Prosím o kontrolu logu - Zasekávání notebooku. Vyřešeno

[jaro3]

Stáhni si zde DelFix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?

[Reklama]

[Deny18]

# DelFix v10.8 - Logfile created 30/08/2014 at 22:11:36
# Updated 29/07/2014 by Xplode
# Username : Dominik - DOMINIK-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Dominik\Desktop\adwcleaner_3.308.exe
Deleted : C:\Users\Dominik\Desktop\JRT.exe
Deleted : C:\Users\Dominik\Desktop\JRT.txt
Deleted : C:\Users\Dominik\Desktop\HijackThis.exe
Deleted : C:\Users\Dominik\Desktop\hijackthis.log
Deleted : C:\Users\Dominik\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Dominik\Desktop\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #741 [Windows Update | 08/28/2014 21:00:47]
Deleted : RP #742 [zoek.exe restore point | 08/30/2014 09:57:41]

New restore point created !

########## - EOF - ##########

Problémy přetrvávají. Sice ne v tak velké míře, ale zasekávání pozoruju hlavně v int. prohlížeči. Videa na youtube padají při přeskakování z karty na kartu (Google Chrome), pokud jsem na jedné kartě, padání odpadá. Vždy se po nějakém čase přehrávání video stopne, spadne flash player, opět se sám nahodí, spustí se reklama a dále se pokračuje v přehrávání. Takhle to udělá několikrát! Po předposlední kontrole mi nějak zmizely funkce Aviry (není možné ji otevřít, jako kdyby nebyla nainstalována kompletně apod.), odinstaluju a nainstaluju ji tedy znovu, to snad problém nebude.

[Orcus]

Aviru přeinstaluj, jak píšeš.

====================================================

Stáhni si Memtest:

Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.

====================================================

Je třeba zkontrolovat HDD na chyby , zkusit jeho defragmentaci ..

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Nemáš málo volného místa na disku?

====================================================

+ vlož log z http://screen317.spywareinfoforum.org/SecurityCheck.exe

[Deny18]

Aviru přeinstaluju. Málo místa na disku? No na C: mám něco kolem 4-5 GB, stále se to mění, ale nikdy jsem tento problém, i přes tak málo místa na disku neměl, takže pochybuji, že by to bylo právě tím. Zítra zkusím ten Memtest a pošlu screen. Prozatím přikládám screen ze securitycheck.exe a CrystalDiskInfa.

----------------------------------------------------------------------------
CrystalDiskInfo 5.3.1 (C) 2008-2013 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Ultimate Edition SP1 [6.1 Build 7601] (x64)
Date : 2014/08/30 23:04:30

-- Controller Map ----------------------------------------------------------
+ Intel(R) 5 Series 4 Port SATA AHCI Controller [ATA]
- WDC WD6400BEVT-22A0RT0
- Optiarc DVD RW AD-7585H

-- Disk List ---------------------------------------------------------------
(1) WDC WD6400BEVT-22A0RT0 : 640,1 GB [0/0/0, pd1] - wd

----------------------------------------------------------------------------
(1) WDC WD6400BEVT-22A0RT0
----------------------------------------------------------------------------
Model : WDC WD6400BEVT-22A0RT0
Firmware : 01.01A01
Serial Number : WD-WXG1EC0YXJ35
Disk Size : 640,1 GB (8,4/137,4/640,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 1250263728
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 8563 hod.
Power On Count : 2337 krát
Temparature : 41 C (105 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0060h [ON]
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 187 151 _21 000000000659 Čas na roztočení ploten
04 _98 _98 __0 000000000AF9 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 100 253 __0 000000000000 Počet chybných hledání
09 _89 _89 __0 000000002173 Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _98 _98 __0 000000000921 Počet cyklů zapnutí zařízení
BF __1 __1 __0 000000002A59 Počet udalostí zaznamenaných otřesovým senzorem
C0 200 200 __0 000000000086 Počet vypnutí disku
C1 112 112 __0 0000000412F2 Počet cyklů načítání/vymazání
C2 106 _93 __0 000000000029 Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 4731 4543 3059 584A 3335
020: 0000 4000 0032 3031 2E30 3141 3031 5744 4320 5744
030: 3634 3030 4245 5654 2D32 3241 3052 5430 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1F06 0000 004C 004C
080: 01FE 0000 746B 7F09 6163 7469 BC09 6163 407F 0051
090: 0051 0060 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: 82B0 4A85 0000 0000 0000 0000 0000 0000 5001 4EE6
110: 563B 0CF6 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0021 0000
130: 0000 0000 0000 16D3 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 7037 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 85A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 BB 97 59 06 00 00 00 00 00 04 32 00 62 62 F9
020: 0A 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 64 FD 00 00 00 00 00 00 00 09 32
040: 00 59 59 73 21 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 62 62 21 09 00 00 00 00 00 BF 32
070: 00 01 01 59 2A 00 00 00 00 00 C0 32 00 C8 C8 86
080: 00 00 00 00 00 00 C1 32 00 70 70 F2 12 04 00 00
090: 00 00 C2 22 00 6A 5D 29 00 00 00 00 00 00 C4 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C5 32 00 C8 C8 00
0B0: 00 00 00 00 00 00 C6 30 00 64 FD 00 00 00 00 00
0C0: 00 00 C7 32 00 C8 C8 00 00 00 00 00 00 00 C8 08
0D0: 00 64 FD 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 58 3E 01 7B
170: 03 00 01 00 02 B9 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 04 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 C8 C8 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 64 64 64 64 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 33 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 BF 00
070: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
080: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C4 00
0A0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0B0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0C0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 C8 33
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8

