Prosím o kontrolu logu - nelze otevřít programy, adresáře...

[Svab]

Zdravím a děkuji za pomoc, při té smršti příkazů jsem ani nepoděkoval:-).
Nicméně počítač se teď tváří lépe, ale stále nechce otevřít některé programy. Některé jdou pouze po otevřít jako správce (Google a pod.) a některé vůbec neb to tuto variantu ani nenabízí. Pokud se však počítač projede tím JRT, tak vše běží normálně ovšem pouze do doby, než se počítač restartuje. V tu chvíli je to stejné a opět po projetí JRT vše funguje.
Děkuji ještě jednou za Váš čas.

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab


Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

[Svab]

----------------------------------------------------------------------------
CrystalDiskInfo 6.2.2 (C) 2008-2014 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Professional SP1 [6.1 Build 7601] (x64)
Date : 2015/03/02 19:03:10

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ ATA Channel 0 (0)
- SAMSUNG HD103SJ ATA Device
- ATA Channel 1 (1)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
+ ATA Channel 1 (1)
- ASUS DRW-24B5ST ATA Device
+ AW7PUMJM IDE Controller [SCSI]
- KFQZQFE QNCH2ZG9Q SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD103SJ : 1000,2 GB [0/2/0, pd1]

----------------------------------------------------------------------------
(1) SAMSUNG HD103SJ
----------------------------------------------------------------------------
Model : SAMSUNG HD103SJ
Firmware : 1AJ100E4
Serial Number : S246J90Z129485
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : 32767 KB
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : ---- | SATA/300
Power On Hours : 21818 hod.
Power On Count : 985 krát
Temperature : 31 C (87 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FEFEh [ON]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000001 Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _76 _73 _25 000000001CBC Čas na roztočení ploten
04 _94 _94 __0 000000001AEA Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 00000000553A Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 252 252 __0 000000000000 Počet pokusů o překalibrování
0C 100 100 __0 0000000003D9 Počet cyklů zapnutí zařízení
BF 100 100 __0 0000000001D2 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _51 __0 00320011001F Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 100 100 __0 000000000029 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 000000000079 Počet chyb při zápisu sektorů
DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 100 100 __0 000000001B89 Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 3436 4A39 305A 3132 3934 3835 2020 2020 2020
020: 0000 FFFF 0004 3141 4A31 3030 4534 5341 4D53 554E
030: 4720 4844 3130 3353 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 7469 BE41 4123 207F 004D
090: 004D 0000 FFFE 0000 FEFE 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 4000 0000 5002 4E92
110: 01AC 2A66 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 FFA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 01 00 00 00 00 00 00 02 26
010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 4C 49 BC
020: 1C 00 00 00 00 00 04 32 00 5E 5E EA 1A 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 3A 55 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 64 64 D9
080: 03 00 00 00 00 00 BF 22 00 64 64 D2 01 00 00 00
090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
0A0: 00 40 33 1F 00 11 00 32 00 00 C3 3A 00 64 64 00
0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
0C0: 00 00 C5 32 00 FC FC 00 00 00 00 00 00 00 C6 30
0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 64 64 29
0E0: 00 00 00 00 00 00 C8 2A 00 64 64 79 00 00 00 00
0F0: 00 00 DF 32 00 FC FC 00 00 00 00 00 00 00 E1 32
100: 00 64 64 89 1B 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 80 25 00 5B
170: 03 00 01 00 02 A0 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

[Orcus]

Stáhni si Memtest:

Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.

====================================================

Stáhni HWMonitor a nainstaluj jej.
- Spusť a uveď PC do zatížení (tjs. aspoň 10 minut).
- Udělej screenshot a ten sem vlož, tak jak je popsáno v návodu k tomuto fóru.

[Svab]

tak Memtest bez problémů

HW monitor zde: http://screenshot.cz/G9FSI/

[jaro3]

Vyšší teploty CPU , víc chladit!

