Prosím o kontrolu logu z HJT Vyřešeno

[akiller]

Dobrý den, prosím o kontrolu logu HJT. Problém je ten, že aktivní okna jsou potlačována, čiliže píšu a najednou nepíšu, protože okno (word, excel, prohlížeč) není aktivní. Tohle píšu tak, že jednou rukou píšu na klávesnici a druhou ruku mám myši a pořád klikám sem do tohoto okna.
Je to značně frustrující

Zde je log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:41:43, on 8.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
G:\Instalačky\Správa počítače\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wermgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Cookienator] "C:\Program Files\Cookienator\cookienator.exe" /auto
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6846616-3E73-45D0-840E-DAE156DADA32}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{C6846616-3E73-45D0-840E-DAE156DADA32}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS3\Services\Tcpip\..\{C6846616-3E73-45D0-840E-DAE156DADA32}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5640 bytes

[Reklama]

[Damned]

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only", zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKCU\..\Run: [Cookienator] "C:\Program Files\Cookienator\cookienator.exe" /auto
********************************************************************************************************************************************************************************
Stáhni si AdwCleaner nebo AdwCleaner (Bleeping)


Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“

Po skenu klikni na "Report" (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[akiller]

Zde je log z Adw Cleaner:
A cookienator je doplněk ve Firefoxu, mám ho už dlouho, ten to určitě nezpůsobuje. Ale udělal jsem, co jsi psal.

# AdwCleaner v3.303 - Report created 08/08/2014 at 12:58:34
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Petr - INTEL
# Running from : G:\Instalačky\Správa počítače\adwcleaner_3.303.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 cs)

[ File : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\j8ivwl1h.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

*************************

AdwCleaner[R10].txt - [715 octets] - [08/08/2014 12:58:34]
AdwCleaner[R4].txt - [930 octets] - [22/03/2014 11:09:32]
AdwCleaner[R5].txt - [1244 octets] - [28/03/2014 19:12:14]
AdwCleaner[R6].txt - [2248 octets] - [14/05/2014 19:21:58]
AdwCleaner[R7].txt - [1842 octets] - [08/06/2014 13:28:21]
AdwCleaner[R8].txt - [1976 octets] - [03/08/2014 16:09:54]
AdwCleaner[R9].txt - [1453 octets] - [07/08/2014 09:30:58]
AdwCleaner[S2].txt - [992 octets] - [22/03/2014 11:10:41]
AdwCleaner[S3].txt - [1321 octets] - [28/03/2014 19:13:10]
AdwCleaner[S4].txt - [2568 octets] - [14/05/2014 20:18:17]
AdwCleaner[S5].txt - [1917 octets] - [08/06/2014 13:29:39]
AdwCleaner[S6].txt - [2059 octets] - [03/08/2014 16:11:32]
AdwCleaner[S7].txt - [1514 octets] - [07/08/2014 09:32:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [1493 octets] ##########

[Damned]

Není potřeba, aby se spouštěl při spuštění pC.

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
-Aktualizace Malwarebytes' Anti-Malware
-Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko Konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[akiller]

Zdá se mi to, nebo MbAM, který jsem měl spustit jako první a Malwarebytes' Anti-Malware jsou stejné programy? Spustil jsem jen ten druhý, log nemohu najít, ale píše to, že "Prohledávání bylo úspěšně dokončeno. Nebyly detekovány žádné hrozby!"

[akiller]

Tak jsem ho našel Tady je:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 8.8.2014
Čas skenování: 13:24:46
Protokol:
Správce: Ano

Verze: 2.00.2.1012
Databáze malwaru: v2014.08.08.02
Databáze rootkitů: v2014.08.04.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Self-protection: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Petr

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 281380
Uplynulý čas: 7 min, 51 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 0
(No malicious items detected)

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 0
(No malicious items detected)

Soubory: 0
(No malicious items detected)

Fyzické sektory: 0
(No malicious items detected)


(end)

[Damned]

Nějak mi zmizel začátek textu, zřejmě sem to špatně okopíroval. MbAM je zkratka pro Malwarebytes' Anti-Malware.

Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs) a ulož si ho na Plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[akiller]

ComboFix 14-08-06.02 - Petr 08.08.2014 15:01:59.7.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3326.2145 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ThumperDC.COM.URL
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-08 do 2014-08-08 )))))))))))))))))))))))))))))))
.
.
2014-08-08 13:14 . 2014-08-08 13:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-08 09:40 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F74D1858-CB14-42C7-A9E3-A38F13D0D515}\mpengine.dll
2014-08-08 09:24 . 2014-08-08 09:24 -------- d-----w- C:\found.000
2014-08-06 16:44 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-05 11:50 . 2014-08-05 11:56 -------- d-----w- c:\program files\Grand Theft Auto Vice City Stories
2014-08-04 12:17 . 2014-05-02 14:07 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6715EC1-C34C-4C65-B6D2-391B1DDE6012}\gapaengine.dll
2014-08-01 09:01 . 2014-08-01 09:01 -------- d-----w- c:\users\Petr\AppData\Roaming\SUPERAntiSpyware.com
2014-08-01 09:01 . 2014-08-01 09:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-08-01 09:01 . 2014-08-01 09:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-07-30 17:17 . 2014-07-30 19:03 -------- d-----w- c:\users\Petr\AppData\Local\Rockstar Games
2014-07-30 17:12 . 2014-07-30 17:12 -------- d-----w- c:\windows\system32\xlive
2014-07-30 17:12 . 2014-07-30 17:12 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2014-07-30 09:54 . 2014-07-02 17:39 609240 ----a-w- c:\windows\system32\nvStreaming.exe
2014-07-30 09:53 . 2014-07-02 19:42 2556360 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-30 09:39 . 2014-07-25 13:50 1291280 ----a-w- c:\windows\system32\nvspbridge.dll
2014-07-24 19:14 . 2014-07-24 19:14 -------- d-----w- c:\users\Petr\AppData\Local\Apple
2014-07-22 21:02 . 2014-07-22 21:02 -------- d-----w- c:\users\Petr\AppData\Roaming\Hulubulu
2014-07-22 21:02 . 2014-07-22 21:02 -------- d-----w- c:\program files\Advanced Renamer
2014-07-21 16:27 . 2014-08-03 14:33 -------- d-----w- c:\users\Petr\AppData\Local\CrashDumps
2014-07-21 16:14 . 2014-07-21 16:15 -------- d-----w- C:\gravotte ramdisk
2014-07-21 16:10 . 2014-07-21 16:10 -------- d-----w- c:\program files\PPSOFT.DK
2014-07-21 16:10 . 1998-02-06 19:37 299520 ----a-w- c:\windows\uninst.exe
2014-07-21 15:58 . 2014-08-03 14:02 -------- d-----w- c:\program files\Zrychleni Pocitace
2014-07-21 15:43 . 2014-07-21 15:43 -------- d-----w- c:\users\Petr\E04FD66DADDD48A0B7664111945C09D4.TMP
2014-07-21 15:29 . 2014-07-25 13:50 1126480 ----a-w- c:\windows\system32\nvspcap.dll
2014-07-21 15:29 . 2014-07-30 09:40 -------- d-----w- c:\users\Petr\AppData\Local\NVIDIA Corporation
2014-07-21 15:29 . 2014-07-21 15:37 -------- d-----w- c:\users\Petr\AppData\Local\NVIDIA
2014-07-21 15:28 . 2014-07-21 15:28 -------- d-----w- c:\program files\AGEIA Technologies
2014-07-21 15:27 . 2014-08-08 09:28 -------- d-----w- c:\programdata\NVIDIA
2014-07-21 15:26 . 2014-07-02 19:42 3063256 ----a-w- c:\windows\system32\nvsvc.dll
2014-07-21 15:26 . 2014-07-02 19:42 670552 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-21 15:26 . 2014-07-02 19:42 62936 ----a-w- c:\windows\system32\nvshext.dll
2014-07-21 15:26 . 2014-07-02 05:14 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-07-21 15:26 . 2014-07-02 19:42 4389848 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-21 15:26 . 2014-07-02 19:42 377288 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-21 15:26 . 2014-07-02 20:54 61728 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-21 15:25 . 2014-07-21 15:35 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-07-21 15:23 . 2014-03-31 16:42 34080 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-07-21 15:23 . 2014-03-31 16:42 34760 ----a-w- c:\windows\system32\nvaudcap32v.dll
2014-07-21 15:23 . 2014-07-02 20:54 846832 ----a-w- c:\windows\system32\nvumdshim.dll
2014-07-21 15:23 . 2014-07-02 20:54 16122344 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-07-21 15:23 . 2014-07-02 20:54 14498552 ----a-w- c:\windows\system32\nvd3dum.dll
2014-07-21 15:23 . 2014-06-11 08:44 895264 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2014-07-21 15:23 . 2014-06-11 08:44 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2014-07-21 15:23 . 2014-06-11 08:44 162592 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2014-07-21 15:23 . 2014-05-20 02:39 908744 ----a-w- c:\windows\system32\nvdispgenco3233788.dll
2014-07-21 15:23 . 2014-05-20 02:39 1056200 ----a-w- c:\windows\system32\nvdispco3233788.dll
2014-07-21 15:23 . 2014-07-02 20:54 2814656 ----a-w- c:\windows\system32\nvapi.dll
2014-07-21 15:06 . 2014-07-21 15:06 -------- d-----w- c:\users\Petr\AppData\Local\Adobe