[Deny18]

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (30.0)
Google Chrome 36.0.1985.143
Google Chrome 37.0.2062.102
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

[Deny18]

Ještě mě tak napadlo, nemůže to být i tímto (viz. screen)?

[jaro3]

000000002A59 Počet udalostí zaznamenaných otřesovým senzorem to je otřesů..
Temparature : 41 C (105 F) vyšší teplota.


Měl bys mít alespoň 15% volného místa na disku , máš?

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Deny18]

Memtest za necelé dvě hodinky nenašel žádnou chybu (0 errors).

ComboFix 14-08-31.01 - Dominik 31.08.2014 11:35:19.1.1 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3959.2858 [GMT 2:00]
Spuštěný z: c:\users\Dominik\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-28 do 2014-08-31 )))))))))))))))))))))))))))))))
.
.
2014-08-30 22:01 . 2014-08-30 22:01 -------- d-----w- c:\users\Dominik\AppData\Roaming\Avira
2014-08-30 21:59 . 2014-08-15 08:30 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-08-30 21:59 . 2014-08-15 08:30 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-08-30 21:59 . 2014-08-15 08:30 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-08-30 21:49 . 2014-08-30 21:59 -------- d-----w- c:\programdata\Avira
2014-08-30 21:33 . 2014-08-30 21:33 -------- d-----w- c:\programdata\ProductData
2014-08-30 10:37 . 2014-08-30 10:37 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-08-30 10:14 . 2014-08-30 09:56 24064 ----a-w- c:\windows\zoek-delete.exe
2014-08-30 10:14 . 2014-08-31 09:48 -------- d-----w- c:\users\Dominik\AppData\Local\Temp
2014-08-29 09:14 . 2014-08-30 09:42 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-29 09:14 . 2014-08-29 09:14 -------- d-----w- c:\programdata\RogueKiller
2014-08-28 10:01 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 10:01 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 10:01 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-24 12:13 . 2014-08-24 12:13 -------- d-sh--w- c:\users\Dominik\AppData\Local\EmieUserList
2014-08-24 12:13 . 2014-08-24 12:13 -------- d-sh--w- c:\users\Dominik\AppData\Local\EmieSiteList
2014-08-20 11:57 . 2014-08-30 21:43 -------- d-----w- c:\users\Dominik\AppData\Local\ManyCam
2014-08-20 11:54 . 2014-08-20 11:54 -------- d-----w- c:\users\Dominik\AppData\Roaming\ManyCam
2014-08-20 11:54 . 2014-08-22 10:19 -------- d-----w- c:\programdata\ManyCam
2014-08-20 11:54 . 2014-08-20 11:56 -------- d-----w- c:\program files (x86)\ManyCam
2014-08-14 22:06 . 2014-08-14 22:06 -------- d-----w- C:\NVIDIA
2014-08-13 21:48 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 21:48 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 21:48 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 21:48 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 21:48 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 21:48 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 21:48 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 21:48 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 05:43 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 05:43 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-06 12:57 . 2014-08-06 12:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-05 20:02 . 2014-08-05 20:02 -------- d-----w- c:\users\Dominik\AppData\Roaming\StunlockStudios
2014-08-03 13:21 . 2014-08-03 13:21 -------- d-----w- c:\programdata\Riot Games
