Rising Antivirus Vyřešeno

[jaro3]

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[Reklama]

[bobsch2]

ComboFix 15-08-24.01 - Admin 26.08.2015 20:56:01.7.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.4095.2687 [GMT 2:00]
Spuštěný z: c:\users\Admin\Desktop\Správa PC\Čištění PC od havěti\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Local Settings\Temp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-26 do 2015-08-26 )))))))))))))))))))))))))))))))
.
.
2015-08-26 19:03 . 2015-08-26 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-26 19:03 . 2015-08-26 19:03 -------- d-----w- c:\users\Arnochtomag\AppData\Local\temp
2015-08-26 18:37 . 2015-08-26 19:07 -------- d-----w- c:\programdata\ExtTag
2015-08-26 13:30 . 2015-08-26 13:08 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-26 13:30 . 2015-08-26 19:04 -------- d-----w- c:\users\Admin\AppData\Local\Temp
2015-08-25 13:00 . 2015-08-25 13:00 -------- d-----w- C:\Steam
2015-08-25 07:43 . 2015-08-25 09:41 -------- d-----w- c:\users\Admin\AppData\Roaming\DarkSoulsII
2015-08-25 07:25 . 2015-08-25 12:48 -------- d-----w- c:\program files (x86)\Dark Souls 2
2015-08-24 14:58 . 2015-08-24 15:03 -------- d-----w- c:\program files (x86)\1E007420-1440428285-1100-5FCD-001E8C545F1D
2015-08-24 14:57 . 2015-08-24 16:57 -------- d-----w- c:\program files\NixSrv
2015-08-24 14:54 . 2015-08-25 06:32 -------- d-----w- c:\programdata\update
2015-08-24 11:51 . 2015-08-24 13:08 -------- d-----w- c:\program files (x86)\Air Conflicts Vietnam
2015-08-24 11:40 . 2015-08-24 11:45 -------- d-----w- c:\program files (x86)\Air Conflicts - Pacific Carriers
2015-08-23 13:29 . 2015-08-23 13:33 -------- d-----w- c:\program files (x86)\il-2 sturmovik cliffs of dover
2015-08-23 10:56 . 2015-08-23 10:56 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2015-08-23 10:56 . 2015-08-23 10:56 1227264 ----a-w- c:\windows\SysWow64\dx8vb.dll
2015-08-23 10:53 . 2015-08-24 11:35 -------- d-----w- c:\program files (x86)\IL-2 Sturmovik 1946
2015-08-21 08:18 . 2015-08-21 08:18 -------- d-----w- c:\users\Admin\AppData\Roaming\15x7R1nv2QRKdhzE
2015-08-21 07:20 . 2015-08-21 07:20 14800 ----a-w- c:\windows\WiseHDInfo64.dll
2015-08-21 07:14 . 2015-01-10 13:32 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2015-08-21 07:14 . 2014-06-04 13:17 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2015-08-21 01:00 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-21 01:00 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-21 01:00 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-20 22:41 . 2015-08-21 08:33 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-08-20 18:14 . 2015-08-07 04:22 573048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-08-20 17:55 . 2015-08-11 04:52 69416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-08-20 17:55 . 2015-08-11 04:52 50472 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-08-20 13:37 . 2015-08-20 13:37 -------- d-----w- c:\users\Admin\AppData\Local\O&O
2015-08-20 13:34 . 2015-08-20 16:28 -------- d-----w- c:\windows\system32\oodag
2015-08-20 13:31 . 2015-08-20 13:31 -------- d-----w- c:\programdata\OO Software
2015-08-20 01:19 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-20 01:19 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-19 20:37 . 2015-08-19 20:37 -------- d-----w- c:\users\Admin\AppData\Roaming\Ubisoft
2015-08-19 19:29 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-19 19:29 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-19 19:29 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-19 19:29 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-19 19:29 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-19 19:29 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-19 19:29 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-19 19:29 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-19 19:27 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-19 19:27 . 2015-07-10 17:51 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-08-19 19:27 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-19 19:27 . 2015-07-10 17:51 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-08-19 19:27 . 2015-07-10 17:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-19 19:27 . 2015-07-10 17:33 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-19 19:27 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-19 19:21 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-19 19:21 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-08-19 19:21 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-08-19 19:21 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-08-19 19:21 . 2015-07-15 03:19 2004992 ----a-w- c:\windows\system32\msxml6.dll
2015-08-19 19:21 . 2015-07-15 03:19 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-19 19:21 . 2015-07-15 03:14 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-19 19:21 . 2015-07-15 03:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-19 19:21 . 2015-07-15 02:55 1390592 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-19 19:21 . 2015-07-15 02:55 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-19 19:21 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-19 19:21 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-19 19:19 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-19 19:19 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe
2015-08-19 19:19 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-19 19:16 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-08-06 11:01 . 2015-08-06 22:48 -------- d-----w- c:\users\Admin\AppData\Roaming\Mount&Blade With Fire and Sword
2015-08-06 10:51 . 2015-08-21 19:12 -------- d-----w- c:\program files (x86)\Mount&Blade With Fire and Sword
2015-08-05 18:08 . 2015-08-26 19:03 -------- d-----w- c:\programdata\Local Settings
2015-08-05 18:07 . 2015-08-19 18:41 -------- d-----w- c:\users\Admin\AppData\Roaming\Microsoft Visual
2015-08-05 08:02 . 2015-08-05 08:02 -------- d-----w- c:\users\Admin\AppData\Local\Sniper Elite Nazi Zombie Army 2
2015-08-05 08:02 . 2015-08-05 08:02 -------- d-----w- c:\users\Admin\AppData\Local\EMU
2015-08-02 17:43 . 2015-08-02 17:44 -------- d-----w- c:\users\Admin\AppData\Roaming\Mount&Blade Warband
2015-08-02 17:43 . 2015-08-02 17:43 -------- d-----w- c:\programdata\SkidRow
2015-08-02 17:17 . 2015-08-02 17:17 -------- d-----w- c:\program files (x86)\TaleWorlds Entertainment
2015-08-01 19:42 . 2015-08-02 10:48 -------- d-----w- c:\users\Admin\AppData\Local\Sniper Elite Nazi Zombie Army
2015-08-01 19:42 . 2015-08-01 19:42 -------- d-----w- c:\users\Admin\AppData\Local\FLT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-26 18:10 . 2014-04-11 12:34 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-26 11:40 . 2014-04-11 12:34 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-25 18:59 . 2014-05-06 11:24 1170432 ----a-w- c:\windows\SysWow64\dvttrn.dll
2015-08-24 15:31 . 2013-05-19 10:12 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-24 15:31 . 2013-05-19 10:12 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-23 10:56 . 2000-05-22 12:58 608448 ----a-w- c:\windows\SysWow64\COMCTL32.OCX
2015-08-20 00:55 . 2012-07-11 11:07 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-19 21:17 . 2014-08-02 18:12 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-08-19 21:17 . 2012-08-07 15:09 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-08-19 20:47 . 2014-07-27 19:43 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-08-17 23:30 . 2014-07-30 20:51 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-17 23:30 . 2013-12-24 15:04 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-17 23:29 . 2014-07-30 20:51 1756608 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-17 23:29 . 2013-12-24 15:04 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-11 04:52 . 2014-07-30 20:46 72504 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-08-07 11:06 . 2015-02-19 09:18 3106384 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-08-07 11:06 . 2015-02-19 09:18 12513288 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-08-07 11:06 . 2012-10-10 20:23 3518248 ----a-w- c:\windows\system32\nvapi64.dll
2015-08-07 11:06 . 2012-10-10 20:23 17124832 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-08-07 04:34 . 2012-11-18 00:29 2558768 ----a-w- c:\windows\system32\nvsvcr.dll
2015-08-07 04:34 . 2012-09-02 19:16 62768 ----a-w- c:\windows\system32\nvshext.dll
2015-08-07 04:34 . 2012-09-02 19:16 937592 ----a-w- c:\windows\system32\nvvsvc.exe
2015-08-07 04:34 . 2012-09-02 19:16 385328 ----a-w- c:\windows\system32\nvmctray.dll
2015-08-07 04:34 . 2012-09-02 19:16 6883448 ----a-w- c:\windows\system32\nvcpl.dll
2015-08-07 04:34 . 2012-09-02 19:16 3492144 ----a-w- c:\windows\system32\nvsvc64.dll
2015-08-03 10:12 . 2015-02-19 09:20 5133709 ----a-w- c:\windows\system32\nvcoproc.bin
2015-07-15 18:10 . 2015-08-19 19:28 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-19 19:28 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-19 19:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-11 18:53 . 2015-07-11 12:09 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-04 18:07 . 2015-07-15 17:13 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 17:13 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 23:29 . 2015-06-23 23:29 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-18 06:41 . 2014-04-11 12:34 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-04-11 12:34 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 17:14 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 17:14 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-15 17:13 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 17:13 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 17:13 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 17:13 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:45 . 2015-07-15 17:13 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:44 . 2015-07-15 17:13 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 17:13 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 17:13 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 17:13 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 17:13 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 17:13 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 17:13 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-12 07:50 . 2015-06-30 11:46 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0320D7E-B163-47CF-A622-67D1393627FB}\mpengine.dll
2015-06-11 17:56 . 2015-07-15 17:12 1112576 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-11 17:16 . 2015-07-15 17:12 162816 ----a-w- c:\windows\system32\rdpudd.dll
2015-06-11 17:15 . 2015-07-15 17:12 20992 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-06-08 12:13 . 2015-07-08 20:33 428880 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-06-02 00:07 . 2015-07-15 17:14 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 17:14 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2014-11-19 1092448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"RSDTRAY"="c:\program files (x86)\Rising\RSD\popwndexe.exe" [2012-09-25 126808]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MS VISUAL PRO.lnk - c:\users\Admin\AppData\Roaming\Microsoft Visual\VFP6.exe [2015-8-5 360448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OnTranslator.lnk - c:\program files (x86)\OnTranslator.com\OnTranslator.exe /h [2015-7-27 1110016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\programdata\ExtTag\Touchranplus.dll
.
R1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys;c:\windows\SYSNATIVE\drivers\ArcCtrl.sys [x]
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys;c:\windows\SYSNATIVE\drivers\archlp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WiseHDInfo;WiseHDInfo;c:\windows\WiseHDInfo64.dll;c:\windows\WiseHDInfo64.dll [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk64.sys;c:\windows\SYSNATIVE\drivers\elrawdsk64.sys [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2014/06/08 19:50];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ExtTag;ExtTag;c:\programdata\ExtTag\ExtTag.exe;c:\programdata\ExtTag\ExtTag.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NixSrv;NixSrv Service;c:\program files\NixSrv\NixSrv.exe;c:\program files\NixSrv\NixSrv.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-08 15:31]
.
2015-08-25 c:\windows\Tasks\InstallShield Update Task.job
- c:\windows\system32\wscript.exe [2014-02-12 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-17 1710568]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-17 2634872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\programdata\ExtTag\StrongNamkix.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... RGEH2oe9kf
uDefault_Search_URL = www.google.com
mStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\
FF - prefs.js: browser.startup.homepage - c:\programdata\ExtTags\ff.HP
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-Etiusnh120.sys
SafeBoot-Sukeuk120.sys
BHO-{9FD3D761-2B09-DA1A-0229-0248A05B0334} - (no file)
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - c:\program files (x86)\Tencent\QQPCMgr\10.10.16443.223\QMGCShellExt64.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
.
.
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sidebar.exe pid: 3404 DC: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sidebar.exe pid: 3796 DC: C:]
--
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe pid: 3100 3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe pid: 816 3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG18.00.00.01PROFESSIONAL"="1EF5D26F22C85A9C115E27DBE909A590C185E66B9EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A6171C11EC38DE3DC038D530D6EB3452BA7FD869164D679400D9220F5EC9E3796850F05686EE3F993BE39A095390B734E792CCA90E4244E24F5256A4633F6FC538B8467EBDD5184F13A44D9DF4E48909150A7BA0465E5377913FC4C425EB7C87B9DEDD5CD612078818BDE0D4DA6B3CC46BE8C64E2D775093473F32405070CF918B8B0332293A63DC24BDC4012A565E5D24A764B6D4F51FADA45536EB0310BF017EEAD247808B9926459ABCFA7C7B90922AA2DAE1446AB40693E6BEA2CF303833978B3FE41DE4AA833FABDE1E5ED186629D9D065E74831D1BAEBE0C41BE5DB8C990DF0DDB344C295908AE1549D0780D90503B96BB549874B2478CB3A94AC5542BD741D87D6CE6BE4E49C21FDF492FFE28CC858F0FC3A4EE5761601EC161BAB0020F690DA0E181274D63EB11CBAFDACD71CBEAC7701B43D155B63207F2E7360BBB0AF86D20A50E338567144EF5E2037F003E3D6DFDA4B878BCB25C012BB3D0B10AD3728E5A3B1E47EA9B8794503257ACA4C6AF7E569BE8CF64F51C6FDB10CA096429BCDB3199695A337B75F14DE32783FA3D5ECE1EB45F5A6456168B7A3C068705FCA5918DAECD7AD9357348E3AFE743DC2E44070015C9AE9ADACD6201EB0AB768F25A4358584AC61FABF84F11C4B1436AD744A127D6F877274030D3ECC401B952E4EED4006D02738575E21154C1C16D092EA370C408E37270788996BFE3BA41C7E05A0178B2BD49D35C726DB0BC7A3CE0D78A158D2AA3729F268E317F55A9159329F854B7E66924165FC9962DBE5E43DCB208883933765CA0A2D381351F6511C4B10AB2383814751B30F29258C41727AE4D0D96060E3E2DA4FAD4B86F36A7A2AB25AFCFF7CC72BF74B65BBC3F40F1A048696EDEB3988070A26D6FD9BF074FCFDEE07337FBB9DB1CFB0DD0C47515E07D6480E5540725E7495172E5C0BA6F61AD3A763EC5480E4C37CA010A2C149D761FFD3D113F47F842EDB02FDE177BC20268D82AE12D69C76450C1161DCA3526EDFA54FEF03D43CD02A97F81E4DE1EC8FD3EA0F78FF26D5B68BD028209C9F9EF23996C5A6B3A4BD1BA5943F9E5EDC5BB4484B30BE0F1E5313E6574302D2A853095988E164A7D3328A8EF465CB56B96CA65210046CFD7EA25F3C4C2BD4DBC7F8F6C2A47AE391ED3E529F315A28854BB981B0F31BEBBA5968737EB5D7E122913AAEF126551CA060B153D008078797AE23D3FDEB93DE830879B5EFEF678876970138C2AFEE3F4F636B48CC11EBD8881BB43D033D0C1FDA3E01ADE3786671F4E4B4ED25FE97D8F043EB5DF7AC60816637E2AF14370FA86FB482F575FC738ACF75B54F83444E7D915"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\programdata\ExtTag\TreeRanlux.exe
.
**************************************************************************
.
Celkový čas: 2015-08-26 21:19:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-26 19:19
.
Před spuštěním: Volných bajtů: 417 313 808 384
Po spuštění: Volných bajtů: 416 760 750 080
.
- - End Of File - - 344FAFCF5AADCF302CB51C6FA2B384C4
A36C5E4F47E84449FF07ED3517B43A31