[Svab]

Jojo...to jsem také zjistil, ale asi to nemá souvislost s výše popisovaným. Tzn..., že když restartuji počítač, tak nemohu otevřít některé soubory a dostat se do některých složek. Zároveň jdou některé programy spustit pouze jako správce (Google a pod.). Když dám JRT, tak vše funguje normálně. Níže posílám ještě jednou log z JRT. Mám se nějak pokusit ručně smazat ten adresář /relevantknowledge?

[Svab]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x64
Ran by admin on Ÿt 05.03.2015 at 16:59:14,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\relevantknowledge"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\relevantknowledge"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Ÿt 05.03.2015 at 17:01:21,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Svab]

ComboFix 15-03-01.01 - admin 06.03.2015 7:37.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4087.2384 [GMT 1:00]
Spuštěný z: c:\users\admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-06 do 2015-03-06 )))))))))))))))))))))))))))))))
.
.
2015-03-06 06:42 . 2015-03-06 06:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-04 16:55 . 2015-03-04 16:55 -------- d-----w- c:\users\admin\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2015-03-04 16:08 . 2015-03-04 16:08 -------- d-----w- c:\program files (x86)\OCCTPT
2015-03-04 12:40 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-04 06:25 . 2013-08-16 23:01 859416 ----a-w- c:\windows\system32\rlls64.dll
2015-03-04 06:25 . 2015-03-04 06:25 -------- d-----w- c:\program files\CPUID
2015-03-03 16:07 . 2015-03-03 16:07 -------- d-----w- c:\users\admin\AppData\Roaming\KC Softwares
2015-03-03 16:06 . 2015-03-03 16:06 -------- d-----w- c:\program files (x86)\KC Softwares
2015-03-02 10:35 . 2015-03-02 10:35 -------- d-----w- c:\users\admin\AppData\Local\Adobe
2015-03-01 10:08 . 2015-03-01 09:56 24064 ----a-w- c:\windows\zoek-delete.exe
2015-03-01 09:56 . 2015-03-01 10:07 -------- d-----w- C:\zoek_backup
2015-02-28 19:30 . 2015-03-01 09:46 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-28 19:30 . 2015-02-28 19:30 -------- d-----w- c:\programdata\RogueKiller
2015-02-28 18:37 . 2015-02-28 18:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-28 18:36 . 2015-02-28 18:36 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-28 18:36 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-28 18:36 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-28 18:36 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-28 18:23 . 2015-02-28 19:31 -------- d-----w- C:\AdwCleaner
2015-02-26 21:42 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-26 21:42 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-26 21:42 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-26 21:42 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-11 10:05 . 2015-01-12 02:56 49664 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-02-11 10:04 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 10:04 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-11 10:04 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 10:04 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 10:02 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 10:02 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 10:02 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 10:02 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 10:02 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 10:02 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 10:02 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 10:02 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 10:02 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 09:57 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-04 22:49 . 2015-02-04 22:49 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-03 13:17 . 2012-08-28 20:49 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-11 22:03 . 2012-08-29 06:44 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-04 22:49 . 2012-08-29 07:06 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-04 22:49 . 2012-08-29 07:06 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-19 03:06 . 2015-01-16 10:08 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-16 10:08 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-13 10:08 . 2015-01-12 16:52 994384 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-12-13 10:08 . 2015-01-12 16:52 968336 ----a-w- c:\windows\system32\NvIFR64.dll
2014-12-13 10:08 . 2015-01-12 16:52 942400 ----a-w- c:\windows\system32\NvFBC64.dll
2014-12-13 10:08 . 2015-01-12 16:52 928072 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-12-13 10:08 . 2015-01-12 16:52 906560 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-12-13 10:08 . 2015-01-12 16:52 876976 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-12-13 10:08 . 2015-01-12 16:52 3610440 ----a-w- c:\windows\system32\nvcuvid.dll