2014-08-02 18:18 . 2014-08-02 18:18 -------- d-----w- c:\users\Dominik\AppData\Local\Red 5 Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-31 09:47 . 2014-04-01 18:42 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-29 08:32 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-13 21:56 . 2011-11-12 09:19 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-28 14:06 . 2014-07-28 14:06 49264 ----a-w- c:\windows\system32\drivers\mcvidrv.sys
2014-07-14 08:17 . 2014-06-15 07:37 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-07-14 08:17 . 2014-02-20 18:33 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-07-08 18:48 . 2012-08-27 21:13 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 18:48 . 2012-08-27 21:13 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-02 19:54 . 2012-12-28 19:59 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-02 19:54 . 2011-11-06 12:32 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-02 19:53 . 2011-11-06 12:32 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-06-30 10:46 . 2012-12-28 19:59 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-06-18 02:18 . 2014-07-08 20:46 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-08 20:46 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-08 20:46 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-08 20:46 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-08 20:44 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-08 20:44 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-08 20:44 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-15 751184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"195.137.182.212,255.255.255.255,192.168.1.101,1"=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz130;cpuz130; [x]
R3 EagleX64;EagleX64; [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57amd64.sys;c:\windows\SYSNATIVE\DRIVERS\k57amd64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-30 10:30 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 18:48]
.
2014-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-19 14:40]
.
2014-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-19 14:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-13 09:39 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"195.137.182.212,255.255.255.255,192.168.1.101,1"=""
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\s1zgymxe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-675830432-1407587707-451845828-1000\Software\SecuROM\License information*]
"datasecu"=hex:30,c0,4b,23,a5,71,0a,fc,59,7a,14,27,a1,2a,a0,ad,b8,50,b5,ab,aa,
e9,88,bd,85,86,cd,f4,6e,14,3c,f5,59,72,66,7b,fc,8f,b5,8d,7c,61,d0,89,86,65,\
"rkeysecu"=hex:fd,46,dd,72,99,a1,7d,be,71,27,05,17,d1,ff,d3,f3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="6028CBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DFEBC9E127BECC74CC03361AF361F47DB0278DA1BBBC8EFF477ED3623F2489EEFB351CBFA16150DC85CFDB4E2B5E8BCE94B7911D7CA196AE4079C214313834EA60441AF453786294EBB844609CF8C29070E1CBA2D2C28197879B904B9F1BA5D421CF764A48534CA0F0AE2DFEA4BD7433173060835329BA34E939391900F8F8C21FC8FBFB34C58E74AA69B9AD3E0BD53A7D5C2768CA23F4CC7CFDB4ED760C2AEE85E83EE144D4E0984A5136816BED1BA70C73EDB553980650C5B2D95224C3E2D7D2AB36EE6BD19CA85CD930B848750E8D40ECC62B526745504178193052F0F840D00669155C5DB5FD89B4B9CF9D095656220A485560AD0185F1AB74B9A59E1C40531C2800B045F8DD0BC4907D0A4A44A692AE016647DEF3D102B9391040F8D92984455B4370891AA7E96050B6B022245FE8D7DB8130BD168CACBBB10E00709A4BF748E7C0E5783283DC0563CAE59599A7EDEDF67973398CF8AA9BE45DA6FEE493530427C47EAE805A6057C038191B79E82E5CBED2BE68BBE8EAC08831BE601DFF799A9A91DB01CD61C64961AD084CE3C6C9FEDEB0C0E9595D76DEC6F4F01A25C4A88E0CF500898C6C1922C118F80D371623C5359FA0345C6ABB9A483AB465B473606680D24C701137F75A54D2F472250CD21EDFB3E16CDD916134A8C6633D6BC83D0A5546137180C812A50052B0E37015AE695F1A089856AE32FDEAD3AB7E5ECC3DADE6DD294C796B87FDCC3FE01B53B7958042C6D946926A77743DB64387B1E49CC4271C7101E2E57F9E26B2A3C61CEE1F7D7EDF6621553B888C0E0AA8B30A52AFE5E50154FC95D57CF5A2EB2D2A51E8BF813D29391CD462F3501DA507E3F7043012ACC116BA047F4ECA09322C9109EB4C41CC49D357AEB6A83953B23500A01B3957BFD17F09C202F70F7F7821C525ADBF6BD06F05525428C2AEFC76FB612695DB290CC8861D932C92F848BE538437149E1A62BF06B7C5E7B99E81B08580252E782897948B19859CEAF50D162FDDB148487681D826754E560F13BA144D02378BEE3E8963D4ABE08092E48210FC5BA0A5B22F8970FAC2316AB0A869E7F32672C116A1A8B5488D4430998BF288759A0ACDD9D35AD831104BB0EE94EA5177E6150525C6792FBBD87A4239469646EF4F469619A58C1D26034BAFD4F79236EAEC9DF383202BAA8AE2859EFF8E0A9674CC045016E878DF2D8190CB5AB53D26BAE7C64BE1DFDE55194AB21C9CFA1211C85B0D318A0C61D5C2FB83932A50CC8F95EF700A57D544BF21D2A54D15A8EC4B7B89941C76D82D28D09BE63B71636680712E1E5EFEA61F50C68E059EC8BECE66BF56FCAF5C688620703"
"OODEFRAG12.00.00.01PROFESSIONAL"="5B22BAAAF5AF981F067165D600A73CB65756381E0E5FD03457DB3A01699A182FB32966A7B13A4FD898F2E35AF5D0E8D61EBEB7C4EE8F4D76C4EE9C883B7CB8A27A27602538FB9933B7794C2ADCA61008AAE92C3DB576EDF7723E556C5E3D4C0C669ACA5417683989727867946D22FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB34525D575E7D6A3B98088EDD5E5BE2F6E66761EABC54A4F9BCAFDCD3FCF51A7D9825AE67CA95AD38308953F6544D34B8A525FA4CA69E9962E2EA2F3B0CE709E4450A0578F7A2AE7B4B5F6A467E71850BD7A677775E0236FB078459321FBF04748CE1421637D14D5DA9117621CAED99322FC860EF72F4B62D8EEAB54B1A66E9337C1EB001E5A3299DA535531330F7F04FECE741B295819D93C4DDA38E0A5DDB5A8904206E09AAA4B57935E09DCDD7CF34B634ABAC1CC5307F577303769CB7C0578A2FE105C911674EC7D183B6E2ECBDE896B033BE00F5F5F4599339F1261BC2CA3A8B4EE0F1935BC7149C214655A687A8F7367140E0D53CAD427B31E41C44CF0BB9DB3D13F27FB1B2467C2629AD0BBC642D6E02FB7EBF9615693AD7251A029A228BB5109E5F3C5B56ABAB82301933B1BEEC5B072DC024D6CB90B61F7DDEB798CC9602287BF041912EF33BA922E7CC7E8E4ECFA4883083992757A87B2E4D5D847DA6806C960219CEE6B30B14B68F970060517303347B75382FC51D68E9EBFB5BD86BC0C7CF92E55164E2D3BB9BA86A56735442CE47F223579F4574E2576635E0B8F72A29F9C7DB9D3DDE9FA071EF2FE43B208C39D28E4A5AEA26E46D920B3B1AA9C4F502DD6842F8BBE7CD47CCC661D35FDBF4755767BEE93419758B29CCD5D16F2B31C838E0F5F0DDA290B7B631928F3A9574BE4B3BE674D3B483C79E4360157D6B3FF938C0E75256956E7C2D5A69C85E3E56CF186C3BAA577340B0E92949B7FD2A541382BB1B320CAEC2A5A08C9DF18B2C3A699D004B817E34AF57F65C154FCEEC7B17AEAAA867993F3CC7F5397E45BB9713D0ABA13933BDB8AB51A3DFD93581A0918CC8893C0CCC795D7707F6EABD1A9E2BCE899C3BBABDA7DF3843DC4388DA93497D5076967FA9F77D54207D581C06C21CAFF0641B5BDB8B4EA99D1C10AAD5F9A679BA368C65E436467B0228D16412E8D5440F8F379927D24AC7EC0C15C29E6B0693EE320525E913B81262FA73DD07DA1C6008D504BDE44FFD3760C1383996611361C8F3FC6AD755253EE919EF96E0C588DDEF1805558E39E4239A72763ED4BDD0FC992D85A1FE24B3ACB54A8A5CCD3C841851D454334FA8D0B8B379DC43A1C2138724B0C181698C5D8C57FD9D45B1B1D0712B352369091DE628B6D40FFD7A188620A077E97E4E7EF312D1C395A7A38181CD6E"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
.
**************************************************************************
.
Celkový čas: 2014-08-31 11:54:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-31 09:54
.
Před spuštěním: 3 679 535 104
Po spuštění: 5 049 466 880
.
- - End Of File - - D84D4F0AACDBC853B3E00BC4F8EBB866

