\snp.sc, , [da2440649fec1a1c84675a4547bc946c]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3477047024-2134868446-3082669610-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... esvBA,,&q={searchTerms}, , [7b835e4699f245f129f89edeb64dc33d]
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-3477047024-2134868446-3082669610-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [ce30f6ae5635e35364ddc620b64d3ec2]

Data registru: 6
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),,[7589277d4546fe386554e29e62a2867a]
PUM.Optional.DisableRegistryTools, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Dobré: (0), Špatné: (1),,[8777bde77c0f0333b246f68d857fb24e]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3477047024-2134868446-3082669610-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://%66%65%65%64.%73%6E%61%70%64%6F. ... hDaiOESQ,,, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6E%61%70%64%6F. ... QhDaiOESQ,,),,[39c55252aedd9b9b41737e026d979a66]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3477047024-2134868446-3082669610-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... esvBA,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... esvBA,,&q={searchTerms}),,[f509c9dbccbfd165bdf6cdb33bc940c0]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3477047024-2134868446-3082669610-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... esvBA,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... esvBA,,&q={searchTerms}),,[30ce5e460d7e1b1bc3f0d1afa4605ba5]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3477047024-2134868446-3082669610-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... esvBA,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... esvBA,,&q={searchTerms}),,[f6088f155f2c5dd9773eb5cbba4a0000]

Složky: 4
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer, , [cf2fd8cc8803132346fc0b6f07fc23dd],
PUP.Optional.CrossAd.Gen, C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\jetpack\@3039ABEE5DF4C1FF7F53998F8F30EA3C3039, , [d925fba96e1d05314630f97fc240a35d],
PUP.Optional.CrossAd.Gen, C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\jetpack\@3039ABEE5DF4C1FF7F53998F8F30EA3C3039\simple-storage, , [d925fba96e1d05314630f97fc240a35d],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\ApplicationHosting, , [57a7337191fa2016f11581268e747f81],

Soubory: 21
PUP.Optional.Amonetize, C:\Program Files\NixController\hotnix.exe, , [23dba3018b00d1657ffb133ac14031cf],
Trojan.Fareit, C:\Users\kuba\Downloads\Call-Of-Duty-Modern-Warfare-2-Game.rar, , [d7270d974645f3430fb69be37a8723dd],
Backdoor.Agent.P, C:\Users\kuba\Downloads\Modern-Warfare-2.rar, , [15e9525298f3fd39eb46b2af837e07f9],
PUP.Optional.Privoxy.PrxySvrRST, C:\Windows\System32\Tasks\IT Viewer Viewer, , [07f7881c91fa082e083ddbd222e0aa56],
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\privoxy.exe, , [cf2fd8cc8803132346fc0b6f07fc23dd],
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\checkproxy.exe, , [cf2fd8cc8803132346fc0b6f07fc23dd],
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\config.txt, , [cf2fd8cc8803132346fc0b6f07fc23dd],
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\default.action, , [cf2fd8cc8803132346fc0b6f07fc23dd],
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\default.filter, , [cf2fd8cc8803132346fc0b6f07fc23dd],
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\jpchromium64.exe, , [cf2fd8cc8803132346fc0b6f07fc23dd],
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\mgwz.dll, , [cf2fd8cc8803132346fc0b6f07fc23dd],
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\privoxy.log, , [cf2fd8cc8803132346fc0b6f07fc23dd],
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\tsnet.dll, , [cf2fd8cc8803132346fc0b6f07fc23dd],
PUP.Optional.Linkury.ShrtCln, C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\searchplugins\findit.xml, , [a35b683c7a113303820d314c38cb0bf5],
PUP.Optional.Linkury.Gen, C:\Windows\System32\findit.xml, , [877752528efd122447d7247cfc07e51b],
PUP.Optional.MyPCBackup, C:\Windows\System32\Tasks\LaunchPreSignup, , [7985079d1a71f343e6049f07e91acf31],
PUP.Optional.CrossAd.Gen, C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\jetpack\@3039ABEE5DF4C1FF7F53998F8F30EA3C3039\simple-storage\store.json, , [d925fba96e1d05314630f97fc240a35d],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\ApplicationHosting\ApplicationHosting.dat, , [57a7337191fa2016f11581268e747f81],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\ApplicationHosting\Config.xml, , [57a7337191fa2016f11581268e747f81],
PUP.Optional.Linkury.ShrtCln, C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.newtab.url", "C:\\ProgramData\\Medlights\\ff.NT");), ,[d32b5d4746454bebf1234166e1238977]
PUP.Optional.FindIt, C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.search.defaultenginename", "findit");), ,[ac52a8fc1576d264d7133a6edb29e818]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Jen dodám, že pro spuštění programu TFC bylo zapotřebí vypnout dočasně Avast.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 16.12.2015
Čas skenování: 11:30
Protokol: mbam2.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.16.02
Databáze rootkitů: v2015.12.07.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: kuba

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 381319
Uplynulý čas: 16 min, 54 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
PUP.Optional.Linkury.ShrtCln, C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.newtab.url", "C:\\ProgramData\\Medlights\\ff.NT");), Nahrazeno,[40823c6991faf3431f03d5d49b698977]
PUP.Optional.FindIt, C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.search.defaultenginename", "findit");), Nahrazeno,[11b1b4f11972f442af492684db293fc1]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

# AdwCleaner v5.025 - Logfile created 16/12/2015 at 12:05:32
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : kuba - KUBA-PC
# Running from : C:\Users\kuba\Desktop\adwcleaner_5.025.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files\NixController
Folder Found : C:\Users\kuba\AppData\Roaming\RPEng