2014-12-13 10:08 . 2015-01-12 16:52 353224 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-12-13 10:08 . 2015-01-12 16:52 3248968 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-12-13 10:08 . 2015-01-12 16:52 32099472 ----a-w- c:\windows\system32\nvoglv64.dll
2014-12-13 10:08 . 2015-01-12 16:52 306328 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-12-13 10:08 . 2015-01-12 16:52 25460552 ----a-w- c:\windows\system32\nvcompiler.dll
2014-12-13 10:08 . 2015-01-12 16:52 24764232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-12-13 10:08 . 2015-01-12 16:52 20465808 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-12-13 10:08 . 2015-01-12 16:52 1895056 ----a-w- c:\windows\system32\nvdispco6434709.dll
2014-12-13 10:08 . 2015-01-12 16:52 178632 ----a-w- c:\windows\system32\nvinitx.dll
2014-12-13 10:08 . 2015-01-12 16:52 17264312 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-12-13 10:08 . 2015-01-12 16:52 165760 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-12-13 10:08 . 2015-01-12 16:52 1556624 ----a-w- c:\windows\system32\nvdispgenco6434709.dll
2014-12-13 10:08 . 2015-01-12 16:52 13288360 ----a-w- c:\windows\system32\nvopencl.dll
2014-12-13 10:08 . 2015-01-12 16:52 13202520 ----a-w- c:\windows\system32\nvcuda.dll
2014-12-13 10:08 . 2015-01-12 16:52 10770120 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-12-13 10:08 . 2015-01-12 16:52 10710160 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-12-13 10:08 . 2015-01-12 16:52 10345280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-12-13 10:08 . 2014-08-03 18:47 16040184 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-12-13 10:08 . 2013-11-12 17:07 14128496 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-12-13 10:08 . 2013-11-10 13:22 74056 ----a-w- c:\windows\system32\OpenCL.dll
2014-12-13 10:08 . 2013-11-10 13:22 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-12-13 10:08 . 2013-11-10 13:20 18594432 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-12-13 10:08 . 2013-11-10 13:19 3293136 ----a-w- c:\windows\system32\nvapi64.dll
2014-12-13 10:08 . 2013-11-10 13:19 2897824 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-12-13 08:03 . 2013-11-10 13:22 3513488 ----a-w- c:\windows\system32\nvsvc64.dll
2014-12-13 08:03 . 2013-11-10 13:22 6859408 ----a-w- c:\windows\system32\nvcpl.dll
2014-12-13 08:03 . 2013-11-10 13:22 935240 ----a-w- c:\windows\system32\nvvsvc.exe
2014-12-13 08:03 . 2013-11-10 13:22 62608 ----a-w- c:\windows\system32\nvshext.dll
2014-12-13 08:03 . 2013-11-10 13:22 386368 ----a-w- c:\windows\system32\nvmctray.dll
2014-12-13 08:03 . 2013-11-10 13:22 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2014-12-13 00:47 . 2015-01-12 16:55 620176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-12-13 00:12 . 2014-06-21 12:21 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12 . 2013-10-29 19:36 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12 . 2014-06-21 12:21 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-12-13 00:12 . 2013-10-29 19:36 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-12 23:11 . 2013-11-10 13:22 4151176 ----a-w- c:\windows\system32\nvcoproc.bin
2014-12-11 17:47 . 2015-01-16 10:08 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Cobian Backup 11"="c:\program files (x86)\Cobian Backup 11\Cobian.exe" [2012-12-05 720896]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\admin\AppData\Local\Temp\Rar$EX01.841\WinRing0x64.sys;c:\users\admin\AppData\Local\Temp\Rar$EX01.841\WinRing0x64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 cbVSCService11;Cobian Backup 11 Stínová kopie - Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-28 18:58 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 22:49]
.
2015-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 20:40]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
mSearch Page = www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-ViewNX 2 v2.7.1 64bit - C:\Odinstalovat produkt.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files (x86)\RelevantKnowledge\rlvknlg.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3106253132-3128010108-230500583-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\hry\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T16:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T16:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T16:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-3106253132-3128010108-230500583-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\hry\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-03-06 07:44:13
ComboFix-quarantined-files.txt 2015-03-06 06:44
ComboFix2.txt 2015-03-05 22:17
.
Před spuštěním: Volných bajtů: 92 769 005 568
Po spuštění: Volných bajtů: 92 696 928 256
.
- - End Of File - - DF8459ECDE498C987C841645BDC43B24
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Svab]