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
ClearJavaCache::

Kód: Vybrat vše

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Máš alespoň 15% volného místa na disku?

[Deny18]

ComboFix 14-08-31.01 - Dominik 31.08.2014 22:32:41.2.1 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3959.2944 [GMT 2:00]
Spuštěný z: d:\z internetu_sta×eno\ComboFix.exe
Použité ovládací přepínače :: c:\users\Dominik\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.24.15\goopdate.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.24.15\psmachine.dll
c:\program files (x86)\Google\Update\1.3.24.15\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.24.15\psuser.dll
c:\program files (x86)\Google\Update\1.3.24.15\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.15\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.102\37.0.2062.102_chrome_installer.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-28 do 2014-08-31 )))))))))))))))))))))))))))))))
.
.
2014-08-31 20:41 . 2014-08-31 20:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-31 20:41 . 2014-08-31 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-30 22:01 . 2014-08-30 22:01 -------- d-----w- c:\users\Dominik\AppData\Roaming\Avira
2014-08-30 21:59 . 2014-08-15 08:30 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-08-30 21:59 . 2014-08-15 08:30 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-08-30 21:59 . 2014-08-15 08:30 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-08-30 21:49 . 2014-08-30 21:59 -------- d-----w- c:\programdata\Avira
2014-08-30 21:33 . 2014-08-30 21:33 -------- d-----w- c:\programdata\ProductData
2014-08-30 10:37 . 2014-08-30 10:37 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-08-30 10:14 . 2014-08-30 09:56 24064 ----a-w- c:\windows\zoek-delete.exe
2014-08-30 10:14 . 2014-08-31 20:46 -------- d-----w- c:\users\Dominik\AppData\Local\Temp
2014-08-29 09:14 . 2014-08-30 09:42 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-29 09:14 . 2014-08-29 09:14 -------- d-----w- c:\programdata\RogueKiller
2014-08-28 10:01 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 10:01 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 10:01 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-24 12:13 . 2014-08-24 12:13 -------- d-sh--w- c:\users\Dominik\AppData\Local\EmieUserList
2014-08-24 12:13 . 2014-08-24 12:13 -------- d-sh--w- c:\users\Dominik\AppData\Local\EmieSiteList
2014-08-20 11:57 . 2014-08-30 21:43 -------- d-----w- c:\users\Dominik\AppData\Local\ManyCam
2014-08-20 11:54 . 2014-08-20 11:54 -------- d-----w- c:\users\Dominik\AppData\Roaming\ManyCam
2014-08-20 11:54 . 2014-08-22 10:19 -------- d-----w- c:\programdata\ManyCam
2014-08-20 11:54 . 2014-08-20 11:56 -------- d-----w- c:\program files (x86)\ManyCam
2014-08-14 22:06 . 2014-08-14 22:06 -------- d-----w- C:\NVIDIA
2014-08-13 21:48 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 21:48 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 21:48 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 21:48 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 21:48 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 21:48 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 21:48 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 21:48 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 05:43 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 05:43 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-06 12:57 . 2014-08-06 12:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-05 20:02 . 2014-08-05 20:02 -------- d-----w- c:\users\Dominik\AppData\Roaming\StunlockStudios
2014-08-03 13:21 . 2014-08-03 13:21 -------- d-----w- c:\programdata\Riot Games