***** [ Files ] *****

File Found : C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\user.js

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : RDReminder

***** [ Registry ] *****

Key Found : HKCU\Software\35fecb4628b040f808ce6ea7ab31543e
Key Found : HKCU\Software\PRODUCTSETUP

***** [ Web browsers ] *****

[C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename", "findit");
[C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js] [Preference] Found : user_pref("network.hxxp.request.max-start-delay", 0);
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcgnigmofekcllgbiejhmigggmgehkip

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1360 bytes] ##########

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Cleaning (Vymazat)“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

# AdwCleaner v5.025 - Logfile created 16/12/2015 at 18:21:29
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : kuba - KUBA-PC
# Running from : C:\Users\kuba\Desktop\adwcleaner_5.025.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\NixController
[-] Folder Deleted : C:\Users\kuba\AppData\Roaming\RPEng

***** [ Files ] *****

[-] File Deleted : C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\user.js

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : RDReminder

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\35fecb4628b040f808ce6ea7ab31543e
[-] Key Deleted : HKCU\Software\PRODUCTSETUP

***** [ Web browsers ] *****

[-] [C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "findit");
[-] [C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js] [Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcgnigmofekcllgbiejhmigggmgehkip

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1506 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x86
Ran by kuba (Administrator) on st 16.12.2015 at 18:28:12,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\kuba\AppData\Roaming\3909 (Folder)
Successfully deleted: C:\Users\kuba\AppData\Roaming\dll-files.com (Folder)
Successfully deleted: C:\Users\kuba\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\System32\Tasks\DLL-Files.Com Fixer_MONTHLY (Task)
Successfully deleted: C:\Windows\System32\Tasks\DLL-Files.Com Fixer_Updates (Task)
Successfully deleted: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job (Task)
Successfully deleted: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job (Task)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 16.12.2015 at 18:30:10,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V11.0.3.0 [Dec 14 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : kuba [Práva správce]
Started from : C:\Users\kuba\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 12/16/2015 18:48:49

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -> Nalezeno
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} -> Nalezeno
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E12BDF73-0B6C-459D-9CF6-3CC80F6BF9D0} | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E12BDF73-0B6C-459D-9CF6-3CC80F6BF9D0} | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E12BDF73-0B6C-459D-9CF6-3CC80F6BF9D0} | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E12BDF73-0B6C-459D-9CF6-3CC80F6BF9D0} | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][]) -> Nalezeno
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3477047024-2134868446-3082669610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno

¤¤¤ Úlohy : 2 ¤¤¤
[Suspicious.Path] \Car Browser -- C:\Windows\system32\rundll32.exe ("C:\Users\kuba\AppData\Local\Car Browser\zBin\CarBrowser.dll",#3) -> Nalezeno
[Suspicious.Path] \ehwnload -- C:\Windows\system32\config\systemprofile\AppData\Local\Strongdex (/t 7831 8306) -> Nalezeno

¤¤¤ Soubory : 1 ¤¤¤
[PUP][Složka] C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} -> Nalezeno

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] 9e8d637f4fa6983431568366af488643
[BSP] 687b3038d1ba9241f2d8b53dc9e4c782 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 100294 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 205608960 | Size: 204849 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech

NĚJAK NEMŮŽU NAJÍT LOG Z ROGUEKILLER, NA PLOŠE NENÍ.

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by kuba on źt 17.12.2015 at 10:52:53,87.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\kuba\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17.12.2015 10:53:44 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\AVG deleted successfully
C:\Program Files\VideoLAN deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3477047024-2134868446-3082669610-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-3477047024-2134868446-3082669610-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-3477047024-2134868446-3082669610-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D020300} deleted successfully
HKEY_USERS\S-1-5-21-3477047024-2134868446-3082669610-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AEFE841-DCA1-4A95-80CB-BE935D020300} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D020300} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AEFE841-DCA1-4A95-80CB-BE935D020300} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3477047024-2134868446-3082669610-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AdobeFlashPlayerUpdateSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AdobeFlashPlayerUpdateSvc deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\102aougk.default\prefs.js:

Added to C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\102aougk.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js:
user_pref("browser.startup.homepage", "google.com");
user_pref("browser.newtab.url", "C:\\ProgramData\\Medlights\\ff.NT");

Added to C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================

Katalog Winsock byl ŁspŘçnŘ resetov n.
K dokonźenˇ resetov nˇ je nutn‚ restartovat poźˇtaź.

==== Deleting Files \ Folders ======================

C:\Program Files\AVG not found
C:\Program Files\VideoLAN not found
C:\prefs.js deleted
C:\Users\Guest\AppData\Roaming\ProductData deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\kuba\AppData\Local\Unity deleted
C:\Windows\system32\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\Users\kuba\AppData\LocalLow\Unity deleted
C:\Windows\system32\LavasoftTcpService.dll deleted
C:\Windows\system32\LavasoftTcpServiceOff.ini deleted
C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\jetpack deleted
C:\Users\kuba\AppData\Roaming\hostipconsle.exe deleted
C:\Users\kuba\AppData\Local\Moveis.exe.config deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\102aougk.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14.12.2015 23:47]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default
FE5E10A1775D5B0EE862DBF3BC1283D3 - C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U60
41E59AEE190362FD0D6EF71DE5DCE427 - C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.600.27
88041A1D3DB193614C1DD264CDD7417E - C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll - Shockwave for Director / Shockwave for Director