[bobsch2]

# DelFix v1.011 - Logfile created 26/08/2015 at 21:24:21
# Updated 18/08/2015 by Xplode
# Username : Admin - PCASUS
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\Admin\Desktop\RK_Quarantine
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Admin\Downloads\AdwCleaner.exe
Deleted : C:\Users\Admin\Downloads\adwcleaner_4.207 (1).exe
Deleted : C:\Users\Admin\Downloads\adwcleaner_4.207.exe
Deleted : C:\Users\Admin\Downloads\Avengers Age of Ultron (2015) HDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi
Deleted : C:\Users\Admin\Downloads\Avengers-Age-of-Ultron(0000258424).srt
Deleted : C:\Users\Admin\Downloads\avengers.age.of.ultron.(2015).cze.1cd.(6278680).zip
Deleted : C:\Users\Admin\Downloads\Avengers.Age.of.Ultron.2015.720p.HDRip.HEVC.x265...RSY™..TG.torrent
Deleted : C:\Users\Admin\Downloads\JRT.exe
Deleted : C:\Users\Admin\Downloads\HijackThis.exe
Deleted : C:\Users\Admin\Downloads\zoek.rar
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

########## - EOF - ##########

[jaro3]

Stáhni si znovu Combofix , ale nespouštěj ho!

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\system32\drivers\efavdrv.sys

Folder::
c:\program files (x86)\Rising
c:\program files (x86)\Skype\Updater

DirLook::
c:\users\Admin\AppData\Roaming\15x7R1nv2QRKdhzE
c:\program files\NixSrv

Driver::
SkypeUpdate
efavdrv

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RSDTRAY"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\SysWow64\dvttrn.dll
c:\programdata\ExtTag\Touchranplus.dll
c:\programdata\ExtTag\TreeRanlux.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[bobsch2]

Bkav HW32.Keylogger.qcag 20140829
Symantec WS.Reputation.1 20140901

[bobsch2]

Antivirus Result Update
Baidu-International Adware.Win32.Linkury.T 20150827
ESET-NOD32 a variant of Win32/Toolbar.Linkury.T potentially unwanted 20150827

[bobsch2]

SHA256: 9a2b5f0fbe515cc469e7c03ae33c645a4b33cd7b36036117990bd9901b0d2c53
File name: TreeRanlux.exe.config
Detection ratio: 0 / 56
Analysis date: 2015-08-27 15:49:38 UTC ( 0 minut ago )

[bobsch2]

