PC-HELP.CZ

Dobrý den

Prosím o kontrolu logu HJT. Problém (možná to problém není) je ten, že při kontrole PC programem AVG hlásí 19 chyb, které nešly odstranit.
A sice Hook funkce služby ... a následuje popis služby, např. NTShutdownSystem ->cmdguard.sys+0xD17A. Všechny chyby začínají na NT.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:10:59, on 12.1.2016
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
F:\Windows\system32\Dwm.exe
F:\Windows\system32\taskhost.exe
F:\Windows\Explorer.EXE
F:\Windows\System32\rundll32.exe
F:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
F:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Program Files\NVIDIA Corporation\Display\nvtray.exe
F:\Program Files\AVG\Framework\Common\avguix.exe
F:\Program Files\AVG\Av\avgui.exe
F:\Windows\system32\ctfmon.exe
F:\Program Files\CCleaner\CCleaner.exe
F:\Windows\system32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default\extensions\memoryfoxnext@idevfh.im\components\afom.exe
F:\Program Files\BitTorrent\BitTorrent.exe
D:\Instalačky\Správa počítače\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [NvBackend] "F:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvgUi] "F:\Program Files\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [AVG_UI] "F:\Program Files\AVG\Av\avgui.exe" /TRAYONLY
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\Program Files\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://files.creative.com/Web/softwareu ... PIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://files.creative.com/Web/softwareu ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://files.creative.com/Web/softwareu ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04AD75D0-80E4-480A-AC68-EBFD612E7F06}: NameServer = 213.46.172.37,213.46.172.36
O17 - HKLM\System\CS1\Services\Tcpip\..\{04AD75D0-80E4-480A-AC68-EBFD612E7F06}: NameServer = 213.46.172.37,213.46.172.36
O17 - HKLM\System\CS2\Services\Tcpip\..\{04AD75D0-80E4-480A-AC68-EBFD612E7F06}: NameServer = 156.154.70.25,156.154.71.25
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\Av\avgamps.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\Framework\Common\avgsvcx.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\Av\avgwdsvcx.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - F:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - F:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - F:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - F:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6827 bytes

Platform: Windows 7 -- hlavně si doinstaluj SP1!

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

SP1 doinstalován, teda aspoň doufám

# AdwCleaner v5.029 - Logfile created 12/01/2016 at 18:04:14
# Updated 11/01/2016 by Xplode
# Database : 2016-01-11.4 [Server]
# Operating system : Windows 7 Home Premium (x86)
# Username : Severus - SEVERUS-PC
# Running from : D:\Instalačky\Správa počítače\!! Antivirové programy\adwcleaner_5.029.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default\prefs.js] [Preference] Found : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1453553102);

########## EOF - F:\AdwCleaner\AdwCleaner[S1].txt - [822 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12.1.2016
Čas skenování: 18:11
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.01.12.05
Databáze rootkitů: v2016.01.09.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7
CPU: x86
Souborový systém: NTFS
Uživatel: Severus

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 288769
Uplynulý čas: 4 min, 43 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

# AdwCleaner v5.029 - Logfile created 12/01/2016 at 20:15:01
# Updated 11/01/2016 by Xplode
# Database : 2016-01-12.1 [Server]
# Operating system : Windows 7 Home Premium (x86)
# Username : Severus - SEVERUS-PC
# Running from : D:\Instalačky\Správa počítače\!! Antivirové programy\adwcleaner_5.029.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default\prefs.js] [Preference] Deleted : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1453553102);

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - F:\AdwCleaner\AdwCleaner[C1].txt - [920 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x86
Ran by Severus (Administrator) on Łt 12.01.2016 at 20:24:58,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default\searchplugins\torrents-search.xml (File)
Successfully deleted: F:\Users\Severus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J8YUFJA (Folder)
Successfully deleted: F:\Users\Severus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFS320F0 (Folder)
Successfully deleted: F:\Users\Severus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSP2FUY9 (Folder)
Successfully deleted: F:\Users\Severus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDXBT44J (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 12.01.2016 at 20:53:44,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Odkazy na stažení RogueKiller jsou oba nefunkční

RogueKiller V11.0.7.0 [Jan 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7600) 32 bits version
Spuštěno : Normální režim
Uživatel : Severus [Práva správce]
Started from : F:\Program Files\RogueKiller\RogueKiller.exe
Mód : Prohledat -- Datum : 01/12/2016 21:30:09