==== Chromium Look ======================

Browsing Protection by F-Secure - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade
Night Time In New York City - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek
Skype Click to Call - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Users\kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\kuba\AppData\Local\Mozilla\Firefox\Profiles\v31ujro9.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=80 folders=56 152283644 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\kuba\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\kuba\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not found

==== EOF on źt 17.12.2015 at 11:09:36,43 ======================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:25, on 17.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 42.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kuba\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

--
End of file - 4769 bytes

Zdá se mi, že je stále docela dost vytěžovaná RAMka (35% při 4GB) "pouze" za chodu OS a prohlížeče. Možná to tak má být, nevím, klidně mě opravte.
Další problém nastal včera odpoledne, kdy po aktualizaci OS a následném restartu už nenaběhl Windows. Respektive naběhl ale dostalo se to pouze do fáze "příprava na konfiguraci...... nevypínejte PC," kde naběhlo 30%, restart a poté se už Windows nespustil. Zjistil jsem, že při zapojené GK nechce naběhnout windows a "sekne" se to v místě loga windows a nápisu: "Spouštění sytému windows." Nezbýva nic jiného než na tvrdo vypnout PC, odpojit kartu a jet přes integrovanou grafiku. Už jsem to tu zde na fóru řešil viewtopic.php?f=7&t=166686 , Windows po funkci "opravit tento počítač" naběhl i s kartou no a pak přišla ona osudná instalace aktualizací OS. Nejspíš to sem nepatři ale mám s tím taky docela dost velký problém.

zkusil bych tu grafiku odinstalovat ve správci , vypnout PC , zapojit tu grafiku do slotu a pak spustit PC.
Ovladače by si měl win najít sám , případně nainstalovat z CD.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

RogueKiller V11.0.3.0 [Dec 14 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : kuba [Práva správce]
Started from : C:\Users\kuba\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 12/17/2015 12:43:24

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][X]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E12BDF73-0B6C-459D-9CF6-3CC80F6BF9D0} | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E12BDF73-0B6C-459D-9CF6-3CC80F6BF9D0} | DhcpNameServer : 192.168.1.1 10.0.0.138 ([-][(Private Address) (XX)]) -> Nahrazeno ()

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost Smazáno
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost Smazáno

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] 9e8d637f4fa6983431568366af488643
[BSP] 687b3038d1ba9241f2d8b53dc9e4c782 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 100294 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 205608960 | Size: 204849 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