2014-08-02 18:18 . 2014-08-02 18:18 -------- d-----w- c:\users\Dominik\AppData\Local\Red 5 Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-31 20:46 . 2014-04-01 18:42 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-29 08:32 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-13 21:56 . 2011-11-12 09:19 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-28 14:06 . 2014-07-28 14:06 49264 ----a-w- c:\windows\system32\drivers\mcvidrv.sys
2014-07-14 08:17 . 2014-06-15 07:37 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-07-14 08:17 . 2014-02-20 18:33 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-07-08 18:48 . 2012-08-27 21:13 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 18:48 . 2012-08-27 21:13 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-02 19:54 . 2012-12-28 19:59 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-02 19:54 . 2011-11-06 12:32 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-02 19:53 . 2011-11-06 12:32 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-06-30 10:46 . 2012-12-28 19:59 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-06-18 02:18 . 2014-07-08 20:46 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-08 20:46 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-08 20:46 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-08 20:46 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-08 20:44 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-08 20:44 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-08 20:44 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-15 751184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"195.137.182.212,255.255.255.255,192.168.1.101,1"=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz130;cpuz130; [x]
R3 EagleX64;EagleX64; [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57amd64.sys;c:\windows\SYSNATIVE\DRIVERS\k57amd64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-30 10:30 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 18:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-13 09:39 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"195.137.182.212,255.255.255.255,192.168.1.101,1"=""
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\s1zgymxe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-675830432-1407587707-451845828-1000\Software\SecuROM\License information*]
"datasecu"=hex:30,c0,4b,23,a5,71,0a,fc,59,7a,14,27,a1,2a,a0,ad,b8,50,b5,ab,aa,
e9,88,bd,85,86,cd,f4,6e,14,3c,f5,59,72,66,7b,fc,8f,b5,8d,7c,61,d0,89,86,65,\
"rkeysecu"=hex:fd,46,dd,72,99,a1,7d,be,71,27,05,17,d1,ff,d3,f3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="6028CBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DFEBC9E127BECC74CC03361AF361F47DB0278DA1BBBC8EFF477ED3623F2489EEFB351CBFA16150DC85CFDB4E2B5E8BCE94B7911D7CA196AE4079C214313834EA60441AF453786294EBB844609CF8C29070E1CBA2D2C28197879B904B9F1BA5D421CF764A48534CA0F0AE2DFEA4BD7433173060835329BA34E939391900F8F8C21FC8FBFB34C58E74AA69B9AD3E0BD53A7D5C2768CA23F4CC7CFDB4ED760C2AEE85E83EE144D4E0984A5136816BED1BA70C73EDB553980650C5B2D95224C3E2D7D2AB36EE6BD19CA85CD930B848750E8D40ECC62B526745504178193052F0F840D00669155C5DB5FD89B4B9CF9D095656220A485560AD0185F1AB74B9A59E1C40531C2800B045F8DD0BC4907D0A4A44A692AE016647DEF3D102B9391040F8D92984455B4370891AA7E96050B6B022245FE8D7DB8130BD168CACBBB10E00709A4BF748E7C0E5783283DC0563CAE59599A7EDEDF67973398CF8AA9BE45DA6FEE493530427C47EAE805A6057C038191B79E82E5CBED2BE68BBE8EAC08831BE601DFF799A9A91DB01CD61C64961AD084CE3C6C9FEDEB0C0E9595D76DEC6F4F01A25C4A88E0CF500898C6C1922C118F80D371623C5359FA0345C6ABB9A483AB465B473606680D24C701137F75A54D2F472250CD21EDFB3E16CDD916134A8C6633D6BC83D0A5546137180C812A50052B0E37015AE695F1A089856AE32FDEAD3AB7E5ECC3DADE6DD294C796B87FDCC3FE01B53B7958042C6D946926A77743DB64387B1E49CC4271C7101E2E57F9E26B2A3C61CEE1F7D7EDF6621