ComboFix 15-03-01.01 - admin 08.03.2015 8:50.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4087.2979 [GMT 1:00]
Spuštěný z: c:\users\admin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-08 do 2015-03-08 )))))))))))))))))))))))))))))))
.
.
2015-03-08 07:55 . 2015-03-08 07:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-06 06:33 . 2015-03-06 06:33 -------- d-----w- C:\463272dde378c33bba77b85b57cc8a
2015-03-05 22:17 . 2015-03-08 07:55 -------- d-----w- c:\users\admin\AppData\Local\temp
2015-03-04 16:55 . 2015-03-04 16:55 -------- d-----w- c:\users\admin\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2015-03-04 16:08 . 2015-03-04 16:08 -------- d-----w- c:\program files (x86)\OCCTPT
2015-03-04 12:40 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-04 06:25 . 2013-08-16 23:01 859416 ----a-w- c:\windows\system32\rlls64.dll
2015-03-04 06:25 . 2015-03-04 06:25 -------- d-----w- c:\program files\CPUID
2015-03-03 16:07 . 2015-03-03 16:07 -------- d-----w- c:\users\admin\AppData\Roaming\KC Softwares
2015-03-03 16:06 . 2015-03-03 16:06 -------- d-----w- c:\program files (x86)\KC Softwares
2015-03-02 10:35 . 2015-03-02 10:35 -------- d-----w- c:\users\admin\AppData\Local\Adobe
2015-03-01 10:08 . 2015-03-01 09:56 24064 ----a-w- c:\windows\zoek-delete.exe
2015-03-01 09:56 . 2015-03-01 10:07 -------- d-----w- C:\zoek_backup
2015-02-28 19:30 . 2015-03-01 09:46 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-28 19:30 . 2015-02-28 19:30 -------- d-----w- c:\programdata\RogueKiller
2015-02-28 18:37 . 2015-02-28 18:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-28 18:36 . 2015-02-28 18:36 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-28 18:36 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-28 18:36 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-28 18:36 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-28 18:23 . 2015-02-28 19:31 -------- d-----w- C:\AdwCleaner
2015-02-26 21:42 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-26 21:42 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-26 21:42 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-26 21:42 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-11 10:05 . 2015-01-12 02:56 49664 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-02-11 10:04 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 10:04 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-11 10:04 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 10:04 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 10:02 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 10:02 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 10:02 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 10:02 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 10:02 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 10:02 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 10:02 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 10:02 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 10:02 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 09:57 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-03 13:17 . 2012-08-28 20:49 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-11 22:03 . 2012-08-29 06:44 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-04 22:49 . 2012-08-29 07:06 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-04 22:49 . 2012-08-29 07:06 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 22:49 . 2015-02-04 22:49 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-12-19 03:06 . 2015-01-16 10:08 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-16 10:08 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-13 10:08 . 2015-01-12 16:52 994384 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-12-13 10:08 . 2015-01-12 16:52 968336 ----a-w- c:\windows\system32\NvIFR64.dll
2014-12-13 10:08 . 2015-01-12 16:52 942400 ----a-w- c:\windows\system32\NvFBC64.dll
2014-12-13 10:08 . 2015-01-12 16:52 928072 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-12-13 10:08 . 2015-01-12 16:52 906560 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-12-13 10:08 . 2015-01-12 16:52 876976 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-12-13 10:08 . 2015-01-12 16:52 3610440 ----a-w- c:\windows\system32\nvcuvid.dll
2014-12-13 10:08 . 2015-01-12 16:52 353224 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-12-13 10:08 . 2015-01-12 16:52 3248968 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-12-13 10:08 . 2015-01-12 16:52 32099472 ----a-w- c:\windows\system32\nvoglv64.dll