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\RK_Software_ON_C_2748\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Nalezeno
[PUM.HomePage] HKEY_USERS\RK_Severus_ON_C_BE89\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={F682F197-7992-49AE-952A-F33ACB547D25}&mid=2738a9055bdb47cdaed7d1543b4bc027-557114a9b0473eec7c50b6c225dbaa2fc37ba028&lang=cs&ds=AVG&coid=avgtbavg&cmpid=1015av&pr=fr&d=2015-11-01 08:13:36&v=4.1.8.599&pid=wtu&sg=&sap=hp -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUP][FIREFX:Addon] y0x7gmio.default : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Nalezeno
[PUM.HomePage][FIREFX:Config] y0x7gmio.default : user_pref("browser.startup.homepage", "https://www.seznam.cz"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DL002-9TT153 ATA Device +++++
--- User ---
[MBR] eafb1c37fb6bf9307ab25c1516ad1fe5
[BSP] 84006b4689030f2b4b91a2e9999f81c8 : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3320620AS ATA Device +++++
--- User ---
[MBR] a3cef0036e230ca825d833b7e2f9216e
[BSP] 84ca8f005dac36c956db86d60d557f65 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 149997 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307195904 | Size: 155244 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: KINGSTON SHFS37A120G ATA Device +++++
--- User ---
[MBR] 510fea19bcda4535d6941a5aa97b85c9
[BSP] 33341d9755143a87c8bdd92eb2c0b221 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114021 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233517056 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

SP1 sis nedoinstaloval..

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:


klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

SP1 jsem doinstaloval. Ale teď mě zajímá, co jsem to teda instaloval včera

RogueKiller V11.0.7.0 [Jan 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Severus [Práva správce]
Started from : F:\Program Files\RogueKiller\RogueKiller.exe
Mód : Smazat -- Datum : 01/13/2016 14:37:58

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\RK_Software_ON_C_B7F5\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Smazáno
[PUM.HomePage] HKEY_USERS\RK_Severus_ON_C_D7D9\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={F682F197-7992-49AE-952A-F33ACB547D25}&mid=2738a9055bdb47cdaed7d1543b4bc027-557114a9b0473eec7c50b6c225dbaa2fc37ba028&lang=cs&ds=AVG&coid=avgtbavg&cmpid=1015av&pr=fr&d=2015-11-01 08:13:36&v=4.1.8.599&pid=wtu&sg=&sap=hp -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] y0x7gmio.default : user_pref("browser.startup.homepage", "https://www.seznam.cz"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DL002-9TT153 ATA Device +++++
--- User ---
[MBR] eafb1c37fb6bf9307ab25c1516ad1fe5
[BSP] 84006b4689030f2b4b91a2e9999f81c8 : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3320620AS ATA Device +++++
--- User ---
[MBR] a3cef0036e230ca825d833b7e2f9216e
[BSP] 84ca8f005dac36c956db86d60d557f65 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 149997 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307195904 | Size: 155244 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: KINGSTON SHFS37A120G ATA Device +++++
--- User ---
[MBR] 510fea19bcda4535d6941a5aa97b85c9
[BSP] 33341d9755143a87c8bdd92eb2c0b221 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114021 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233517056 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

Zoek budu příště pouštět přes noc Osm hodin trvající test


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Severus on st 13.01.2016 at 14:38:36,06.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: F:\Users\Severus\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13.1.2016 14:39:14 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default\prefs.js:
user_pref("browser.newtab.url", "");
user_pref("browser.search.selectedEngine", "");
user_pref("browser.search.useDBForOrder", true);

Added to F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("capability.policy.maonoscript.sites", "addons.mozilla.org afx.ms ajax.aspnetcdn.com ajax.googleapis.com bootstrapcdn.com code.jquery.com fi
---- FireFox user.js and prefs.js backups ----

prefs_13.01.2016_2109_.backup

==== Deleting Files \ Folders ======================

F:\ProgramData\Package Cache deleted
F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default\extensions\firefox@ghostery.com.xpi deleted
F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default\Invalidprefs.js deleted
F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default\jetpack deleted