ComboFix 15-08-24.01 - Admin 27.08.2015 18:25:44.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.4095.2495 [GMT 2:00]
Spuštěný z: c:\users\Admin\Desktop\Správa PC\Čištění PC od havěti\ComboFix.exe
Použité ovládací přepínače :: c:\users\Admin\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\efavdrv.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Rising
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\CfgDll.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\comx3.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\localopt.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\os.xml
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\popwndexe.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\protreg.sys
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsAppMgr.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsBackup.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD1252\Eng.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD932\Jpn.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD936\CHS.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD950\CHT.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rsdinfo.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rsdk.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rslang.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rsmginfo.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsMgrSvc.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSSetup.xml
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsStub.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RstoreDll.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\setup.dat
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\Setup.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\syslay.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\ui\snin.htm
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\update.xml
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\updater.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\Updater.exe.log
c:\program files (x86)\Rising\RSD\CfgDll.dll
c:\program files (x86)\Rising\RSD\CldRsd.dll
c:\program files (x86)\Rising\RSD\comx3.dll
c:\program files (x86)\Rising\RSD\localopt.dll
c:\program files (x86)\Rising\RSD\os.xml
c:\program files (x86)\Rising\RSD\popwndexe.exe
c:\program files (x86)\Rising\RSD\restorelog.txt
c:\program files (x86)\Rising\RSD\RsAppMgr.dll
c:\program files (x86)\Rising\RSD\RsBackup.exe
c:\program files (x86)\Rising\RSD\RSD1252\Eng.lag
c:\program files (x86)\Rising\RSD\RSD932\Jpn.lag
c:\program files (x86)\Rising\RSD\RSD936\CHS.lag
c:\program files (x86)\Rising\RSD\RSD950\CHT.lag
c:\program files (x86)\Rising\RSD\rsdinfo.dll
c:\program files (x86)\Rising\RSD\rsdk.dll
c:\program files (x86)\Rising\RSD\rslang.dll
c:\program files (x86)\Rising\RSD\rsmginfo.dll
c:\program files (x86)\Rising\RSD\RsMgrSvc.dat
c:\program files (x86)\Rising\RSD\RsMgrSvc.exe
c:\program files (x86)\Rising\RSD\RsMgrSvc.exe.bak
c:\program files (x86)\Rising\RSD\RsMgrSvc.exe.log
c:\program files (x86)\Rising\RSD\RsMgrsvc.ini
c:\program files (x86)\Rising\RSD\RsStub.exe
c:\program files (x86)\Rising\RSD\RstoreDll.dll
c:\program files (x86)\Rising\RSD\setup.dat
c:\program files (x86)\Rising\RSD\Setup.exe
c:\program files (x86)\Rising\RSD\Setup.exe.log
c:\program files (x86)\Rising\RSD\syslay.dll
c:\program files (x86)\Rising\RSD\ui\snin.htm
c:\program files (x86)\Rising\RSD\update.xml
c:\program files (x86)\Rising\RSD\updater.exe
c:\program files (x86)\Rising\RSD\updater.exe.log
c:\program files (x86)\Rising\RSD\XMLS\RSSetup.xml
c:\program files (x86)\Rising\Settings\RAV\24\boottm.dat
c:\program files (x86)\Rising\Settings\RAV\24\CCMgr.xml
c:\program files (x86)\Rising\Settings\RAV\24\NetConfig.ini
c:\program files (x86)\Rising\Settings\RAV\24\Ravcfg.xml
c:\program files (x86)\Rising\Settings\RAV\24\rsmon.db
c:\program files (x86)\Rising\Settings\RAV\24\rsstore.ini
c:\program files (x86)\Rising\Settings\RAV\24\rstasku.xml
c:\program files (x86)\Rising\Settings\RAV\24\RsTray.dat
c:\program files (x86)\Rising\Settings\RAV\24\rsuser.db
c:\program files (x86)\Rising\Settings\RAV\24\URLRs.fwr
c:\program files (x86)\Rising\Settings\RAV\24\wllib.dat
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_efavdrv
-------\Service_SkypeUpdate
-------\Service_RsMgrSvc
-------\Service_RsMgrSvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-27 do 2015-08-27 )))))))))))))))))))))))))))))))
.
.
2015-08-27 16:33 . 2015-08-27 16:33 -------- d-----w- c:\users\Spravce\AppData\Local\temp
2015-08-27 16:33 . 2015-08-27 16:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-27 16:33 . 2015-08-27 16:33 -------- d-----w- c:\users\OutputFolder\AppData\Local\temp
2015-08-27 16:33 . 2015-08-27 16:33 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2015-08-27 16:33 . 2015-08-27 16:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-08-27 16:33 . 2015-08-27 16:33 -------- d-----w- c:\users\Downloads\AppData\Local\temp
2015-08-27 16:33 . 2015-08-27 16:33 -------- d-----w- c:\users\Documents and Settings\AppData\Local\temp
2015-08-27 16:33 . 2015-08-27 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-27 16:33 . 2015-08-27 16:33 -------- d-----w- c:\users\Arnochtomag\AppData\Local\temp
2015-08-27 16:33 . 2015-08-27 16:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-26 19:36 . 2015-08-26 19:36 -------- d-----w- c:\users\Admin\AppData\Roaming\Enigma Software Group
2015-08-26 19:36 . 2015-08-26 19:36 -------- d-----w- C:\sh4ldr
2015-08-26 19:36 . 2015-08-26 19:36 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2015-08-26 18:37 . 2015-08-27 16:37 -------- d-----w- c:\programdata\ExtTag
2015-08-26 13:30 . 2015-08-26 13:08 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-26 13:30 . 2015-08-27 16:33 -------- d-----w- c:\users\Admin\AppData\Local\Temp
2015-08-25 13:00 . 2015-08-25 13:00 -------- d-----w- C:\Steam
2015-08-25 07:43 . 2015-08-25 09:41 -------- d-----w- c:\users\Admin\AppData\Roaming\DarkSoulsII
2015-08-25 07:25 . 2015-08-25 12:48 -------- d-----w- c:\program files (x86)\Dark Souls 2
2015-08-24 14:58 . 2015-08-24 15:03 -------- d-----w- c:\program files (x86)\1E007420-1440428285-1100-5FCD-001E8C545F1D
2015-08-24 14:57 . 2015-08-24 16:57 -------- d-----w- c:\program files\NixSrv
2015-08-24 14:54 . 2015-08-25 06:32 -------- d-----w- c:\programdata\update
2015-08-24 11:51 . 2015-08-24 13:08 -------- d-----w- c:\program files (x86)\Air Conflicts Vietnam
2015-08-24 11:40 . 2015-08-24 11:45 -------- d-----w- c:\program files (x86)\Air Conflicts - Pacific Carriers
2015-08-23 13:29 . 2015-08-23 13:33 -------- d-----w- c:\program files (x86)\il-2 sturmovik cliffs of dover
2015-08-23 10:56 . 2015-08-23 10:56 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2015-08-23 10:56 . 2015-08-23 10:56 1227264 ----a-w- c:\windows\SysWow64\dx8vb.dll
2015-08-23 10:53 . 2015-08-24 11:35 -------- d-----w- c:\program files (x86)\IL-2 Sturmovik 1946
2015-08-21 08:18 . 2015-08-21 08:18 -------- d-----w- c:\users\Admin\AppData\Roaming\15x7R1nv2QRKdhzE
2015-08-21 07:20 . 2015-08-21 07:20 14800 ----a-w- c:\windows\WiseHDInfo64.dll
2015-08-21 07:14 . 2015-01-10 13:32 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2015-08-21 07:14 . 2014-06-04 13:17 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2015-08-21 01:00 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-21 01:00 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-21 01:00 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-20 22:41 . 2015-08-21 08:33 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-08-20 18:14 . 2015-08-07 04:22 573048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-08-20 17:55 . 2015-08-11 04:52 69416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-08-20 17:55 . 2015-08-11 04:52 50472 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-08-20 13:37 . 2015-08-20 13:37 -------- d-----w- c:\users\Admin\AppData\Local\O&O
2015-08-20 13:34 . 2015-08-20 16:28 -------- d-----w- c:\windows\system32\oodag
2015-08-20 13:31 . 2015-08-20 13:31 -------- d-----w- c:\programdata\OO Software
2015-08-20 01:19 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-20 01:19 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-19 20:37 . 2015-08-19 20:37 -------- d-----w- c:\users\Admin\AppData\Roaming\Ubisoft
2015-08-19 19:29 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-19 19:29 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-19 19:29 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-19 19:29 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-19 19:29 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-19 19:29 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-19 19:29 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-19 19:29 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-19 19:27 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-19 19:27 . 2015-07-10 17:51 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-08-19 19:27 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-19 19:27 . 2015-07-10 17:51 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-08-19 19:27 . 2015-07-10 17:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-19 19:27 . 2015-07-10 17:33 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-19 19:27 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-19 19:21 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-19 19:21 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-08-19 19:21 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-08-19 19:21 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-08-19 19:21 . 2015-07-15 03:19 2004992 ----a-w- c:\windows\system32\msxml6.dll
2015-08-19 19:21 . 2015-07-15 03:19 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-19 19:21 . 2015-07-15 03:14 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-19 19:21 . 2015-07-15 03:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-19 19:21 . 2015-07-15 02:55 1390592 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-19 19:21 . 2015-07-15 02:55 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-19 19:21 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-19 19:21 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-19 19:19 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-19 19:19 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe
2015-08-19 19:19 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-19 19:16 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-08-06 11:01 . 2015-08-06 22:48 -------- d-----w- c:\users\Admin\AppData\Roaming\Mount&Blade With Fire and Sword
2015-08-06 10:51 . 2015-08-21 19:12 -------- d-----w- c:\program files (x86)\Mount&Blade With Fire and Sword
2015-08-05 18:08 . 2015-08-26 19:03 -------- d-----w- c:\programdata\Local Settings
2015-08-05 18:07 . 2015-08-19 18:41 -------- d-----w- c:\users\Admin\AppData\Roaming\Microsoft Visual
2015-08-05 08:02 . 2015-08-05 08:02 -------- d-----w- c:\users\Admin\AppData\Local\Sniper Elite Nazi Zombie Army 2
2015-08-05 08:02 . 2015-08-05 08:02 -------- d-----w- c:\users\Admin\AppData\Local\EMU
2015-08-02 17:43 . 2015-08-02 17:44 -------- d-----w- c:\users\Admin\AppData\Roaming\Mount&Blade Warband
2015-08-02 17:43 . 2015-08-02 17:43 -------- d-----w- c:\programdata\SkidRow
2015-08-02 17:17 . 2015-08-02 17:17 -------- d-----w- c:\program files (x86)\TaleWorlds Entertainment
2015-08-01 19:42 . 2015-08-02 10:48 -------- d-----w- c:\users\Admin\AppData\Local\Sniper Elite Nazi Zombie Army