2014-07-09 15:29 . 2014-06-18 23:38 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-07-09 15:29 . 2014-06-18 22:52 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-07-09 15:29 . 2014-06-18 01:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-09 15:29 . 2014-06-18 01:52 399360 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-09 15:29 . 2014-06-18 01:52 348672 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-09 15:29 . 2014-06-18 00:52 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 15:29 . 2014-06-18 01:52 104448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-09 15:29 . 2014-06-18 01:51 181760 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-09 15:29 . 2014-06-18 01:51 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-09 15:29 . 2014-06-18 01:50 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-07-09 15:29 . 2014-06-06 09:44 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 15:28 . 2014-05-30 06:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-09 15:28 . 2014-05-30 07:52 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-09 15:28 . 2014-05-30 07:52 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-09 15:28 . 2014-05-30 07:52 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-09 15:28 . 2014-05-30 07:52 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-07-09 15:28 . 2014-05-30 07:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-09 15:28 . 2014-05-30 07:52 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-09 15:28 . 2014-05-30 07:52 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-09 15:28 . 2014-06-30 01:40 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 15:28 . 2014-06-30 01:36 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 15:27 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-08 13:05 . 2014-07-07 12:51 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-07 07:06 . 2014-06-08 19:01 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-30 17:13 . 2011-11-11 07:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-07-22 20:15 . 2014-05-02 05:06 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-09 11:35 . 2012-04-02 20:26 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 11:35 . 2011-11-08 15:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 05:26 . 2014-07-07 12:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25 . 2014-07-07 12:50 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2012-08-20 17:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-06-16 224128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent.lnk
backup=c:\windows\pss\BitTorrent.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Registrace produktu.lnk
backup=c:\windows\pss\Logitech . Registrace produktu.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 18:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2014-05-17 04:43 1242704 ----a-w- c:\users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2011-10-21 11:19 2193000 ----a-w- c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 15:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-05-08 07:51 21444224 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-06-10 17:46 6170168 ----a-w- c:\users\Petr\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-06-10 17:46 1176632 ----a-w- c:\users\Petr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-12-14 20:02 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-07-16 8704]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-08 79360]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 104280]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-12 1343400]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 494416]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 36072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-03-15 239168]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 17536800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-08-08 110296]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 19232]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 19:29 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:35]
.
2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-18 10:13]
.
2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-18 10:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = localhost:8080
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{C6846616-3E73-45D0-840E-DAE156DADA32}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\j8ivwl1h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*03Äf\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*j!4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*­„cD\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř
*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř
*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\windows\System32\guard32.dll
.
- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\guard32.dll
.
Celkový čas: 2014-08-08 15:18:22
ComboFix-quarantined-files.txt 2014-08-08 13:18
.
Před spuštěním: Volných bajtů: 43 805 978 624
Po spuštění: Volných bajtů: 43 531 792 384
.
- - End Of File - - D1625D8EA8E0491EF9E8693070A08A4C
A36C5E4F47E84449FF07ED3517B43A31