==== Firefox Start and Search pages ======================

ProfilePath: F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org
- Memory Fox Next - %ProfilePath%\extensions\memoryfoxnext@idevfh.im
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Classic Theme Restorer - %ProfilePath%\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi
- Save-To-Read - %ProfilePath%\extensions\save2read@konstantin.plotnikov.xpi
- Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi
- Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

AppDir: F:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: F:\Users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default
AC05C6E4465BFBE6EF41FD6DD46E5B59 - F:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
52CE0DBFD9738AE528CF525A0367EBEB - F:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
D0D310392579581DCB1B21378552C73F - F:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
2FA85C3A9A2789D389CAA9B3832BEBF8 - F:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
D6015DB8EA402753421FF62CA3909B62 - F:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U66
776C6B8D53C56500BC355D513F11A105 - F:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.660.18


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{943C5173-14EA-4239-9609-6C5575D626E1}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{943C5173-14EA-4239-9609-6C5575D626E1} - https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security deleted successfully

==== Empty IE Cache ======================

F:\Users\Severus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
F:\Users\Severus\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
F:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
F:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
F:\Users\Severus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J8YUFJA will be deleted at reboot
F:\Users\Severus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
F:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
F:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
F:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

F:\Users\Severus\AppData\Local\Mozilla\Firefox\Profiles\y0x7gmio.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== F:\zoek_backup content ======================

F:\zoek_backup (files=12 folders=11 9465651 bytes)

==== Empty Temp Folders ======================

F:\Users\Default\AppData\Local\Temp emptied successfully
F:\Users\Default User\AppData\Local\Temp emptied successfully
F:\Users\Severus\AppData\Local\Temp will be emptied at reboot
F:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
F:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
F:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

F:\Windows\Temp successfully emptied
F:\Users\Severus\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

F:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"F:\Users\Severus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"F:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"F:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"F:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"F:\Users\Severus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J8YUFJA" not found