2015-08-01 19:42 . 2015-08-01 19:42 -------- d-----w- c:\users\Admin\AppData\Local\FLT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-27 16:18 . 2014-04-11 12:34 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-26 19:44 . 2014-05-06 11:24 1170432 ----a-w- c:\windows\SysWow64\dvttrn.dll
2015-08-26 11:40 . 2014-04-11 12:34 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-24 15:31 . 2013-05-19 10:12 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-24 15:31 . 2013-05-19 10:12 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-23 10:56 . 2000-05-22 12:58 608448 ----a-w- c:\windows\SysWow64\COMCTL32.OCX
2015-08-20 00:55 . 2012-07-11 11:07 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-19 21:17 . 2014-08-02 18:12 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-08-19 21:17 . 2012-08-07 15:09 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-08-19 20:47 . 2014-07-27 19:43 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-08-17 23:30 . 2014-07-30 20:51 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-17 23:30 . 2013-12-24 15:04 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-17 23:29 . 2014-07-30 20:51 1756608 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-17 23:29 . 2013-12-24 15:04 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-11 04:52 . 2014-07-30 20:46 72504 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-08-07 11:06 . 2015-02-19 09:18 3106384 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-08-07 11:06 . 2015-02-19 09:18 12513288 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-08-07 11:06 . 2012-10-10 20:23 3518248 ----a-w- c:\windows\system32\nvapi64.dll
2015-08-07 11:06 . 2012-10-10 20:23 17124832 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-08-07 04:34 . 2012-11-18 00:29 2558768 ----a-w- c:\windows\system32\nvsvcr.dll
2015-08-07 04:34 . 2012-09-02 19:16 62768 ----a-w- c:\windows\system32\nvshext.dll
2015-08-07 04:34 . 2012-09-02 19:16 937592 ----a-w- c:\windows\system32\nvvsvc.exe
2015-08-07 04:34 . 2012-09-02 19:16 385328 ----a-w- c:\windows\system32\nvmctray.dll
2015-08-07 04:34 . 2012-09-02 19:16 6883448 ----a-w- c:\windows\system32\nvcpl.dll
2015-08-07 04:34 . 2012-09-02 19:16 3492144 ----a-w- c:\windows\system32\nvsvc64.dll
2015-08-03 10:12 . 2015-02-19 09:20 5133709 ----a-w- c:\windows\system32\nvcoproc.bin
2015-07-15 18:10 . 2015-08-19 19:28 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-19 19:28 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-19 19:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-11 18:53 . 2015-07-11 12:09 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-04 18:07 . 2015-07-15 17:13 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 17:13 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 23:29 . 2015-06-23 23:29 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-18 06:41 . 2014-04-11 12:34 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-04-11 12:34 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 17:14 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 17:14 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-15 17:13 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 17:13 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 17:13 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 17:13 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:45 . 2015-07-15 17:13 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:44 . 2015-07-15 17:13 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 17:13 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 17:13 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 17:13 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 17:13 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 17:13 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 17:13 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-12 07:50 . 2015-06-30 11:46 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0320D7E-B163-47CF-A622-67D1393627FB}\mpengine.dll
2015-06-11 17:56 . 2015-07-15 17:12 1112576 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-11 17:16 . 2015-07-15 17:12 162816 ----a-w- c:\windows\system32\rdpudd.dll
2015-06-11 17:15 . 2015-07-15 17:12 20992 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-06-08 12:13 . 2015-07-08 20:33 428880 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-06-02 00:07 . 2015-07-15 17:14 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 17:14 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\NixSrv ----
.
2015-08-26 10:06 . 2015-08-26 10:06 428844 ----a-w- c:\program files\NixSrv\packages\ce951302-b47b-4947-a46d-2422effc295c\temp\InstallChrome.exe
2015-08-26 10:06 . 2015-08-26 10:06 449670 ----a-w- c:\program files\NixSrv\packages\ce951302-b47b-4947-a46d-2422effc295c\setup\Skype_Update.7.8.102.exe
2015-08-26 10:05 . 2015-08-26 10:06 916882 ----a-w- c:\program files\NixSrv\packages\ce951302-b47b-4947-a46d-2422effc295c\setup\Java_Update.8.0.450.exe
2015-08-26 10:05 . 2015-08-26 10:05 429239 ----a-w- c:\program files\NixSrv\packages\ce951302-b47b-4947-a46d-2422effc295c\setup\Firefox_Update.40.0.exe
2015-08-26 10:05 . 2015-08-26 10:24 3072 ----a-w- c:\program files\NixSrv\packages\ce951302-b47b-4947-a46d-2422effc295c\conf.db
2015-08-26 10:05 . 2015-08-26 10:41 25216 ----a-w- c:\program files\NixSrv\packages\ce951302-b47b-4947-a46d-2422effc295c\config.conf
2015-08-26 10:05 . 2015-08-26 10:05 190 ----a-w- c:\program files\NixSrv\packages\ce951302-b47b-4947-a46d-2422effc295c\NixHost.exe.config
2015-08-25 10:55 . 2015-08-26 18:37 3720539 ----a-w- c:\program files\NixSrv\packages\6848aad8-38bc-4e97-b900-e6fe98abd75e\Jackson.exe
2015-08-25 10:55 . 2015-08-25 10:55 262 ----a-w- c:\program files\NixSrv\packages\6848aad8-38bc-4e97-b900-e6fe98abd75e\xtc.exe.config
2015-08-25 10:55 . 2015-08-25 10:55 53248 ----a-w- c:\program files\NixSrv\packages\6848aad8-38bc-4e97-b900-e6fe98abd75e\xtc.exe
2015-08-25 10:55 . 2015-08-25 10:55 67720 ----a-w- c:\program files\NixSrv\packages\84e31e49-e5e9-4ed8-80e0-f82ce4243835\file.exe
2015-08-25 10:55 . 2015-08-25 10:55 190 ----a-w- c:\program files\NixSrv\packages\84e31e49-e5e9-4ed8-80e0-f82ce4243835\start.exe.config
2015-08-25 10:55 . 2015-08-25 10:55 28672 ----a-w- c:\program files\NixSrv\packages\84e31e49-e5e9-4ed8-80e0-f82ce4243835\start.exe
2015-08-24 14:57 . 2015-08-27 16:35 2776 ----a-w- c:\program files\NixSrv\config.conf
2015-08-23 06:47 . 2015-08-23 06:47 379392 ----a-w- c:\program files\NixSrv\NixSrv.exe
2015-03-10 07:12 . 2015-03-10 07:12 190 ----a-w- c:\program files\NixSrv\NixSrv.exe.config
.
---- Directory of c:\users\Admin\AppData\Roaming\15x7R1nv2QRKdhzE ----
.
2015-08-21 08:18 . 2015-03-12 14:33 6772224 --sh--w- c:\users\Admin\AppData\Roaming\15x7R1nv2QRKdhzE\TIenFBdZL82s.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2014-11-19 1092448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MS VISUAL PRO.lnk - c:\users\Admin\AppData\Roaming\Microsoft Visual\VFP6.exe [2015-8-5 360448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OnTranslator.lnk - c:\program files (x86)\OnTranslator.com\OnTranslator.exe /h [2015-7-27 1110016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys;c:\windows\SYSNATIVE\drivers\ArcCtrl.sys [x]
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys;c:\windows\SYSNATIVE\drivers\archlp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WiseHDInfo;WiseHDInfo;c:\windows\WiseHDInfo64.dll;c:\windows\WiseHDInfo64.dll [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk64.sys;c:\windows\SYSNATIVE\drivers\elrawdsk64.sys [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2014/06/08 19:50];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ExtTag;ExtTag;c:\programdata\ExtTag\ExtTag.exe;c:\programdata\ExtTag\ExtTag.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NixSrv;NixSrv Service;c:\program files\NixSrv\NixSrv.exe;c:\program files\NixSrv\NixSrv.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-08 15:31]
.
2015-08-25 c:\windows\Tasks\InstallShield Update Task.job
- c:\windows\system32\wscript.exe [2014-02-12 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-17 1710568]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-17 2634872]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... RGEH2oe9kf
uDefault_Search_URL = www.google.com
mStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\
FF - prefs.js: browser.startup.homepage - c:\programdata\ExtTags\ff.HP
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{9FD3D761-2B09-DA1A-0229-0248A05B0334} - (no file)
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - c:\program files (x86)\Tencent\QQPCMgr\10.10.16443.223\QMGCShellExt64.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
.
.
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sidebar.exe pid: 3404 DC: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sidebar.exe pid: 3796 DC: C:]
--
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe pid: 3100 3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe pid: 816 3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG18.00.00.01PROFESSIONAL"="1EF5D26F22C85A9C115E27DBE909A590C185E66B9EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A6171C11EC38DE3DC038D530D6EB3452BA7FD869164D679400D9220F5EC9E3796850F05686EE3F993BE39A095390B734E792CCA90E4244E24F5256A4633F6FC538B8467EBDD5184F13A44D9DF4E48909150A7BA0465E5377913FC4C425EB7C87B9DEDD5CD612078818BDE0D4DA6B3CC46BE8C64E2D775093473F32405070CF918B8B0332293A63DC24BDC4012A565E5D24A764B6D4F51FADA45536EB0310BF017EEAD247808B9926459ABCFA7C7B90922AA2DAE1446AB40693E6BEA2CF303833978B3FE41DE4AA833FABDE1E5ED186629D9D065E74831D1BAEBE0C41BE5DB8C990DF0DDB344C295908AE1549D0780D90503B96BB549874B2478CB3A94AC5542BD741D87D6CE6BE4E49C21FDF492FFE28CC858F0FC3A4EE5761601EC161BAB0020F690DA0E181274D63EB11CBAFDACD71CBEAC7701B43D155B63207F2E7360BBB0AF86D20A50E338567144EF5E2037F003E3D6DFDA4B878BCB25C012BB3D0B10AD3728E5A3B1E47EA9B8794503257ACA4C6AF7E569BE8CF64F51C6FDB10CA096429BCDB3199695A337B75F14DE32783FA3D5ECE1EB45F5A6456168B7A3C068705FCA5918DAECD7AD9357348E3AFE743DC2E44070015C9AE9ADACD6201EB0AB768F25A4358584AC61FABF84F11C4B1436AD744A127D6F877274030D3ECC401B952E4EED4006D02738575E21154C1C16D092EA370C408E37270788996BFE3BA41C7E05A0178B2BD49D35C726DB0BC7A3CE0D78A158D2AA3729F268E317F55A9159329F854B7E66924165FC9962DBE5E43DCB208883933765CA0A2D381351F6511C4B10AB2383814751B30F29258C41727AE4D0D96060E3E2DA4FAD4B86F36A7A2AB25AFCFF7CC72BF74B65BBC3F40F1A048696EDEB3988070A26D6FD9BF074FCFDEE07337FBB9DB1CFB0DD0C47515E07D6480E5540725E7495172E5C0BA6F61AD3A763EC5480E4C37CA010A2C149D761FFD3D113F47F842EDB02FDE177BC20268D82AE12D69C76450C1161DCA3526EDFA54FEF03D43CD02A97F81E4DE1EC8FD3EA0F78FF26D5B68BD028209C9F9EF23996C5A6B3A4BD1BA5943F9E5EDC5BB4484B30BE0F1E5313E6574302D2A853095988E164A7D3328A8EF465CB56B96CA65210046CFD7EA25F3C4C2BD4DBC7F8F6C2A47AE391ED3E529F315A28854BB981B0F31BEBBA5968737EB5D7E122913AAEF126551CA060B153D008078797AE23D3FDEB93DE830879B5EFEF678876970138C2AFEE3F4F636B48CC11EBD8881BB43D033D0C1FDA3E01ADE3786671F4E4B4ED25FE97D8F043EB5DF7AC60816637E2AF14370FA86FB482F575FC738ACF75B54F83444E7D915"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\programdata\ExtTag\TreeRanlux.exe
.
**************************************************************************
.
Celkový čas: 2015-08-27 18:47:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-27 16:47
.
Před spuštěním: Volných bajtů: 422 163 849 216
Po spuštění: Volných bajtů: 421 538 332 672
.
- - End Of File - - E64066DECE8245DD0320F30F38556870
A36C5E4F47E84449FF07ED3517B43A31