ComboFix 15-12-16.01 - kuba 17.12.2015 12:50:56.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3318.1370 [GMT 1:00]
Spuštěný z: c:\users\kuba\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Papers, Please\lime.ndll
c:\users\Papers, Please\PapersPlease.exe
c:\users\Papers, Please\regexp.dll
c:\users\Papers, Please\std.dll
c:\users\Papers, Please\unins000.exe
c:\users\Papers, Please\zlib.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-11-17 do 2015-12-17 )))))))))))))))))))))))))))))))
.
.
2015-12-17 11:58 . 2015-12-17 11:58 -------- d-----w- c:\users\kuba\AppData\Local\temp
2015-12-17 11:58 . 2015-12-17 11:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-12-17 11:58 . 2015-12-17 11:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-17 10:35 . 2015-12-17 10:35 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7BED30-69B3-4987-9C0A-E204191B06C6}\offreg.5184.dll
2015-12-17 10:07 . 2015-12-17 09:52 24064 ----a-w- c:\windows\zoek-delete.exe
2015-12-17 09:52 . 2015-12-17 10:09 -------- d-----w- C:\zoek_backup
2015-12-17 09:27 . 2015-12-17 09:27 -------- d-----w- c:\users\kuba\AppData\Local\GWX
2015-12-16 23:18 . 2015-11-10 18:39 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-12-16 23:18 . 2015-11-10 18:39 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-12-16 23:18 . 2015-11-10 18:39 811520 ----a-w- c:\windows\system32\user32.dll
2015-12-16 23:18 . 2015-11-10 17:40 2386944 ----a-w- c:\windows\system32\win32k.sys
2015-12-16 23:17 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-12-16 23:17 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2015-12-16 23:17 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2015-12-16 23:17 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2015-12-16 23:15 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2015-12-16 23:15 . 2013-10-04 01:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2015-12-16 23:15 . 2013-10-04 01:56 168960 ----a-w- c:\windows\system32\credui.dll
2015-12-16 23:14 . 2015-07-10 17:34 36864 ----a-w- c:\windows\system32\tsgqec.dll
2015-12-16 23:14 . 2015-07-10 17:33 131584 ----a-w- c:\windows\system32\aaclient.dll
2015-12-16 23:14 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\system32\mstscax.dll
2015-12-16 23:14 . 2014-12-06 03:49 89600 ----a-w- c:\windows\system32\tlntsess.exe
2015-12-16 23:14 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2015-12-16 23:14 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2015-12-16 23:14 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-12-16 23:14 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2015-12-16 23:13 . 2015-11-11 18:39 1242624 ----a-w- c:\windows\system32\comsvcs.dll
2015-12-16 23:13 . 2015-11-11 18:39 487936 ----a-w- c:\windows\system32\catsrvut.dll
2015-12-16 23:13 . 2015-07-01 20:30 206848 ----a-w- c:\windows\system32\WebClnt.dll
2015-12-16 23:13 . 2015-07-01 20:30 82432 ----a-w- c:\windows\system32\davclnt.dll
2015-12-16 23:12 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2015-12-16 23:11 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2015-12-16 23:11 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2015-12-16 23:11 . 2015-07-09 17:42 179712 ----a-w- c:\windows\system32\notepad.exe
2015-12-16 23:11 . 2015-07-09 17:42 179712 ----a-w- c:\windows\notepad.exe
2015-12-16 23:09 . 2015-08-27 17:58 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-12-16 23:09 . 2015-08-27 17:58 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-12-16 23:09 . 2015-08-27 17:51 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-12-16 23:09 . 2015-08-27 17:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-12-16 23:09 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2015-12-16 23:09 . 2015-08-05 17:41 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-12-16 23:08 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2015-12-16 23:08 . 2015-06-15 21:43 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-12-16 23:08 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\system32\msi.dll
2015-12-16 23:08 . 2015-06-15 21:42 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-12-16 23:08 . 2015-06-15 21:37 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-12-16 23:07 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2015-12-16 23:07 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2015-12-16 23:07 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2015-12-16 23:05 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2015-12-16 23:05 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-12-16 23:05 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2015-12-16 23:05 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
2015-12-16 23:03 . 2015-04-18 02:56 342016 ----a-w- c:\windows\system32\certcli.dll
2015-12-16 23:02 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2015-12-16 23:01 . 2015-07-15 17:59 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-12-16 23:01 . 2015-07-15 17:54 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-12-16 23:01 . 2015-07-15 17:55 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-12-16 23:01 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2015-12-16 23:01 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2015-12-16 23:00 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2015-12-16 23:00 . 2015-11-05 19:00 2048 ----a-w- c:\windows\system32\tzres.dll
2015-12-16 22:59 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2015-12-16 22:57 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2015-12-16 22:57 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-16 22:57 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-12-16 22:56 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2015-12-16 22:56 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2015-12-16 18:36 . 2015-11-17 06:43 8991856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7BED30-69B3-4987-9C0A-E204191B06C6}\mpengine.dll
2015-12-16 17:39 . 2015-12-17 11:34 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-12-16 17:39 . 2015-12-16 17:39 -------- d-----w- c:\programdata\RogueKiller
2015-12-16 13:57 . 2015-12-16 13:57 -------- d-----w- c:\users\kuba\AppData\Local\2K Games
2015-12-16 13:35 . 2015-12-16 13:35 -------- d-----w- c:\users\kuba\AppData\Local\CEF
2015-12-16 11:05 . 2015-12-16 17:21 -------- d-----w- C:\AdwCleaner
2015-12-16 11:04 . 2015-12-16 11:04 -------- d-----w- c:\users\kuba\AppData\Local\ATI
2015-12-16 09:19 . 2015-12-16 09:25 -------- d-s---w- c:\windows\system32\GWX
2015-12-15 00:11 . 2015-12-15 00:11 -------- d-----w- C:\AMD
2015-12-15 00:04 . 2015-12-15 00:04 -------- d-----w- c:\users\kuba\AppData\Roaming\ATI
2015-12-14 23:04 . 2015-12-16 10:30 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-14 23:03 . 2015-12-14 23:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-12-14 23:03 . 2015-12-14 23:03 -------- d-----w- c:\programdata\Malwarebytes
2015-12-14 23:03 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-12-14 23:03 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-14 23:03 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-14 22:55 . 2015-12-14 22:55 -------- d-----w- c:\users\DefaultAppPool