==== EOF on st 13.01.2016 at 22:33:02,15 ======================

ComboFix 16-01-07.01 - Severus 13.01.2016 22:35:30.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3326.2305 [GMT 1:00]
Spuštěný z: f:\users\Severus\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-13 do 2016-01-13 )))))))))))))))))))))))))))))))
.
.
2016-01-13 21:41 . 2016-01-13 21:41 -------- d-----w- f:\users\Default\AppData\Local\temp
2016-01-13 21:28 . 2016-01-13 13:38 24064 ----a-w- f:\windows\zoek-delete.exe
2016-01-13 13:38 . 2016-01-13 20:11 -------- d-----w- F:\zoek_backup
2016-01-13 13:16 . 2016-01-13 13:16 -------- d-----w- f:\windows\system32\SPReview
2016-01-12 20:13 . 2016-01-13 13:26 30848 ----a-w- f:\windows\system32\drivers\TrueSight.sys
2016-01-12 20:13 . 2016-01-12 20:32 -------- d-----w- f:\programdata\RogueKiller
2016-01-12 20:13 . 2016-01-12 20:19 -------- d-----w- f:\program files\RogueKiller
2016-01-12 17:10 . 2016-01-12 17:10 170200 ----a-w- f:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-12 17:10 . 2016-01-12 17:10 -------- d-----w- f:\program files\Malwarebytes Anti-Malware
2016-01-12 17:10 . 2016-01-12 17:10 -------- d-----w- f:\programdata\Malwarebytes
2016-01-12 17:10 . 2015-10-05 08:50 51928 ----a-w- f:\windows\system32\drivers\mwac.sys
2016-01-12 17:10 . 2015-10-05 08:50 94936 ----a-w- f:\windows\system32\drivers\mbamchameleon.sys
2016-01-12 17:10 . 2015-10-05 08:50 23256 ----a-w- f:\windows\system32\drivers\mbam.sys
2016-01-12 17:04 . 2016-01-12 19:15 -------- d-----w- F:\AdwCleaner
2016-01-12 16:26 . 2016-01-12 16:26 -------- d-----w- f:\windows\system32\EventProviders
2016-01-12 16:07 . 2016-01-12 16:07 -------- d-s---w- f:\windows\system32\CompatTel
2016-01-12 16:07 . 2016-01-12 16:07 -------- d-----w- f:\windows\system32\appraiser
2016-01-12 16:07 . 2016-01-12 16:07 -------- d-----w- f:\windows\Migration
2016-01-12 11:44 . 2016-01-12 11:49 -------- d-----w- f:\windows\system32\MRT
2016-01-12 10:35 . 2016-01-12 10:35 -------- d-----w- f:\program files\COMODO
2016-01-12 09:45 . 2011-04-09 06:02 3967872 ----a-w- f:\windows\system32\ntkrnlpa.exe
2016-01-12 09:45 . 2011-04-09 06:02 3912576 ----a-w- f:\windows\system32\ntoskrnl.exe
2016-01-12 09:45 . 2011-04-09 05:56 123904 ----a-w- f:\windows\system32\poqexec.exe
2016-01-12 09:45 . 2010-12-17 07:07 542208 ----a-w- f:\windows\system32\kerberos.dll
2016-01-12 09:45 . 2015-09-18 16:30 587776 ----a-w- f:\windows\system32\invagent.dll
2016-01-12 09:45 . 2015-09-18 16:30 615936 ----a-w- f:\windows\system32\generaltel.dll
2016-01-12 09:45 . 2015-09-18 16:30 423936 ----a-w- f:\windows\system32\devinv.dll
2016-01-12 09:45 . 2015-09-18 16:30 62976 ----a-w- f:\windows\system32\acmigration.dll
2016-01-12 09:45 . 2015-01-27 23:28 1167520 ----a-w- f:\windows\system32\aitstatic.exe
2015-12-24 15:30 . 2006-10-26 18:56 33104 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2015-12-24 15:30 . 2006-10-26 18:56 32592 ----a-w- f:\windows\system32\msonpmon.dll
2015-12-24 15:30 . 2015-12-24 15:30 -------- d-----w- f:\program files\Microsoft Works
2015-12-24 15:29 . 2015-12-24 15:29 -------- d-----w- f:\windows\PCHEALTH
2015-12-24 15:28 . 2015-12-24 15:30 -------- d-----w- f:\programdata\Microsoft Help
2015-12-24 15:27 . 2015-12-24 15:27 -------- d-----r- F:\MSOCache
2015-12-24 15:21 . 2015-12-24 15:21 -------- d-----w- f:\program files\TapinRadio
2015-12-24 15:11 . 2015-12-24 15:16 -------- d-----w- f:\program files\Vitware
2015-12-24 15:02 . 2015-12-24 15:02 -------- d-----w- f:\program files\Common Files\AV
2015-12-24 15:01 . 2015-12-24 15:01 -------- d-----w- F:\$AVG
2015-12-24 15:00 . 2016-01-12 10:34 -------- d-----w- f:\programdata\Comodo
2015-12-24 14:58 . 2015-12-24 15:00 -------- d-----w- f:\programdata\Avg
2015-12-24 14:58 . 2015-12-24 14:58 -------- d-----w- f:\program files\CCleaner