[Orcus]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::
KillAll::
Collect::
c:\windows\SysWow64\dvttrn.dll
c:\programdata\ExtTag\Touchranplus.dll

File::
c:\windows\SysWow64\dvttrn.dll
c:\programdata\ExtTag\Touchranplus.dll



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.




- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[bobsch2]

ComboFix 15-08-24.01 - Admin 29.08.2015 9:23.2.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.4095.2455 [GMT 2:00]
Spuštěný z: c:\users\Admin\Desktop\Sprßva PC\LiÜtýnÝ PC od havýti\ComboFix.exe
Použité ovládací přepínače :: c:\users\Admin\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\ExtTag\Touchranplus.dll"
"c:\windows\SysWow64\dvttrn.dll"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Local Settings\Temp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-28 do 2015-08-29 )))))))))))))))))))))))))))))))
.
.
2015-08-29 07:35 . 2015-08-29 07:35 -------- d-----w- c:\users\Spravce\AppData\Local\temp
2015-08-29 07:35 . 2015-08-29 07:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-29 07:35 . 2015-08-29 07:35 -------- d-----w- c:\users\OutputFolder\AppData\Local\temp
2015-08-29 07:35 . 2015-08-29 07:35 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2015-08-29 07:35 . 2015-08-29 07:35 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-08-29 07:35 . 2015-08-29 07:35 -------- d-----w- c:\users\Downloads\AppData\Local\temp
2015-08-29 07:35 . 2015-08-29 07:35 -------- d-----w- c:\users\Documents and Settings\AppData\Local\temp
2015-08-29 07:35 . 2015-08-29 07:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-29 07:35 . 2015-08-29 07:35 -------- d-----w- c:\users\Arnochtomag\AppData\Local\temp
2015-08-29 07:35 . 2015-08-29 07:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-29 07:14 . 2015-08-29 07:39 -------- d-----w- c:\programdata\ExtTag
2015-08-27 16:57 . 2015-08-27 16:57 -------- d-----w- c:\users\Admin\AppData\Local\bitComposer
2015-08-26 13:30 . 2015-08-26 13:08 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-26 13:30 . 2015-08-29 07:35 -------- d-----w- c:\users\Admin\AppData\Local\Temp
2015-08-25 13:00 . 2015-08-25 13:00 -------- d-----w- C:\Steam
2015-08-25 07:43 . 2015-08-25 09:41 -------- d-----w- c:\users\Admin\AppData\Roaming\DarkSoulsII
2015-08-25 07:25 . 2015-08-28 20:25 -------- d-----w- c:\program files (x86)\Dark Souls 2
2015-08-24 14:58 . 2015-08-24 15:03 -------- d-----w- c:\program files (x86)\1E007420-1440428285-1100-5FCD-001E8C545F1D
2015-08-24 14:57 . 2015-08-24 16:57 -------- d-----w- c:\program files\NixSrv
2015-08-24 14:54 . 2015-08-25 06:32 -------- d-----w- c:\programdata\update
2015-08-24 11:51 . 2015-08-28 17:55 -------- d-----w- c:\program files (x86)\Air Conflicts Vietnam
2015-08-24 11:40 . 2015-08-27 17:28 -------- d-----w- c:\program files (x86)\Air Conflicts - Pacific Carriers
2015-08-23 13:29 . 2015-08-23 13:33 -------- d-----w- c:\program files (x86)\il-2 sturmovik cliffs of dover
2015-08-23 10:56 . 2015-08-23 10:56 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2015-08-23 10:56 . 2015-08-23 10:56 1227264 ----a-w- c:\windows\SysWow64\dx8vb.dll
2015-08-23 10:53 . 2015-08-24 11:35 -------- d-----w- c:\program files (x86)\IL-2 Sturmovik 1946
2015-08-21 08:18 . 2015-08-21 08:18 -------- d-----w- c:\users\Admin\AppData\Roaming\15x7R1nv2QRKdhzE
2015-08-21 07:20 . 2015-08-21 07:20 14800 ----a-w- c:\windows\WiseHDInfo64.dll
2015-08-21 07:14 . 2015-01-10 13:32 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2015-08-21 07:14 . 2014-06-04 13:17 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2015-08-21 01:00 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-21 01:00 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-21 01:00 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-20 22:41 . 2015-08-21 08:33 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-08-20 18:14 . 2015-08-07 04:22 573048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-08-20 17:55 . 2015-08-11 04:52 69416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-08-20 17:55 . 2015-08-11 04:52 50472 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-08-20 13:37 . 2015-08-20 13:37 -------- d-----w- c:\users\Admin\AppData\Local\O&O
2015-08-20 13:34 . 2015-08-20 16:28 -------- d-----w- c:\windows\system32\oodag
2015-08-20 13:31 . 2015-08-20 13:31 -------- d-----w- c:\programdata\OO Software
2015-08-20 01:19 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-20 01:19 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-19 20:37 . 2015-08-19 20:37 -------- d-----w- c:\users\Admin\AppData\Roaming\Ubisoft
2015-08-19 19:29 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-19 19:29 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-19 19:29 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-19 19:29 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-19 19:29 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-19 19:29 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-19 19:29 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-19 19:29 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-19 19:27 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-19 19:27 . 2015-07-10 17:51 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-08-19 19:27 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-19 19:27 . 2015-07-10 17:51 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-08-19 19:27 . 2015-07-10 17:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-19 19:27 . 2015-07-10 17:33 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-19 19:27 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-19 19:21 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-19 19:21 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-08-19 19:21 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-08-19 19:21 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-08-19 19:21 . 2015-07-15 03:19 2004992 ----a-w- c:\windows\system32\msxml6.dll
2015-08-19 19:21 . 2015-07-15 03:19 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-19 19:21 . 2015-07-15 03:14 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-19 19:21 . 2015-07-15 03:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-19 19:21 . 2015-07-15 02:55 1390592 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-19 19:21 . 2015-07-15 02:55 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-19 19:21 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-19 19:21 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-19 19:19 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-19 19:19 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe
2015-08-19 19:19 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-19 19:16 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-08-06 11:01 . 2015-08-06 22:48 -------- d-----w- c:\users\Admin\AppData\Roaming\Mount&Blade With Fire and Sword
2015-08-06 10:51 . 2015-08-28 20:26 -------- d-----w- c:\program files (x86)\Mount&Blade With Fire and Sword
2015-08-05 18:08 . 2015-08-29 07:35 -------- d-----w- c:\programdata\Local Settings
2015-08-05 18:07 . 2015-08-28 17:52 -------- d-----w- c:\users\Admin\AppData\Roaming\Microsoft Visual
2015-08-05 08:02 . 2015-08-05 08:02 -------- d-----w- c:\users\Admin\AppData\Local\Sniper Elite Nazi Zombie Army 2
2015-08-05 08:02 . 2015-08-05 08:02 -------- d-----w- c:\users\Admin\AppData\Local\EMU
2015-08-02 17:43 . 2015-08-02 17:44 -------- d-----w- c:\users\Admin\AppData\Roaming\Mount&Blade Warband
2015-08-02 17:43 . 2015-08-02 17:43 -------- d-----w- c:\programdata\SkidRow
2015-08-02 17:17 . 2015-08-02 17:17 -------- d-----w- c:\program files (x86)\TaleWorlds Entertainment
2015-08-01 19:42 . 2015-08-02 10:48 -------- d-----w- c:\users\Admin\AppData\Local\Sniper Elite Nazi Zombie Army
2015-08-01 19:42 . 2015-08-01 19:42 -------- d-----w- c:\users\Admin\AppData\Local\FLT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-29 06:50 . 2014-04-11 12:34 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-28 19:54 . 2014-05-06 11:24 1170432 ------w- c:\windows\SysWow64\dvttrn.dll
2015-08-26 11:40 . 2014-04-11 12:34 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-24 15:31 . 2013-05-19 10:12 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-24 15:31 . 2013-05-19 10:12 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-23 10:56 . 2000-05-22 12:58 608448 ----a-w- c:\windows\SysWow64\COMCTL32.OCX