2014-12-13 10:08 . 2015-01-12 16:52 306328 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-12-13 10:08 . 2015-01-12 16:52 25460552 ----a-w- c:\windows\system32\nvcompiler.dll
2014-12-13 10:08 . 2015-01-12 16:52 24764232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-12-13 10:08 . 2015-01-12 16:52 20465808 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-12-13 10:08 . 2015-01-12 16:52 1895056 ----a-w- c:\windows\system32\nvdispco6434709.dll
2014-12-13 10:08 . 2015-01-12 16:52 178632 ----a-w- c:\windows\system32\nvinitx.dll
2014-12-13 10:08 . 2015-01-12 16:52 17264312 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-12-13 10:08 . 2015-01-12 16:52 165760 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-12-13 10:08 . 2015-01-12 16:52 1556624 ----a-w- c:\windows\system32\nvdispgenco6434709.dll
2014-12-13 10:08 . 2015-01-12 16:52 13288360 ----a-w- c:\windows\system32\nvopencl.dll
2014-12-13 10:08 . 2015-01-12 16:52 13202520 ----a-w- c:\windows\system32\nvcuda.dll
2014-12-13 10:08 . 2015-01-12 16:52 10770120 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-12-13 10:08 . 2015-01-12 16:52 10710160 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-12-13 10:08 . 2015-01-12 16:52 10345280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-12-13 10:08 . 2014-08-03 18:47 16040184 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-12-13 10:08 . 2013-11-12 17:07 14128496 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-12-13 10:08 . 2013-11-10 13:22 74056 ----a-w- c:\windows\system32\OpenCL.dll
2014-12-13 10:08 . 2013-11-10 13:22 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-12-13 10:08 . 2013-11-10 13:20 18594432 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-12-13 10:08 . 2013-11-10 13:19 3293136 ----a-w- c:\windows\system32\nvapi64.dll
2014-12-13 10:08 . 2013-11-10 13:19 2897824 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-12-13 08:03 . 2013-11-10 13:22 3513488 ----a-w- c:\windows\system32\nvsvc64.dll
2014-12-13 08:03 . 2013-11-10 13:22 6859408 ----a-w- c:\windows\system32\nvcpl.dll
2014-12-13 08:03 . 2013-11-10 13:22 935240 ----a-w- c:\windows\system32\nvvsvc.exe
2014-12-13 08:03 . 2013-11-10 13:22 62608 ----a-w- c:\windows\system32\nvshext.dll
2014-12-13 08:03 . 2013-11-10 13:22 386368 ----a-w- c:\windows\system32\nvmctray.dll
2014-12-13 08:03 . 2013-11-10 13:22 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2014-12-13 00:47 . 2015-01-12 16:55 620176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-12-13 00:12 . 2014-06-21 12:21 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12 . 2013-10-29 19:36 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12 . 2014-06-21 12:21 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-12-13 00:12 . 2013-10-29 19:36 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-12 23:11 . 2013-11-10 13:22 4151176 ----a-w- c:\windows\system32\nvcoproc.bin
2014-12-11 17:47 . 2015-01-16 10:08 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Cobian Backup 11"="c:\program files (x86)\Cobian Backup 11\Cobian.exe" [2012-12-05 720896]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\admin\AppData\Local\Temp\Rar$EX01.841\WinRing0x64.sys;c:\users\admin\AppData\Local\Temp\Rar$EX01.841\WinRing0x64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 cbVSCService11;Cobian Backup 11 Stínová kopie - Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-28 18:58 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 22:49]
.
2015-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 20:40]
.
2015-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
mSearch Page = www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-ViewNX 2 v2.7.1 64bit - C:\Odinstalovat produkt.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files (x86)\RelevantKnowledge\rlvknlg.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3106253132-3128010108-230500583-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\hry\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T16:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T16:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T16:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-3106253132-3128010108-230500583-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\hry\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2015-03-08 08:58:01
ComboFix-quarantined-files.txt 2015-03-08 07:58
ComboFix2.txt 2015-03-06 06:44
ComboFix3.txt 2015-03-05 22:17
.
Před spuštěním: Volných bajtů: 92 650 967 040
Po spuštění: Volných bajtů: 92 597 178 368
.
- - End Of File - - 832B262F41DCDBB6B7BE68C8AFC58867
A36C5E4F47E84449FF07ED3517B43A31