2015-12-24 14:55 . 2015-12-24 14:55 -------- d--h--w- f:\programdata\Common Files
2015-12-24 14:54 . 2015-12-24 15:02 -------- d-----w- f:\windows\system32\drivers\AVG
2015-12-24 14:54 . 2015-12-24 15:02 -------- d-----w- f:\program files\AVG
2015-12-24 14:52 . 2016-01-13 20:36 -------- d-----w- f:\programdata\MFAData
2015-12-24 14:51 . 2015-12-24 14:51 -------- d-----w- f:\program files\VirtuaNES
2015-12-24 14:26 . 2015-12-24 14:26 -------- d-----w- f:\program files\BitTorrent
2015-12-24 13:48 . 2010-05-26 10:41 470880 ----a-w- f:\windows\system32\d3dx10_43.dll
2015-12-24 13:48 . 2010-05-26 10:41 248672 ----a-w- f:\windows\system32\d3dx11_43.dll
2015-12-24 13:48 . 2010-05-26 10:41 1998168 ----a-w- f:\windows\system32\D3DX9_43.dll
2015-12-24 13:48 . 2015-12-16 17:04 91384 ----a-w- f:\windows\system32\NvRtmpStreamer32.dll
2015-12-24 13:48 . 2015-12-16 17:04 1530240 ----a-w- f:\windows\system32\nvspcap.dll
2015-12-24 13:48 . 2015-12-16 17:04 1316184 ----a-w- f:\windows\system32\nvspbridge.dll
2015-12-24 13:47 . 2015-12-16 14:55 103032 ----a-w- f:\windows\system32\nvStreaming.exe
2015-12-24 13:47 . 2015-12-16 14:49 3939632 ----a-w- f:\windows\system32\nvcpl.dll
2015-12-24 13:47 . 2015-12-16 14:49 2582648 ----a-w- f:\windows\system32\nvsvc.dll
2015-12-24 13:47 . 2015-12-16 14:49 934704 ----a-w- f:\windows\system32\nvvsvc.exe
2015-12-24 13:47 . 2015-12-16 14:49 61744 ----a-w- f:\windows\system32\nvshext.dll
2015-12-24 13:47 . 2015-12-16 14:49 375088 ----a-w- f:\windows\system32\nvmctray.dll
2015-12-24 13:47 . 2015-12-16 14:49 2554488 ----a-w- f:\windows\system32\nvsvcr.dll
2015-12-24 13:47 . 2015-12-16 14:49 75056 ----a-w- f:\windows\system32\nv3dappshextr.dll
2015-12-24 13:47 . 2015-12-16 14:49 429176 ----a-w- f:\windows\system32\nv3dappshext.dll
2015-12-24 13:47 . 2015-12-16 14:49 6090019 ----a-w- f:\windows\system32\nvcoproc.bin
2015-12-24 13:47 . 2015-12-16 17:04 194680 ----a-w- f:\windows\system32\OpenCL.dll
2015-12-24 13:33 . 2015-12-24 13:34 -------- d-----w- f:\program files\Winamp
2015-12-24 13:32 . 2015-12-24 13:32 -------- d-----w- f:\program files\VideoLAN
2015-12-24 13:30 . 2015-12-24 13:30 -------- d-----w- f:\program files\Zoner
2015-12-24 13:29 . 2015-12-24 13:29 -------- d-----w- f:\programdata\ConeXware
2015-12-24 13:28 . 2015-12-24 13:28 -------- d-----w- f:\program files\PatchBeam
2015-12-24 13:28 . 2015-12-24 13:29 -------- d-----w- f:\program files\PowerArchiver
2015-12-24 13:27 . 2016-01-13 21:31 -------- d-----w- f:\programdata\NVIDIA
2015-12-24 13:21 . 2015-12-24 13:21 -------- d-----w- f:\program files\Common Files\Java
2015-12-24 13:20 . 2015-12-24 13:20 95840 ----a-w- f:\windows\system32\WindowsAccessBridge.dll
2015-12-24 13:20 . 2015-12-24 13:20 -------- d-----w- f:\program files\Java
2015-12-24 13:14 . 2015-12-24 13:14 62576 ----a-w- f:\programdata\Microsoft\Windows Defender\Definition Updates\{A973B738-FC99-4D06-936E-1F007A4C3090}\offreg.3708.dll
2015-12-24 13:09 . 2015-12-24 13:21 -------- d-----w- f:\programdata\Oracle
2015-12-24 13:07 . 2015-12-24 13:07 -------- d-----w- f:\program files\Common Files\Creative
2015-12-24 13:07 . 2015-12-24 13:08 -------- d--h--w- f:\program files\Creative Installation Information
2015-12-24 13:06 . 2006-10-06 13:17 53248 ------w- f:\windows\Ctregrun.exe
2015-12-24 13:06 . 2000-05-22 15:58 647872 ------w- f:\windows\system32\Mscomct2.ocx
2015-12-24 13:03 . 2015-12-24 15:29 -------- d-----w- f:\program files\Microsoft.NET
2015-12-24 13:02 . 2015-12-24 13:48 -------- d-----w- f:\programdata\NVIDIA Corporation
2015-12-24 13:02 . 2015-08-11 04:55 44840 ----a-w- f:\windows\system32\drivers\nvvad32v.sys
2015-12-24 13:02 . 2015-08-11 04:52 69416 ----a-w- f:\windows\system32\nvaudcap32v.dll
2015-12-24 13:02 . 2015-12-24 13:48 -------- d-----w- f:\program files\NVIDIA Corporation