2015-08-20 00:55 . 2012-07-11 11:07 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-19 21:17 . 2014-08-02 18:12 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-08-19 21:17 . 2012-08-07 15:09 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-08-19 20:47 . 2014-07-27 19:43 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-08-17 23:30 . 2014-07-30 20:51 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-17 23:30 . 2013-12-24 15:04 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-17 23:29 . 2014-07-30 20:51 1756608 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-17 23:29 . 2013-12-24 15:04 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-11 04:52 . 2014-07-30 20:46 72504 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-08-07 11:06 . 2015-02-19 09:18 3106384 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-08-07 11:06 . 2015-02-19 09:18 12513288 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-08-07 11:06 . 2012-10-10 20:23 3518248 ----a-w- c:\windows\system32\nvapi64.dll
2015-08-07 11:06 . 2012-10-10 20:23 17124832 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-08-07 04:34 . 2012-11-18 00:29 2558768 ----a-w- c:\windows\system32\nvsvcr.dll
2015-08-07 04:34 . 2012-09-02 19:16 62768 ----a-w- c:\windows\system32\nvshext.dll
2015-08-07 04:34 . 2012-09-02 19:16 937592 ----a-w- c:\windows\system32\nvvsvc.exe
2015-08-07 04:34 . 2012-09-02 19:16 385328 ----a-w- c:\windows\system32\nvmctray.dll
2015-08-07 04:34 . 2012-09-02 19:16 6883448 ----a-w- c:\windows\system32\nvcpl.dll
2015-08-07 04:34 . 2012-09-02 19:16 3492144 ----a-w- c:\windows\system32\nvsvc64.dll
2015-08-03 10:12 . 2015-02-19 09:20 5133709 ----a-w- c:\windows\system32\nvcoproc.bin
2015-07-15 18:10 . 2015-08-19 19:28 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-19 19:28 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-19 19:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-11 18:53 . 2015-07-11 12:09 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-04 18:07 . 2015-07-15 17:13 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 17:13 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 23:29 . 2015-06-23 23:29 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-18 06:41 . 2014-04-11 12:34 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-04-11 12:34 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 17:14 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 17:14 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-15 17:13 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 17:13 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 17:13 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 17:13 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:45 . 2015-07-15 17:13 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:44 . 2015-07-15 17:13 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 17:13 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 17:13 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 17:13 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 17:13 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 17:13 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 17:13 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-12 07:50 . 2015-06-30 11:46 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0320D7E-B163-47CF-A622-67D1393627FB}\mpengine.dll
2015-06-11 17:56 . 2015-07-15 17:12 1112576 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-11 17:16 . 2015-07-15 17:12 162816 ----a-w- c:\windows\system32\rdpudd.dll
2015-06-11 17:15 . 2015-07-15 17:12 20992 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-06-08 12:13 . 2015-07-08 20:33 428880 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-06-02 00:07 . 2015-07-15 17:14 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 17:14 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2014-11-19 1092448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MS VISUAL PRO.lnk - c:\users\Admin\AppData\Roaming\Microsoft Visual\VFP6.exe [2015-8-28 360448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OnTranslator.lnk - c:\program files (x86)\OnTranslator.com\OnTranslator.exe /h [2015-7-27 1110016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\programdata\ExtTag\StrongCof.dll
.
R1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys;c:\windows\SYSNATIVE\drivers\ArcCtrl.sys [x]
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys;c:\windows\SYSNATIVE\drivers\archlp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WiseHDInfo;WiseHDInfo;c:\windows\WiseHDInfo64.dll;c:\windows\WiseHDInfo64.dll [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk64.sys;c:\windows\SYSNATIVE\drivers\elrawdsk64.sys [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2014/06/08 19:50];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ExtTag;ExtTag;c:\programdata\ExtTag\ExtTag.exe;c:\programdata\ExtTag\ExtTag.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NixSrv;NixSrv Service;c:\program files\NixSrv\NixSrv.exe;c:\program files\NixSrv\NixSrv.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-08 15:31]
.
2015-08-25 c:\windows\Tasks\InstallShield Update Task.job
- c:\windows\system32\wscript.exe [2014-02-12 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.QMDeskTopGCIcon]
@="{B7667919-3765-4815-A66D-98A09BE662D6}"
[HKEY_CLASSES_ROOT\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]
c:\program files (x86)\Tencent\QQPCMgr\10.10.16443.223\QMGCShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-17 1710568]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-17 2634872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\programdata\ExtTag\Indigotip.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... Kzi21J0JLf
uDefault_Search_URL = www.google.com
mStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\
FF - prefs.js: browser.startup.homepage - c:\programdata\ExtTags\ff.HP
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{9FD3D761-2B09-DA1A-0229-0248A05B0334} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
.
.
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sidebar.exe pid: 3404 DC: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sidebar.exe pid: 3796 DC: C:]
--
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe pid: 3100 3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe pid: 816 3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG18.00.00.01PROFESSIONAL"="1EF5D26F22C85A9C115E27DBE909A590C185E66B9EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A6171C11EC38DE3DC038D530D6EB3452BA7FD869164D679400D9220F5EC9E3796850F05686EE3F993BE39A095390B734E792CCA90E4244E24F5256A4633F6FC538B8467EBDD5184F13A44D9DF4E48909150A7BA0465E5377913FC4C425EB7C87B9DEDD5CD612078818BDE0D4DA6B3CC46BE8C64E2D775093473F32405070CF918B8B0332293A63DC24BDC4012A565E5D24A764B6D4F51FADA45536EB0310BF017EEAD247808B9926459ABCFA7C7B90922AA2DAE1446AB40693E6BEA2CF303833978B3FE41DE4AA833FABDE1E5ED186629D9D065E74831D1BAEBE0C41BE5DB8C990DF0DDB344C295908AE1549D0780D90503B96BB549874B2478CB3A94AC5542BD741D87D6CE6BE4E49C21FDF492FFE28CC858F0FC3A4EE5761601EC161BAB0020F690DA0E181274D63EB11CBAFDACD71CBEAC7701B43D155B63207F2E7360BBB0AF86D20A50E338567144EF5E2037F003E3D6DFDA4B878BCB25C012BB3D0B10AD3728E5A3B1E47EA9B8794503257ACA4C6AF7E569BE8CF64F51C6FDB10CA096429BCDB3199695A337B75F14DE32783FA3D5ECE1EB45F5A6456168B7A3C068705FCA5918DAECD7AD9357348E3AFE743DC2E44070015C9AE9ADACD6201EB0AB768F25A4358584AC61FABF84F11C4B1436AD744A127D6F877274030D3ECC401B952E4EED4006D02738575E21154C1C16D092EA370C408E37270788996BFE3BA41C7E05A0178B2BD49D35C726DB0BC7A3CE0D78A158D2AA3729F268E317F55A9159329F854B7E66924165FC9962DBE5E43DCB208883933765CA0A2D381351F6511C4B10AB2383814751B30F29258C41727AE4D0D96060E3E2DA4FAD4B86F36A7A2AB25AFCFF7CC72BF74B65BBC3F40F1A048696EDEB3988070A26D6FD9BF074FCFDEE07337FBB9DB1CFB0DD0C47515E07D6480E5540725E7495172E5C0BA6F61AD3A763EC5480E4C37CA010A2C149D761FFD3D113F47F842EDB02FDE177BC20268D82AE12D69C76450C1161DCA3526EDFA54FEF03D43CD02A97F81E4DE1EC8FD3EA0F78FF26D5B68BD028209C9F9EF23996C5A6B3A4BD1BA5943F9E5EDC5BB4484B30BE0F1E5313E6574302D2A853095988E164A7D3328A8EF465CB56B96CA65210046CFD7EA25F3C4C2BD4DBC7F8F6C2A47AE391ED3E529F315A28854BB981B0F31BEBBA5968737EB5D7E122913AAEF126551CA060B153D008078797AE23D3FDEB93DE830879B5EFEF678876970138C2AFEE3F4F636B48CC11EBD8881BB43D033D0C1FDA3E01ADE3786671F4E4B4ED25FE97D8F043EB5DF7AC60816637E2AF14370FA86FB482F575FC738ACF75B54F83444E7D915"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\programdata\ExtTag\DentoTam.exe
.
**************************************************************************
.
Celkový čas: 2015-08-29 10:06:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-29 08:06
ComboFix2.txt 2015-08-27 16:47
.
Před spuštěním: Volných bajtů: 435 511 394 304
Po spuštění: Volných bajtů: 434 785 157 120
.
- - End Of File - - D86C1D7D3300B6CCE3C54917F5850E79
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