553B888C0E0AA8B30A52AFE5E50154FC95D57CF5A2EB2D2A51E8BF813D29391CD462F3501DA507E3F7043012ACC116BA047F4ECA09322C9109EB4C41CC49D357AEB6A83953B23500A01B3957BFD17F09C202F70F7F7821C525ADBF6BD06F05525428C2AEFC76FB612695DB290CC8861D932C92F848BE538437149E1A62BF06B7C5E7B99E81B08580252E782897948B19859CEAF50D162FDDB148487681D826754E560F13BA144D02378BEE3E8963D4ABE08092E48210FC5BA0A5B22F8970FAC2316AB0A869E7F32672C116A1A8B5488D4430998BF288759A0ACDD9D35AD831104BB0EE94EA5177E6150525C6792FBBD87A4239469646EF4F469619A58C1D26034BAFD4F79236EAEC9DF383202BAA8AE2859EFF8E0A9674CC045016E878DF2D8190CB5AB53D26BAE7C64BE1DFDE55194AB21C9CFA1211C85B0D318A0C61D5C2FB83932A50CC8F95EF700A57D544BF21D2A54D15A8EC4B7B89941C76D82D28D09BE63B71636680712E1E5EFEA61F50C68E059EC8BECE66BF56FCAF5C688620703"
"OODEFRAG12.00.00.01PROFESSIONAL"="5B22BAAAF5AF981F067165D600A73CB65756381E0E5FD03457DB3A01699A182FB32966A7B13A4FD898F2E35AF5D0E8D61EBEB7C4EE8F4D76C4EE9C883B7CB8A27A27602538FB9933B7794C2ADCA61008AAE92C3DB576EDF7723E556C5E3D4C0C669ACA5417683989727867946D22FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB34525D575E7D6A3B98088EDD5E5BE2F6E66761EABC54A4F9BCAFDCD3FCF51A7D9825AE67CA95AD38308953F6544D34B8A525FA4CA69E9962E2EA2F3B0CE709E4450A0578F7A2AE7B4B5F6A467E71850BD7A677775E0236FB078459321FBF04748CE1421637D14D5DA9117621CAED99322FC860EF72F4B62D8EEAB54B1A66E9337C1EB001E5A3299DA535531330F7F04FECE741B295819D93C4DDA38E0A5DDB5A8904206E09AAA4B57935E09DCDD7CF34B634ABAC1CC5307F577303769CB7C0578A2FE105C911674EC7D183B6E2ECBDE896B033BE00F5F5F4599339F1261BC2CA3A8B4EE0F1935BC7149C214655A687A8F7367140E0D53CAD427B31E41C44CF0BB9DB3D13F27FB1B2467C2629AD0BBC642D6E02FB7EBF9615693AD7251A029A228BB5109E5F3C5B56ABAB82301933B1BEEC5B072DC024D6CB90B61F7DDEB798CC9602287BF041912EF33BA922E7CC7E8E4ECFA4883083992757A87B2E4D5D847DA6806C960219CEE6B30B14B68F970060517303347B75382FC51D68E9EBFB5BD86BC0C7CF92E55164E2D3BB9BA86A56735442CE47F223579F4574E2576635E0B8F72A29F9C7DB9D3DDE9FA071EF2FE43B208C39D28E4A5AEA26E46D920B3B1AA9C4F502DD6842F8BBE7CD47CCC661D35FDBF4755767BEE93419758B29CCD5D16F2B31C838E0F5F0DDA290B7B631928F3A9574BE4B3BE674D3B483C79E4360157D6B3FF938C0E75256956E7C2D5A69C85E3E56CF186C3BAA577340B0E92949B7FD2A541382BB1B320CAEC2A5A08C9DF18B2C3A699D004B817E34AF57F65C154FCEEC7B17AEAAA867993F3CC7F5397E45BB9713D0ABA13933BDB8AB51A3DFD93581A0918CC8893C0CCC795D7707F6EABD1A9E2BCE899C3BBABDA7DF3843DC4388DA93497D5076967FA9F77D54207D581C06C21CAFF0641B5BDB8B4EA99D1C10AAD5F9A679BA368C65E436467B0228D16412E8D5440F8F379927D24AC7EC0C15C29E6B0693EE320525E913B81262FA73DD07DA1C6008D504BDE44FFD3760C1383996611361C8F3FC6AD755253EE919EF96E0C588DDEF1805558E39E4239A72763ED4BDD0FC992D85A1FE24B3ACB54A8A5CCD3C841851D454334FA8D0B8B379DC43A1C2138724B0C181698C5D8C57FD9D45B1B1D0712B352369091DE628B6D40FFD7A188620A077E97E4E7EF312D1C395A7A38181CD6E"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
.
**************************************************************************
.
Celkový čas: 2014-08-31 22:51:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-31 20:51
ComboFix2.txt 2014-08-31 09:54
.
Před spuštěním: 4 772 888 576
Po spuštění: 4 438 011 904
.
- - End Of File - - 893EF83FC18CB6DDEBEA5EC682A44A6E

[Deny18]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:54:47, on 31.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)

FIREFOX: 30.0 (cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Dominik\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Unknown owner - (no file)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

[Deny18]

Log z aswmbr.exe bohužel nemůžu přiložit, protože při kontrole spadne a napíše to, že Program avast! Antirootkit přestal pracovat. Na disku C:/ je volno kolem 4-5 GB ze 49,9 GB (u mě klasika, nic zvláštního.. tím to určitě nebude). Na disku D:/ volno 237 GB z 531 GB.