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::

File::
c:\users\Petr\E04FD66DADDD48A0B7664111945C09D4.TMP
C:\found.000
c:\windows\system32\drivers\EagleXNt.sys

Folder::
c:\program files\Google\Update

Driver::
EagleXNt




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

cfscript10uc2.gif (31.33 KiB) Zobrazeno 2260 x

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[akiller]

Zde je log z ComboFix:

ComboFix 14-08-06.02 - Petr 08.08.2014 18:45:30.8.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3326.1986 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\found.000"
"c:\users\Petr\E04FD66DADDD48A0B7664111945C09D4.TMP"
"c:\windows\system32\drivers\EagleXNt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.24.15\GoogleUpdate.exe
c:\program files\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.24.15\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.24.15\goopdate.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_am.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ar.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_bg.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_bn.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ca.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_cs.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_da.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_de.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_el.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_en.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_es.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_et.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_fa.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_fi.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_fil.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_fr.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_gu.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_hi.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_hr.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_hu.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_id.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_is.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_it.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_iw.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ja.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_kn.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ko.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_lt.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_lv.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ml.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_mr.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ms.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_nl.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_no.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_pl.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ro.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ru.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_sk.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_sl.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_sr.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_sv.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_sw.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ta.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_te.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_th.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_tr.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_uk.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_ur.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_vi.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.24.15\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.24.15\psmachine.dll
c:\program files\Google\Update\1.3.24.15\psmachine_64.dll
c:\program files\Google\Update\1.3.24.15\psuser.dll
c:\program files\Google\Update\1.3.24.15\psuser_64.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.15\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.125\36.0.1985.125_35.0.1916.153_chrome_updater.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\7.1.2.2041\GoogleEarth-Win-Bundle-7.1.2.2041.1.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAGLEXNT
-------\Service_EagleXNt
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-08 do 2014-08-08 )))))))))))))))))))))))))))))))
.
.
2014-08-08 09:40 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F74D1858-CB14-42C7-A9E3-A38F13D0D515}\mpengine.dll
2014-08-08 09:24 . 2014-08-08 09:24 -------- d-----w- C:\found.000
2014-08-06 16:44 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-05 11:50 . 2014-08-05 11:56 -------- d-----w- c:\program files\Grand Theft Auto Vice City Stories
2014-08-04 12:17 . 2014-05-02 14:07 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6715EC1-C34C-4C65-B6D2-391B1DDE6012}\gapaengine.dll
2014-08-01 09:01 . 2014-08-01 09:01 -------- d-----w- c:\users\Petr\AppData\Roaming\SUPERAntiSpyware.com
2014-08-01 09:01 . 2014-08-01 09:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-08-01 09:01 . 2014-08-01 09:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-07-30 17:17 . 2014-07-30 19:03 -------- d-----w- c:\users\Petr\AppData\Local\Rockstar Games
2014-07-30 17:12 . 2014-07-30 17:12 -------- d-----w- c:\windows\system32\xlive
2014-07-30 17:12 . 2014-07-30 17:12 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2014-07-30 09:54 . 2014-07-02 17:39 609240 ----a-w- c:\windows\system32\nvStreaming.exe
2014-07-30 09:53 . 2014-07-02 19:42 2556360 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-30 09:39 . 2014-07-25 13:50 1291280 ----a-w- c:\windows\system32\nvspbridge.dll
2014-07-24 19:14 . 2014-07-24 19:14 -------- d-----w- c:\users\Petr\AppData\Local\Apple
2014-07-22 21:02 . 2014-07-22 21:02 -------- d-----w- c:\users\Petr\AppData\Roaming\Hulubulu
2014-07-22 21:02 . 2014-07-22 21:02 -------- d-----w- c:\program files\Advanced Renamer
2014-07-21 16:27 . 2014-08-03 14:33 -------- d-----w- c:\users\Petr\AppData\Local\CrashDumps
2014-07-21 16:14 . 2014-07-21 16:15 -------- d-----w- C:\gravotte ramdisk
2014-07-21 16:10 . 2014-07-21 16:10 -------- d-----w- c:\program files\PPSOFT.DK
2014-07-21 16:10 . 1998-02-06 19:37 299520 ----a-w- c:\windows\uninst.exe
2014-07-21 15:58 . 2014-08-03 14:02 -------- d-----w- c:\program files\Zrychleni Pocitace
2014-07-21 15:43 . 2014-07-21 15:43 -------- d-----w- c:\users\Petr\E04FD66DADDD48A0B7664111945C09D4.TMP
2014-07-21 15:29 . 2014-07-25 13:50 1126480 ----a-w- c:\windows\system32\nvspcap.dll
2014-07-21 15:29 . 2014-07-30 09:40 -------- d-----w- c:\users\Petr\AppData\Local\NVIDIA Corporation
2014-07-21 15:29 . 2014-07-21 15:37 -------- d-----w- c:\users\Petr\AppData\Local\NVIDIA
2014-07-21 15:28 . 2014-07-21 15:28 -------- d-----w- c:\program files\AGEIA Technologies
2014-07-21 15:27 . 2014-08-08 16:57 -------- d-----w- c:\programdata\NVIDIA
2014-07-21 15:26 . 2014-07-02 19:42 3063256 ----a-w- c:\windows\system32\nvsvc.dll