2015-12-14 22:47 . 2015-12-14 22:55 -------- d-----w- c:\users\kuba\AppData\Local\Google
2015-12-14 22:47 . 2015-12-14 22:44 322760 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-14 22:45 . 2015-12-14 22:45 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
2015-12-14 22:45 . 2015-12-14 22:45 -------- d-----w- c:\users\kuba\AppData\Roaming\AVAST Software
2015-12-14 22:45 . 2015-12-14 22:45 -------- d-----w- c:\program files\Common Files\AV
2015-12-14 22:45 . 2015-12-14 22:44 117712 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-12-14 22:45 . 2015-12-14 22:44 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-14 22:45 . 2015-12-14 22:44 435976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-12-14 22:45 . 2015-12-14 22:44 209432 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-14 22:45 . 2015-12-14 22:44 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-12-14 22:45 . 2015-12-14 22:44 81168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-12-14 22:45 . 2015-12-14 22:44 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-14 22:45 . 2015-12-14 22:44 794952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-12-14 22:44 . 2015-12-14 22:44 43112 ----a-w- c:\windows\avastSS.scr
2015-12-14 22:43 . 2015-12-14 22:43 -------- d-----w- c:\program files\AVAST Software
2015-12-14 22:29 . 2015-12-14 22:43 -------- d-----w- c:\programdata\AVAST Software
2015-12-14 21:11 . 2015-12-14 21:11 -------- d-----w- c:\program files\CCleaner
2015-12-14 20:57 . 2015-12-14 20:57 -------- d-----w- c:\program files\VS Revo Group
2015-12-12 14:25 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2015-12-12 14:25 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2015-12-12 14:25 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2015-12-12 14:25 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2015-12-12 14:25 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2015-12-12 14:25 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2015-12-12 14:25 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2015-12-12 14:23 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2015-12-12 14:23 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2015-12-12 14:23 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2015-12-12 14:23 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-12-12 14:22 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-12-12 14:22 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2015-12-12 13:55 . 2015-12-12 13:55 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-12-12 12:54 . 2015-12-12 12:54 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2015-12-12 12:49 . 2015-12-12 12:49 -------- d-----w- c:\users\Guest\AppData\Roaming\AVG
2015-12-12 12:45 . 2015-12-12 12:45 -------- d-----w- c:\users\Guest\AppData\Roaming\ATI
2015-12-12 11:55 . 2015-12-12 11:55 -------- d-----w- c:\programdata\ATI
2015-12-11 15:23 . 2015-12-11 15:23 231424 ----a-w- c:\windows\system32\mswsock.dll
2015-12-11 15:23 . 2015-12-11 15:23 49152 ----a-w- c:\windows\system32\taskhost.exe
2015-12-11 15:19 . 2015-12-11 15:19 1505280 ----a-w- c:\windows\system32\d3d11.dll
2015-12-11 14:49 . 2015-02-03 03:12 171520 ----a-w- c:\windows\system32\ubpm.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-12 13:58 . 2015-12-12 13:58 208384 ----a-w- c:\windows\system32\webcheck.dll
2015-12-10 18:13 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2015-12-09 19:23 . 2015-11-06 12:23 20113608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2015-12-02 12:25 . 2015-10-19 12:41 247976 ------w- c:\windows\system32\MpSigStub.exe
2015-11-04 17:52 . 2015-11-04 17:54 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2015-10-29 17:49 . 2015-12-16 23:04 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-12-16 23:04 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-12-16 23:04 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-12-16 23:04 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-12-16 23:04 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-21 19:12 . 2015-10-21 19:12 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2015-10-21 19:12 . 2015-10-21 19:12 138904 ----a-w- c:\users\kuba\AppData\Roaming\PnkBstrK.sys
2015-10-21 19:12 . 2015-10-21 19:12 281872 ----a-w- c:\windows\system32\PnkBstrB.exe
2015-10-21 19:12 . 2015-10-21 19:12 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2015-10-20 17:56 . 2015-10-20 17:56 97888 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-10-12 23:29 . 2015-10-12 23:29 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-14 22:44 750216 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
"StartCCC"="c:\program files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" [2015-08-04 748744]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-14 7021880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 14:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingSvc]
2015-11-12 16:27 144008 ----a-w- c:\users\kuba\AppData\Local\Microsoft\BingSvc\BingSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2015-12-02 14:11 3638768 ----a-w- c:\program files\Origin\Origin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-09-27 22:43 57981568 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-11-10 02:44 3011152 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2015-11-29 16:27 2026520 ----a-w- c:\users\kuba\AppData\Roaming\uTorrent\utorrent.exe
.
2;2 iprip;Naslouchání RIP;c:\windows\System32\svchost.exe [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-12-14 117712]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2015-07-15 78848]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-12-12 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 Origin Client Service;Origin Client Service;c:\program files\Origin\OriginClientService.exe [2015-12-02 2104840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-12-14 794952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-12-14 435976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2015-08-04 214528]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-12-14 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-12-14 81168]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ipripsvc REG_MULTI_SZ iprip
utcsvc REG_MULTI_SZ DiagTrack
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.1.1 10.0.0.138
FF - ProfilePath - c:\users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Papers, Please_is1 - c:\users\Papers
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3477047024-2134868446-3082669610-1000\Software\SecuROM\License information*]
"datasecu"=hex:c3,5e,f2,41,48,28,00,6b,18,dc,bd,d5,17,4e,7f,3d,aa,a2,dc,96,4e,
7a,10,b9,16,96,69,a8,ff,6f,d7,8a,c7,6e,32,7e,e6,c9,e4,1c,89,e5,42,88,f2,e6,\
"rkeysecu"=hex:b2,f2,c9,f1,21,8c,8a,43,ad,9d,73,76,8c,d8,78,7c
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-12-17 13:00:41
ComboFix-quarantined-files.txt 2015-12-17 12:00
.
Před spuštěním: Volných bajtů: 22 412 144 640
Po spuštění: Volných bajtů: 21 927 628 800
.
- - End Of File - - D0702B8271050804B2A38DEEBF3B1CCE
A36C5E4F47E84449FF07ED3517B43A31