2015-12-24 13:01 . 2016-01-12 09:37 -------- d-----w- f:\programdata\LogiShrd
2015-12-24 13:01 . 2015-12-24 13:01 -------- d-----w- f:\program files\Logitech
2015-12-24 12:58 . 2003-06-12 22:25 7062 ----a-w- f:\windows\system32\audiopid.vxd
2015-12-24 12:57 . 2015-12-24 12:57 413696 ----a-w- f:\windows\system32\wrap_oal.dll
2015-12-24 12:57 . 2015-12-24 12:57 110592 ----a-w- f:\windows\system32\OpenAL32.dll
2015-12-24 12:57 . 2009-04-02 10:33 2873820 ------w- f:\windows\system32\Sens_oal.dll
2015-12-24 12:57 . 2015-12-24 12:57 -------- d-----w- f:\program files\Common Files\Creative Labs Shared
2015-12-24 12:57 . 2015-12-24 13:06 -------- d-----w- f:\programdata\Creative
2015-12-24 12:57 . 2009-03-26 13:46 148480 ----a-w- f:\windows\system32\APOMngr.DLL
2015-12-24 12:57 . 2009-02-06 17:52 73728 ----a-w- f:\windows\system32\CmdRtr.DLL
2015-12-24 12:56 . 2015-12-24 13:07 -------- d-----w- f:\program files\Creative
2015-12-24 12:56 . 2005-06-15 10:07 11264 ----a-w- f:\windows\INRES.DLL
2015-12-24 12:56 . 2015-12-24 13:08 -------- d--h--w- f:\program files\InstallShield Installation Information
2015-12-24 12:56 . 2015-12-24 12:56 -------- d-----w- f:\program files\Common Files\InstallShield
2015-12-24 12:54 . 2015-12-16 09:15 9014120 ----a-w- f:\programdata\Microsoft\Windows Defender\Definition Updates\{A973B738-FC99-4D06-936E-1F007A4C3090}\mpengine.dll
2015-12-24 12:54 . 2015-12-02 12:25 247976 ------w- f:\windows\system32\MpSigStub.exe
2015-12-24 12:49 . 2015-12-24 12:49 -------- d-----w- f:\program files\Common Files\Adobe
2015-12-24 12:49 . 2016-01-13 12:25 -------- d-sh--w- f:\windows\Installer
2015-12-24 12:44 . 2016-01-12 16:08 -------- d-----w- f:\program files\Mozilla Maintenance Service
2015-12-24 12:41 . 2015-12-24 13:01 -------- d-----w- f:\program files\Common Files\logishrd
2015-12-24 12:40 . 2016-01-13 21:38 -------- d-----w- f:\windows\system32\wbem\Performance
2015-12-24 12:38 . 2012-06-02 22:19 53784 ----a-w- f:\windows\system32\wuauclt.exe
2015-12-24 12:38 . 2012-06-02 22:19 45080 ----a-w- f:\windows\system32\wups2.dll
2015-12-24 12:38 . 2012-06-02 22:19 1933848 ----a-w- f:\windows\system32\wuaueng.dll
2015-12-24 12:38 . 2012-06-02 22:12 2422272 ----a-w- f:\windows\system32\wucltux.dll
2015-12-24 12:38 . 2012-06-02 22:19 35864 ----a-w- f:\windows\system32\wups.dll
2015-12-24 12:38 . 2012-06-02 22:19 577048 ----a-w- f:\windows\system32\wuapi.dll
2015-12-24 12:38 . 2012-06-02 22:12 88576 ----a-w- f:\windows\system32\wudriver.dll
2015-12-24 12:38 . 2012-06-02 14:19 171904 ----a-w- f:\windows\system32\wuwebv.dll
2015-12-24 12:38 . 2012-06-02 14:12 33792 ----a-w- f:\windows\system32\wuapp.exe
2015-12-24 12:30 . 2016-01-13 13:22 -------- d-----w- f:\windows\Panther
2015-12-24 12:25 . 2015-12-24 12:25 -------- d-----w- F:\Windows.old
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-13 13:14 . 2009-07-14 02:05 152576 ----a-w- f:\windows\system32\msclmd.dll
2015-11-20 07:05 . 2015-11-20 07:05 31664 ----a-w- f:\windows\system32\drivers\avgidsshimx.sys
2015-11-06 14:48 . 2015-11-06 14:48 255920 ----a-w- f:\windows\system32\drivers\avgidsdriverx.sys
2015-11-06 14:48 . 2015-11-06 14:48 193968 ----a-w- f:\windows\system32\drivers\avgmfx86.sys
2015-11-06 14:48 . 2015-11-06 14:48 149936 ----a-w- f:\windows\system32\drivers\avgdiskx.sys
2015-10-21 15:24 . 2015-10-21 15:24 229296 ----a-w- f:\windows\system32\drivers\avgldx86.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"NvBackend"="f:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-12-16 2771576]
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2015-11-09 596528]
"AvgUi"="f:\program files\AVG\Framework\Common\avguix.exe" [2015-12-08 1139112]