2014-07-21 15:26 . 2014-07-02 19:42 670552 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-21 15:26 . 2014-07-02 19:42 62936 ----a-w- c:\windows\system32\nvshext.dll
2014-07-21 15:26 . 2014-07-02 05:14 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-07-21 15:26 . 2014-07-02 19:42 4389848 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-21 15:26 . 2014-07-02 19:42 377288 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-21 15:26 . 2014-07-02 20:54 61728 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-21 15:25 . 2014-07-21 15:35 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-07-21 15:23 . 2014-03-31 16:42 34080 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-07-21 15:23 . 2014-03-31 16:42 34760 ----a-w- c:\windows\system32\nvaudcap32v.dll
2014-07-21 15:23 . 2014-07-02 20:54 846832 ----a-w- c:\windows\system32\nvumdshim.dll
2014-07-21 15:23 . 2014-07-02 20:54 16122344 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-07-21 15:23 . 2014-07-02 20:54 14498552 ----a-w- c:\windows\system32\nvd3dum.dll
2014-07-21 15:23 . 2014-06-11 08:44 895264 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2014-07-21 15:23 . 2014-06-11 08:44 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2014-07-21 15:23 . 2014-06-11 08:44 162592 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2014-07-21 15:23 . 2014-05-20 02:39 908744 ----a-w- c:\windows\system32\nvdispgenco3233788.dll
2014-07-21 15:23 . 2014-05-20 02:39 1056200 ----a-w- c:\windows\system32\nvdispco3233788.dll
2014-07-21 15:23 . 2014-07-02 20:54 2814656 ----a-w- c:\windows\system32\nvapi.dll
2014-07-21 15:06 . 2014-07-21 15:06 -------- d-----w- c:\users\Petr\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-08 15:59 . 2014-07-07 12:51 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-07 07:06 . 2014-06-08 19:01 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-30 17:13 . 2011-11-11 07:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-07-22 20:15 . 2014-05-02 05:06 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-09 11:35 . 2012-04-02 20:26 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 11:35 . 2011-11-08 15:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-30 01:40 . 2014-07-09 15:28 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-06-30 01:36 . 2014-07-09 15:28 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-18 23:56 . 2014-07-09 15:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56 . 2014-07-09 15:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38 . 2014-07-09 15:29 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37 . 2014-07-09 15:30 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36 . 2014-07-09 15:30 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-09 15:30 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23 . 2014-07-09 15:30 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23 . 2014-07-09 15:30 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22 . 2014-07-09 15:30 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16 . 2014-07-09 15:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06 . 2014-07-09 15:30 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52 . 2014-07-09 15:29 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46 . 2014-07-09 15:30 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-09 15:30 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13 . 2014-07-09 15:30 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 01:51 . 2014-07-09 15:29 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52 . 2014-07-09 15:29 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 09:44 . 2014-07-09 15:29 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 15:27 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-09 15:28 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-09 15:28 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 15:28 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-09 15:28 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 15:28 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 15:28 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-09 15:28 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-09 15:28 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-12 05:26 . 2014-07-07 12:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25 . 2014-07-07 12:50 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2012-08-20 17:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-06-16 224128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent.lnk
backup=c:\windows\pss\BitTorrent.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Registrace produktu.lnk
backup=c:\windows\pss\Logitech . Registrace produktu.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 18:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2014-05-17 04:43 1242704 ----a-w- c:\users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2011-10-21 11:19 2193000 ----a-w- c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 15:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-05-08 07:51 21444224 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-06-10 17:46 6170168 ----a-w- c:\users\Petr\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-06-10 17:46 1176632 ----a-w- c:\users\Petr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-12-14 20:02 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-08 79360]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-08-08 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 104280]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-12 1343400]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 494416]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 36072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-03-15 239168]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-07-16 8704]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 17536800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 19232]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 19:29 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = localhost:8080
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{C6846616-3E73-45D0-840E-DAE156DADA32}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\j8ivwl1h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*03Äf\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*j!4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*­„cD\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř
*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř
*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(5428)
c:\windows\system32\guard32.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Celkový čas: 2014-08-08 19:04:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-08 17:04
ComboFix2.txt 2014-08-08 13:18
.
Před spuštěním: Volných bajtů: 43 344 527 360
Po spuštění: Volných bajtů: 43 202 953 216
.
- - End Of File - - E627D10749BD09B56EEF985E6ABBC833
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

nemůžeš mít dva antiviry! Jeden odeinstaluj.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[akiller]

Ale Comodo je firewall, ne? A nerad bych se ho zbavoval...