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"@=hex(7):36,00,74,00,6f,00,34,00,0d,00,0a,00,41,00,70,00,70,00,4d,00,67,00,6d,\
  00,74,00,0d,00,0a,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,0d,00,\
  0a,00,42,00,72,00,6f,00,77,00,73,00,65,00,72,00,0d,00,0a,00,43,00,72,00,79,\
  00,70,00,74,00,53,00,76,00,63,00,0d,00,0a,00,44,00,4d,00,53,00,65,00,72,00,\
  76,00,65,00,72,00,0d,00,0a,00,44,00,48,00,43,00,50,00,0d,00,0a,00,45,00,52,\
  00,53,00,76,00,63,00,0d,00,0a,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,\
  73,00,74,00,65,00,6d,00,0d,00,0a,00,46,00,61,00,73,00,74,00,55,00,73,00,65,\
  00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,\
  6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,0d,00,0a,\
  00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,0d,00,0a,00,49,00,61,00,73,00,\
  0d,00,0a,00,49,00,70,00,72,00,69,00,70,00,0d,00,0a,00,49,00,72,00,6d,00,6f,\
  00,6e,00,0d,00,0a,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
  76,00,65,00,72,00,0d,00,0a,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,\
  00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,0d,00,0a,00,4d,00,\
  65,00,73,00,73,00,65,00,6e,00,67,00,65,00,72,00,0d,00,0a,00,4e,00,65,00,74,\
  00,6d,00,61,00,6e,00,0d,00,0a,00,4e,00,6c,00,61,00,0d,00,0a,00,4e,00,74,00,\
  6d,00,73,00,73,00,76,00,63,00,0d,00,0a,00,4e,00,57,00,43,00,57,00,6f,00,72,\
  00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,0d,00,0a,00,4e,00,77,00,\
  73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,0d,00,0a,00,52,00,61,00,73,\
  00,61,00,75,00,74,00,6f,00,0d,00,0a,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
  0d,00,0a,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,\
  00,73,00,0d,00,0a,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,0d,00,\
  0a,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,0d,00,0a,00,53,00,45,\
  00,4e,00,53,00,0d,00,0a,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,\
  63,00,65,00,73,00,73,00,0d,00,0a,00,53,00,52,00,53,00,65,00,72,00,76,00,69,\
  00,63,00,65,00,0d,00,0a,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,0d,00,\
  0a,00,54,00,68,00,65,00,6d,00,65,00,73,00,0d,00,0a,00,54,00,72,00,6b,00,57,\
  00,6b,00,73,00,0d,00,0a,00,57,00,33,00,32,00,54,00,69,00,6d,00,65,00,0d,00,\
  0a,00,57,00,5a,00,43,00,53,00,56,00,43,00,0d,00,0a,00,57,00,6d,00,69,00,0d,\
  00,0a,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,0d,00,0a,00,77,00,\
  69,00,6e,00,6d,00,67,00,6d,00,74,00,0d,00,0a,00,54,00,65,00,72,00,6d,00,53,\
  00,65,00,72,00,76,00,69,00,63,00,65,00,0d,00,0a,00,77,00,75,00,61,00,75,00,\
  73,00,65,00,72,00,76,00,0d,00,0a,00,42,00,49,00,54,00,53,00,0d,00,0a,00,53,\
  00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,\
  69,00,6f,00,6e,00,0d,00,0a,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,0d,\
  00,0a,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,0d,00,0a,00,78,00,\
  6d,00,6c,00,70,00,72,00,6f,00,76,00,0d,00,0a,00,77,00,73,00,63,00,73,00,76,\
  00,63,00,00,00,00,00