Odinstaluj:
SpyHunter 4


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
Collect::
c:\users\Admin\AppData\Roaming\15x7R1nv2QRKdhzE\TIenFBdZL82s.exe

File::
c:\windows\SysWow64\dvttrn.dll
c:\programdata\ExtTag\Touchranplus.dll
c:\windows\Tasks\InstallShield Update Task.job

Folder::
c:\users\Admin\AppData\Roaming\15x7R1nv2QRKdhzE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[bobsch2]

ComboFix 15-08-24.01 - Admin 29.08.2015 12:12:24.3.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.4095.2473 [GMT 2:00]
Spuštěný z: c:\users\Admin\Desktop\Sprßva PC\LiÜtýnÝ PC od havýti\ComboFix.exe
Použité ovládací přepínače :: c:\users\Admin\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\ExtTag\Touchranplus.dll"
"c:\windows\SysWow64\dvttrn.dll"
"c:\windows\Tasks\InstallShield Update Task.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\15x7R1nv2QRKdhzE
c:\users\Admin\AppData\Roaming\15x7R1nv2QRKdhzE\TIenFBdZL82s.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-28 do 2015-08-29 )))))))))))))))))))))))))))))))
.
.
2015-08-29 10:19 . 2015-08-29 10:19 -------- d-----w- c:\users\Spravce\AppData\Local\temp
2015-08-29 10:19 . 2015-08-29 10:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-29 10:19 . 2015-08-29 10:19 -------- d-----w- c:\users\OutputFolder\AppData\Local\temp
2015-08-29 10:19 . 2015-08-29 10:19 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2015-08-29 10:19 . 2015-08-29 10:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-08-29 10:19 . 2015-08-29 10:19 -------- d-----w- c:\users\Downloads\AppData\Local\temp
2015-08-29 10:19 . 2015-08-29 10:19 -------- d-----w- c:\users\Documents and Settings\AppData\Local\temp
2015-08-29 10:19 . 2015-08-29 10:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-29 10:19 . 2015-08-29 10:19 -------- d-----w- c:\users\Arnochtomag\AppData\Local\temp
2015-08-29 10:19 . 2015-08-29 10:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-29 07:14 . 2015-08-29 22:50 -------- d-----w- c:\programdata\ExtTag
2015-08-27 16:57 . 2015-08-27 16:57 -------- d-----w- c:\users\Admin\AppData\Local\bitComposer
2015-08-26 13:30 . 2015-08-26 13:08 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-26 13:30 . 2015-08-29 10:19 -------- d-----w- c:\users\Admin\AppData\Local\Temp
2015-08-25 13:00 . 2015-08-25 13:00 -------- d-----w- C:\Steam
2015-08-25 07:43 . 2015-08-25 09:41 -------- d-----w- c:\users\Admin\AppData\Roaming\DarkSoulsII
2015-08-25 07:25 . 2015-08-28 20:25 -------- d-----w- c:\program files (x86)\Dark Souls 2
2015-08-24 14:58 . 2015-08-24 15:03 -------- d-----w- c:\program files (x86)\1E007420-1440428285-1100-5FCD-001E8C545F1D
2015-08-24 14:57 . 2015-08-24 16:57 -------- d-----w- c:\program files\NixSrv
2015-08-24 14:54 . 2015-08-25 06:32 -------- d-----w- c:\programdata\update
2015-08-24 11:51 . 2015-08-28 17:55 -------- d-----w- c:\program files (x86)\Air Conflicts Vietnam
2015-08-24 11:40 . 2015-08-27 17:28 -------- d-----w- c:\program files (x86)\Air Conflicts - Pacific Carriers
2015-08-23 13:29 . 2015-08-23 13:33 -------- d-----w- c:\program files (x86)\il-2 sturmovik cliffs of dover
2015-08-23 10:56 . 2015-08-23 10:56 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2015-08-23 10:56 . 2015-08-23 10:56 1227264 ----a-w- c:\windows\SysWow64\dx8vb.dll
2015-08-23 10:53 . 2015-08-24 11:35 -------- d-----w- c:\program files (x86)\IL-2 Sturmovik 1946
2015-08-21 07:20 . 2015-08-21 07:20 14800 ----a-w- c:\windows\WiseHDInfo64.dll
2015-08-21 07:14 . 2015-01-10 13:32 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2015-08-21 07:14 . 2014-06-04 13:17 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2015-08-21 01:00 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-21 01:00 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-21 01:00 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-20 22:41 . 2015-08-21 08:33 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-08-20 18:14 . 2015-08-07 04:22 573048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-08-20 17:55 . 2015-08-11 04:52 69416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-08-20 17:55 . 2015-08-11 04:52 50472 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-08-20 13:37 . 2015-08-20 13:37 -------- d-----w- c:\users\Admin\AppData\Local\O&O
2015-08-20 13:34 . 2015-08-20 16:28 -------- d-----w- c:\windows\system32\oodag
2015-08-20 13:31 . 2015-08-20 13:31 -------- d-----w- c:\programdata\OO Software
2015-08-20 01:19 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-20 01:19 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-19 20:37 . 2015-08-19 20:37 -------- d-----w- c:\users\Admin\AppData\Roaming\Ubisoft
2015-08-19 19:29 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-19 19:29 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-19 19:29 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-19 19:29 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-19 19:29 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-19 19:29 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-19 19:29 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-19 19:29 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-19 19:27 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-19 19:27 . 2015-07-10 17:51 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-08-19 19:27 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-19 19:27 . 2015-07-10 17:51 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-08-19 19:27 . 2015-07-10 17:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-19 19:27 . 2015-07-10 17:33 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-19 19:27 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-19 19:21 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-19 19:21 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-08-19 19:21 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-08-19 19:21 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-08-19 19:21 . 2015-07-15 03:19 2004992 ----a-w- c:\windows\system32\msxml6.dll
2015-08-19 19:21 . 2015-07-15 03:19 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-19 19:21 . 2015-07-15 03:14 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-19 19:21 . 2015-07-15 03:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-19 19:21 . 2015-07-15 02:55 1390592 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-19 19:21 . 2015-07-15 02:55 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-19 19:21 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-19 19:21 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-19 19:19 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-19 19:19 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe
2015-08-19 19:19 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-19 19:16 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-08-06 11:01 . 2015-08-06 22:48 -------- d-----w- c:\users\Admin\AppData\Roaming\Mount&Blade With Fire and Sword
2015-08-06 10:51 . 2015-08-28 20:26 -------- d-----w- c:\program files (x86)\Mount&Blade With Fire and Sword
2015-08-05 18:08 . 2015-08-29 07:35 -------- d-----w- c:\programdata\Local Settings
2015-08-05 18:07 . 2015-08-28 17:52 -------- d-----w- c:\users\Admin\AppData\Roaming\Microsoft Visual
2015-08-05 08:02 . 2015-08-05 08:02 -------- d-----w- c:\users\Admin\AppData\Local\Sniper Elite Nazi Zombie Army 2
2015-08-05 08:02 . 2015-08-05 08:02 -------- d-----w- c:\users\Admin\AppData\Local\EMU
2015-08-02 17:43 . 2015-08-02 17:44 -------- d-----w- c:\users\Admin\AppData\Roaming\Mount&Blade Warband
2015-08-02 17:43 . 2015-08-02 17:43 -------- d-----w- c:\programdata\SkidRow
2015-08-02 17:17 . 2015-08-02 17:17 -------- d-----w- c:\program files (x86)\TaleWorlds Entertainment
2015-08-01 19:42 . 2015-08-02 10:48 -------- d-----w- c:\users\Admin\AppData\Local\Sniper Elite Nazi Zombie Army
2015-08-01 19:42 . 2015-08-01 19:42 -------- d-----w- c:\users\Admin\AppData\Local\FLT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-29 10:06 . 2014-04-11 12:34 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-28 19:54 . 2014-05-06 11:24 1170432 ------w- c:\windows\SysWow64\dvttrn.dll
2015-08-26 11:40 . 2014-04-11 12:34 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-24 15:31 . 2013-05-19 10:12 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-24 15:31 . 2013-05-19 10:12 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-23 10:56 . 2000-05-22 12:58 608448 ----a-w- c:\windows\SysWow64\COMCTL32.OCX