"AVG_UI"="f:\program files\AVG\Av\avgui.exe" [2015-12-09 3855272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-11-16 16:54 6602152 ----a-w- f:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 14:35 5458704 ----a-w- f:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- f:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2015-12-16 17:04 1530240 ----a-w- f:\windows\System32\nvspcap.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2015-12-24 15:18 8387696 ----a-w- f:\users\Severus\AppData\Roaming\Spotify\Spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2015-12-24 15:18 2346096 ----a-w- f:\users\Severus\AppData\Roaming\Spotify\SpotifyWebHelper.exe
.
R2 AVGIDSAgent;AVGIDSAgent;f:\program files\AVG\Av\avgidsagent.exe [2015-12-09 3857272]
R2 MBAMService;MBAMService;f:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R3 AvgAMPS;AvgAMPS;f:\program files\AVG\Av\avgamps.exe [2015-12-09 615584]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;f:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2015-12-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;f:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2015-12-24 79360]
R3 MBAMWebAccessControl;MBAMWebAccessControl;f:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 RTL8167;Ovladač Realtek 8167 NT;f:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;f:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 AVGIDSHX;AVGIDSHX;f:\windows\system32\DRIVERS\avgidshx.sys [2015-08-20 231344]
S0 Avglogx;AVG Logging Driver;f:\windows\system32\DRIVERS\avglogx.sys [2015-08-14 308656]
S0 Avgrkx86;AVG Anti-Rootkit Driver;f:\windows\system32\DRIVERS\avgrkx86.sys [2015-08-10 36784]
S1 Avgdiskx;AVG Disk Driver;f:\windows\system32\DRIVERS\avgdiskx.sys [2015-11-06 149936]
S1 AVGIDSDriver;AVGIDSDriver;f:\windows\system32\DRIVERS\avgidsdriverx.sys [2015-11-06 255920]
S1 AVGIDSShim;AVGIDSShim;f:\windows\system32\DRIVERS\avgidsshimx.sys [2015-11-20 31664]
S1 Avgldx86;AVG AVI Loader Driver;f:\windows\system32\DRIVERS\avgldx86.sys [2015-10-21 229296]
S1 Avgtdix;AVG TDI Driver;f:\windows\system32\DRIVERS\avgtdix.sys [2015-10-08 231856]
S2 avgsvc;AVG Service;f:\program files\AVG\Framework\Common\avgsvcx.exe [2015-12-08 866216]
S2 avgwd;AVG WatchDog;f:\program files\AVG\Av\avgwdsvcx.exe [2015-12-09 579776]
S2 GfExperienceService;NVIDIA GeForce Experience Service;f:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-12-16 922744]
S2 NvNetworkService;NVIDIA Network Service;f:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-12-16 1872504]
S2 NvStreamSvc;NVIDIA Streamer Service;f:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-12-16 5119096]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;f:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-12-16 417400]
S3 MBAMProtector;MBAMProtector;f:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 NvStreamKms;NvStreamKms;f:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-12-16 18552]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;f:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-12-16 6443128]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);f:\windows\system32\drivers\nvvad32v.sys [2015-08-11 44840]
.
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - f:\program files\Microsoft Office\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{04AD75D0-80E4-480A-AC68-EBFD612E7F06}: NameServer = 213.46.172.37,213.46.172.36
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://files.creative.com/Web/softwareu ... TSUEng.cab
FF - ProfilePath - f:\users\Severus\AppData\Roaming\Mozilla\Firefox\Profiles\y0x7gmio.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - f:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-01-13 22:42:40
ComboFix-quarantined-files.txt 2016-01-13 21:42
.
Před spuštěním: Volných bajtů: 138 967 310 336
Po spuštění: Volných bajtů: 138 912 899 072
.
- - End Of File - - EC4FC0C07006BD4DA0EBEBFE5077B852
A36C5E4F47E84449FF07ED3517B43A31