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: Fixreg.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Poklepej na soubor Fixreg.reg na ploše , objeví se okno s otázkou , zda si opravdu přeješ zapsat do registru. Klikni na Ano.
Restartuj PC.

Odinstaluj:
xhunter

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\xhunter1.sys

Folder::
c:\program files\Skype\Updater

Driver::
2
2 iprip
SkypeUpdate
xhunter1

DDS::
uInternet Settings,ProxyOverride = <local>
Trusted Zone: localhost
Trusted Zone: webcompanion.com
RegLock::
[HKEY_USERS\S-1-5-21-3477047024-2134868446-3082669610-1000\Software\SecuROM\License information*]
"datasecu"=hex:c3,5e,f2,41,48,28,00,6b,18,dc,bd,d5,17,4e,7f,3d,aa,a2,dc,96,4e,
 7a,10,b9,16,96,69,a8,ff,6f,d7,8a,c7,6e,32,7e,e6,c9,e4,1c,89,e5,42,88,f2,e6,\
"rkeysecu"=hex:b2,f2,c9,f1,21,8c,8a,43,ad,9d,73,76,8c,d8,78,7c
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

ComboFix 15-12-16.01 - kuba 17.12.2015 18:29:01.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3318.2139 [GMT 1:00]
Spuštěný z: c:\users\kuba\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\kuba\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\xhunter1.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XHUNTER1
-------\Service_SkypeUpdate
-------\Service_xhunter1
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-11-17 do 2015-12-17 )))))))))))))))))))))))))))))))
.
.
2015-12-17 17:37 . 2015-12-17 17:47 -------- d-----w- c:\users\kuba\AppData\Local\temp
2015-12-17 17:37 . 2015-12-17 17:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-12-17 17:37 . 2015-12-17 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-17 17:20 . 2015-12-17 17:20 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7BED30-69B3-4987-9C0A-E204191B06C6}\offreg.3180.dll
2015-12-17 15:14 . 2015-11-10 00:11 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-12-17 15:13 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2015-12-17 15:12 . 2015-05-25 18:01 92160 ----a-w- c:\windows\system32\sechost.dll
2015-12-17 15:12 . 2015-05-25 18:00 40448 ----a-w- c:\windows\system32\typeperf.exe
2015-12-17 15:12 . 2015-05-25 18:00 364544 ----a-w- c:\windows\system32\tracerpt.exe
2015-12-17 15:12 . 2015-05-25 18:00 37888 ----a-w- c:\windows\system32\relog.exe
2015-12-17 15:12 . 2015-05-25 18:00 82944 ----a-w- c:\windows\system32\logman.exe
2015-12-17 15:12 . 2015-05-25 18:00 17408 ----a-w- c:\windows\system32\diskperf.exe
2015-12-17 15:11 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2015-12-17 15:11 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-17 15:11 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2015-12-17 15:11 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2015-12-17 15:11 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2015-12-17 15:11 . 2015-02-04 02:54 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2015-12-17 14:29 . 2015-12-17 14:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7BED30-69B3-4987-9C0A-E204191B06C6}\offreg.2356.dll
2015-12-17 14:16 . 2015-12-17 14:17 -------- d-----w- c:\program files\AMD
2015-12-17 14:15 . 2015-12-17 14:15 -------- d-----w- C:\AMD
2015-12-17 13:37 . 2015-12-17 13:37 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7BED30-69B3-4987-9C0A-E204191B06C6}\offreg.928.dll
2015-12-17 12:41 . 2015-12-17 12:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7BED30-69B3-4987-9C0A-E204191B06C6}\offreg.2420.dll
2015-12-17 12:17 . 2009-09-23 10:50 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2015-12-17 12:17 . 2009-09-23 10:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2015-12-17 12:17 . 2015-12-17 12:17 -------- d-----w- c:\windows\system32\Lang
2015-12-17 12:17 . 2015-12-17 12:17 -------- d-----w- c:\program files\Intel
2015-12-17 12:14 . 2015-12-17 12:14 -------- d-----w- c:\windows\system32\x64
2015-12-17 12:14 . 2009-09-23 18:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2015-12-17 10:07 . 2015-12-17 09:52 24064 ----a-w- c:\windows\zoek-delete.exe
2015-12-17 09:52 . 2015-12-17 10:09 -------- d-----w- C:\zoek_backup
2015-12-17 09:27 . 2015-12-17 09:27 -------- d-----w- c:\users\kuba\AppData\Local\GWX
2015-12-16 23:18 . 2015-11-10 18:39 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-12-16 23:18 . 2015-11-10 18:39 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-12-16 23:18 . 2015-11-10 18:39 811520 ----a-w- c:\windows\system32\user32.dll
2015-12-16 23:18 . 2015-11-10 17:40 2386944 ----a-w- c:\windows\system32\win32k.sys
2015-12-16 23:17 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-12-16 23:17 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2015-12-16 23:17 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2015-12-16 23:17 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2015-12-16 23:15 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2015-12-16 23:15 . 2013-10-04 01:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2015-12-16 23:15 . 2013-10-04 01:56 168960 ----a-w- c:\windows\system32\credui.dll
2015-12-16 23:14 . 2015-07-10 17:34 36864 ----a-w- c:\windows\system32\tsgqec.dll
2015-12-16 23:14 . 2015-07-10 17:33 131584 ----a-w- c:\windows\system32\aaclient.dll
2015-12-16 23:14 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\system32\mstscax.dll
2015-12-16 23:14 . 2014-12-06 03:49 89600 ----a-w- c:\windows\system32\tlntsess.exe
2015-12-16 23:14 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2015-12-16 23:14 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2015-12-16 23:14 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-12-16 23:14 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2015-12-16 23:13 . 2015-11-11 18:39 1242624 ----a-w- c:\windows\system32\comsvcs.dll
2015-12-16 23:13 . 2015-11-11 18:39 487936 ----a-w- c:\windows\system32\catsrvut.dll
2015-12-16 23:13 . 2015-07-01 20:30 206848 ----a-w- c:\windows\system32\WebClnt.dll
2015-12-16 23:13 . 2015-07-01 20:30 82432 ----a-w- c:\windows\system32\davclnt.dll
2015-12-16 23:12 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2015-12-16 23:11 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2015-12-16 23:11 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2015-12-16 23:11 . 2015-07-09 17:42 179712 ----a-w- c:\windows\system32\notepad.exe
2015-12-16 23:11 . 2015-07-09 17:42 179712 ----a-w- c:\windows\notepad.exe
2015-12-16 23:09 . 2015-08-27 17:58 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-12-16 23:09 . 2015-08-27 17:58 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-12-16 23:09 . 2015-08-27 17:51 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-12-16 23:09 . 2015-08-27 17:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-12-16 23:09 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2015-12-16 23:09 . 2015-08-05 17:41 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-12-16 23:08 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2015-12-16 23:08 . 2015-06-15 21:43 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-12-16 23:08 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\system32\msi.dll
2015-12-16 23:08 . 2015-06-15 21:42 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-12-16 23:08 . 2015-06-15 21:37 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-12-16 23:07 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2015-12-16 23:07 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2015-12-16 23:07 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2015-12-16 23:05 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2015-12-16 23:05 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-12-16 23:05 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2015-12-16 23:05 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
2015-12-16 23:03 . 2015-04-18 02:56 342016 ----a-w- c:\windows\system32\certcli.dll
2015-12-16 23:02 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2015-12-16 23:01 . 2015-07-15 17:59 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-12-16 23:01 . 2015-07-15 17:54 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-12-16 23:01 . 2015-07-15 17:55 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-12-16 23:01 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2015-12-16 23:01 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2015-12-16 23:00 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2015-12-16 23:00 . 2015-11-05 19:00 2048 ----a-w- c:\windows\system32\tzres.dll