2015-08-20 00:55 . 2012-07-11 11:07 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-19 21:17 . 2014-08-02 18:12 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-08-19 21:17 . 2012-08-07 15:09 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-08-19 20:47 . 2014-07-27 19:43 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-08-17 23:30 . 2014-07-30 20:51 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-17 23:30 . 2013-12-24 15:04 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-17 23:29 . 2014-07-30 20:51 1756608 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-17 23:29 . 2013-12-24 15:04 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-11 04:52 . 2014-07-30 20:46 72504 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-08-07 11:06 . 2015-02-19 09:18 3106384 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-08-07 11:06 . 2015-02-19 09:18 12513288 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-08-07 11:06 . 2012-10-10 20:23 3518248 ----a-w- c:\windows\system32\nvapi64.dll
2015-08-07 11:06 . 2012-10-10 20:23 17124832 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-08-07 04:34 . 2012-11-18 00:29 2558768 ----a-w- c:\windows\system32\nvsvcr.dll
2015-08-07 04:34 . 2012-09-02 19:16 62768 ----a-w- c:\windows\system32\nvshext.dll
2015-08-07 04:34 . 2012-09-02 19:16 937592 ----a-w- c:\windows\system32\nvvsvc.exe
2015-08-07 04:34 . 2012-09-02 19:16 385328 ----a-w- c:\windows\system32\nvmctray.dll
2015-08-07 04:34 . 2012-09-02 19:16 6883448 ----a-w- c:\windows\system32\nvcpl.dll
2015-08-07 04:34 . 2012-09-02 19:16 3492144 ----a-w- c:\windows\system32\nvsvc64.dll
2015-08-03 10:12 . 2015-02-19 09:20 5133709 ----a-w- c:\windows\system32\nvcoproc.bin
2015-07-15 18:10 . 2015-08-19 19:28 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-19 19:28 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-19 19:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-11 18:53 . 2015-07-11 12:09 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-04 18:07 . 2015-07-15 17:13 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 17:13 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 23:29 . 2015-06-23 23:29 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-18 06:41 . 2014-04-11 12:34 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-04-11 12:34 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 17:14 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 17:14 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-15 17:13 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 17:13 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 17:13 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 17:13 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:45 . 2015-07-15 17:13 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:44 . 2015-07-15 17:13 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 17:13 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 17:13 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 17:13 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 17:13 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 17:13 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 17:13 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-12 07:50 . 2015-06-30 11:46 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0320D7E-B163-47CF-A622-67D1393627FB}\mpengine.dll
2015-06-11 17:56 . 2015-07-15 17:12 1112576 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-11 17:16 . 2015-07-15 17:12 162816 ----a-w- c:\windows\system32\rdpudd.dll
2015-06-11 17:15 . 2015-07-15 17:12 20992 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-06-08 12:13 . 2015-07-08 20:33 428880 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-06-02 00:07 . 2015-07-15 17:14 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 17:14 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2014-11-19 1092448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MS VISUAL PRO.lnk - c:\users\Admin\AppData\Roaming\Microsoft Visual\VFP6.exe [2015-8-28 360448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OnTranslator.lnk - c:\program files (x86)\OnTranslator.com\OnTranslator.exe /h [2015-7-27 1110016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys;c:\windows\SYSNATIVE\drivers\ArcCtrl.sys [x]
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys;c:\windows\SYSNATIVE\drivers\archlp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WiseHDInfo;WiseHDInfo;c:\windows\WiseHDInfo64.dll;c:\windows\WiseHDInfo64.dll [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk64.sys;c:\windows\SYSNATIVE\drivers\elrawdsk64.sys [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2014/06/08 19:50];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ExtTag;ExtTag;c:\programdata\ExtTag\ExtTag.exe;c:\programdata\ExtTag\ExtTag.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NixSrv;NixSrv Service;c:\program files\NixSrv\NixSrv.exe;c:\program files\NixSrv\NixSrv.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-08 15:31]
.
2015-08-29 c:\windows\Tasks\InstallShield Update Task.job
- c:\windows\system32\wscript.exe [2014-02-12 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.QMDeskTopGCIcon]
@="{B7667919-3765-4815-A66D-98A09BE662D6}"
[HKEY_CLASSES_ROOT\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]
c:\program files (x86)\Tencent\QQPCMgr\10.10.16443.223\QMGCShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-17 1710568]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-17 2634872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\programdata\ExtTag\Indigotip.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... Kzi21J0JLf
uDefault_Search_URL = www.google.com
mStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\
FF - prefs.js: browser.startup.homepage - c:\programdata\ExtTags\ff.HP
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{9FD3D761-2B09-DA1A-0229-0248A05B0334} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
.
.
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sidebar.exe pid: 3404 DC: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sidebar.exe pid: 3796 DC: C:]
--
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe pid: 3100 3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFHost.exe pid: 816 3C: C:]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG18.00.00.01PROFESSIONAL"="1EF5D26F22C85A9C115E27DBE909A590C185E66B9EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A6171C11EC38DE3DC038D530D6EB3452BA7FD869164D679400D9220F5EC9E3796850F05686EE3F993BE39A095390B734E792CCA90E4244E24F5256A4633F6FC538B8467EBDD5184F13A44D9DF4E48909150A7BA0465E5377913FC4C425EB7C87B9DEDD5CD612078818BDE0D4DA6B3CC46BE8C64E2D775093473F32405070CF918B8B0332293A63DC24BDC4012A565E5D24A764B6D4F51FADA45536EB0310BF017EEAD247808B9926459ABCFA7C7B90922AA2DAE1446AB40693E6BEA2CF303833978B3FE41DE4AA833FABDE1E5ED186629D9D065E74831D1BAEBE0C41BE5DB8C990DF0DDB344C295908AE1549D0780D90503B96BB549874B2478CB3A94AC5542BD741D87D6CE6BE4E49C21FDF492FFE28CC858F0FC3A4EE5761601EC161BAB0020F690DA0E181274D63EB11CBAFDACD71CBEAC7701B43D155B63207F2E7360BBB0AF86D20A50E338567144EF5E2037F003E3D6DFDA4B878BCB25C012BB3D0B10AD3728E5A3B1E47EA9B8794503257ACA4C6AF7E569BE8CF64F51C6FDB10CA096429BCDB3199695A337B75F14DE32783FA3D5ECE1EB45F5A6456168B7A3C068705FCA5918DAECD7AD9357348E3AFE743DC2E44070015C9AE9ADACD6201EB0AB768F25A4358584AC61FABF84F11C4B1436AD744A127D6F877274030D3ECC401B952E4EED4006D02738575E21154C1C16D092EA370C408E37270788996BFE3BA41C7E05A0178B2BD49D35C726DB0BC7A3CE0D78A158D2AA3729F268E317F55A9159329F854B7E66924165FC9962DBE5E43DCB208883933765CA0A2D381351F6511C4B10AB2383814751B30F29258C41727AE4D0D96060E3E2DA4FAD4B86F36A7A2AB25AFCFF7CC72BF74B65BBC3F40F1A048696EDEB3988070A26D6FD9BF074FCFDEE07337FBB9DB1CFB0DD0C47515E07D6480E5540725E7495172E5C0BA6F61AD3A763EC5480E4C37CA010A2C149D761FFD3D113F47F842EDB02FDE177BC20268D82AE12D69C76450C1161DCA3526EDFA54FEF03D43CD02A97F81E4DE1EC8FD3EA0F78FF26D5B68BD028209C9F9EF23996C5A6B3A4BD1BA5943F9E5EDC5BB4484B30BE0F1E5313E6574302D2A853095988E164A7D3328A8EF465CB56B96CA65210046CFD7EA25F3C4C2BD4DBC7F8F6C2A47AE391ED3E529F315A28854BB981B0F31BEBBA5968737EB5D7E122913AAEF126551CA060B153D008078797AE23D3FDEB93DE830879B5EFEF678876970138C2AFEE3F4F636B48CC11EBD8881BB43D033D0C1FDA3E01ADE3786671F4E4B4ED25FE97D8F043EB5DF7AC60816637E2AF14370FA86FB482F575FC738ACF75B54F83444E7D915"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\programdata\ExtTag\DentoTam.exe
.
**************************************************************************
.
Celkový čas: 2015-08-30 01:02:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-29 23:02
ComboFix2.txt 2015-08-29 08:06
ComboFix3.txt 2015-08-27 16:47
.
Před spuštěním: Volných bajtů: 434 740 187 136
Po spuštění: Volných bajtů: 434 624 770 048
.
- - End Of File - - D18BF0711F038FAB0A68D152F3DF8734
A36C5E4F47E84449FF07ED3517B43A31