2015-12-16 22:59 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2015-12-16 22:57 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2015-12-16 22:57 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-16 22:57 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-12-16 22:56 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2015-12-16 22:56 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2015-12-16 18:36 . 2015-11-17 06:43 8991856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7BED30-69B3-4987-9C0A-E204191B06C6}\mpengine.dll
2015-12-16 17:39 . 2015-12-17 11:34 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-12-16 17:39 . 2015-12-16 17:39 -------- d-----w- c:\programdata\RogueKiller
2015-12-16 13:57 . 2015-12-16 13:57 -------- d-----w- c:\users\kuba\AppData\Local\2K Games
2015-12-16 13:35 . 2015-12-16 13:35 -------- d-----w- c:\users\kuba\AppData\Local\CEF
2015-12-16 11:05 . 2015-12-16 17:21 -------- d-----w- C:\AdwCleaner
2015-12-16 11:04 . 2015-12-16 11:04 -------- d-----w- c:\users\kuba\AppData\Local\ATI
2015-12-16 09:19 . 2015-12-16 09:25 -------- d-s---w- c:\windows\system32\GWX
2015-12-15 00:04 . 2015-12-15 00:04 -------- d-----w- c:\users\kuba\AppData\Roaming\ATI
2015-12-14 23:04 . 2015-12-16 10:30 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-14 23:03 . 2015-12-14 23:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-12-14 23:03 . 2015-12-14 23:03 -------- d-----w- c:\programdata\Malwarebytes
2015-12-14 23:03 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-12-14 23:03 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-14 23:03 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-14 22:55 . 2015-12-17 12:00 -------- d-----w- c:\users\DefaultAppPool
2015-12-14 22:47 . 2015-12-14 22:55 -------- d-----w- c:\users\kuba\AppData\Local\Google
2015-12-14 22:47 . 2015-12-14 22:44 322760 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-14 22:45 . 2015-12-14 22:45 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
2015-12-14 22:45 . 2015-12-14 22:45 -------- d-----w- c:\users\kuba\AppData\Roaming\AVAST Software
2015-12-14 22:45 . 2015-12-14 22:45 -------- d-----w- c:\program files\Common Files\AV
2015-12-14 22:45 . 2015-12-14 22:44 117712 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-12-14 22:45 . 2015-12-14 22:44 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-14 22:45 . 2015-12-14 22:44 435976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-12-14 22:45 . 2015-12-14 22:44 209432 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-14 22:45 . 2015-12-14 22:44 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-12-14 22:45 . 2015-12-14 22:44 81168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-12-14 22:45 . 2015-12-14 22:44 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-14 22:45 . 2015-12-14 22:44 794952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-12-14 22:44 . 2015-12-14 22:44 43112 ----a-w- c:\windows\avastSS.scr
2015-12-14 22:43 . 2015-12-14 22:43 -------- d-----w- c:\program files\AVAST Software
2015-12-14 22:29 . 2015-12-14 22:43 -------- d-----w- c:\programdata\AVAST Software
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-17 17:47 . 2015-12-17 17:47 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7BED30-69B3-4987-9C0A-E204191B06C6}\offreg.2132.dll
2015-12-17 17:46 . 2015-11-17 14:37 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2015-12-10 18:13 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2015-12-09 19:23 . 2015-11-06 12:23 20113608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2015-12-02 12:25 . 2015-10-19 12:41 247976 ------w- c:\windows\system32\MpSigStub.exe
2015-11-09 23:37 . 2015-12-17 15:15 230400 ----a-w- c:\windows\system32\webcheck.dll
2015-11-04 17:52 . 2015-11-04 17:54 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2015-10-29 17:49 . 2015-12-16 23:04 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-12-16 23:04 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-12-16 23:04 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-12-16 23:04 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-12-16 23:04 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-21 19:12 . 2015-10-21 19:12 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2015-10-21 19:12 . 2015-10-21 19:12 138904 ----a-w- c:\users\kuba\AppData\Roaming\PnkBstrK.sys
2015-10-21 19:12 . 2015-10-21 19:12 281872 ----a-w- c:\windows\system32\PnkBstrB.exe
2015-10-21 19:12 . 2015-10-21 19:12 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2015-10-20 17:56 . 2015-10-20 17:56 97888 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-10-12 23:29 . 2015-10-12 23:29 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-14 22:44 750216 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-14 7021880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 14:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-11-16 16:54 6602152 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2015-12-02 14:11 3638768 ----a-w- c:\program files\Origin\Origin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-09-27 22:43 57981568 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-11-10 02:44 3011152 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2015-11-29 16:27 2026520 ----a-w- c:\users\kuba\AppData\Roaming\uTorrent\utorrent.exe
.
2;2 iprip;Naslouchání RIP;c:\windows\System32\svchost.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2015-07-15 78848]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-11-10 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 Origin Client Service;Origin Client Service;c:\program files\Origin\OriginClientService.exe [2015-12-02 2104840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-12-14 794952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-12-14 435976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2015-08-04 214528]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-12-14 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-12-14 81168]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-12-14 117712]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ipripsvc REG_MULTI_SZ iprip
utcsvc REG_MULTI_SZ DiagTrack
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.1.1 10.0.0.138
FF - ProfilePath - c:\users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\v31ujro9.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-StartCCC - c:\program files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3477047024-2134868446-3082669610-1000\Software\SecuROM\License information*]
"datasecu"=hex:c3,5e,f2,41,48,28,00,6b,18,dc,bd,d5,17,4e,7f,3d,aa,a2,dc,96,4e,
7a,10,b9,16,96,69,a8,ff,6f,d7,8a,c7,6e,32,7e,e6,c9,e4,1c,89,e5,42,88,f2,e6,\
"rkeysecu"=hex:b2,f2,c9,f1,21,8c,8a,43,ad,9d,73,76,8c,d8,78,7c
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\mqsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\TeamViewer\TeamViewer_Service.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\sppsvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Celkový čas: 2015-12-17 18:51:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-12-17 17:51
ComboFix2.txt 2015-12-17 12:00
.
Před spuštěním: Volných bajtů: 21 631 762 432
Po spuštění: Volných bajtů: 21 114 761 216
.
- - End Of File - - 7C8C20CF38BEA6CEDAFC6829C1C71AEC
A36C5E4F47E84449FF07ED3517B43A31

PC-HELP.CZ

Neudržovaný PC. Prosím o kontrolo logu.

Neudržovaný PC. Prosím o kontrolo logu.

Re: Neudržovaný PC. Prosím o kontrolo logu.

Re: Neudržovaný PC. Prosím o kontrolo logu.

Re: Neudržovaný PC. Prosím o kontrolo logu.

Re: Neudržovaný PC. Prosím o kontrolo logu.

Re: Neudržovaný PC. Prosím o kontrolo logu.

Re: Neudržovaný PC. Prosím o kontrolo logu.

Re: Neudržovaný PC. Prosím o kontrolo logu.

Re: Neudržovaný PC. Prosím o kontrolo logu.

Re: Neudržovaný PC. Prosím o kontrolo logu.

Re: Neudržovaný PC. Prosím o kontrolo logu.

Re: Neudržovaný PC. Prosím o kontrolo logu.