Prosim o kontrolu logu Vyřešeno

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Reklama]

[Yelkinson]

RogueKiller V11.0.7.0 [Jan 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : xXx [Práva správce]
Started from : F:\Program Files\RogueKiller\RogueKiller.exe
Mód : Smazat -- Datum : 01/13/2016 16:06:13

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Pandora.TV -> Smazáno
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CREATE[0] : Unknown @ 0xffffffff8596c1f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CLOSE[2] : Unknown @ 0xffffffff8596c1f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xffffffff8596c1f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xffffffff8596c1f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_POWER[22] : Unknown @ 0xffffffff8596c1f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xffffffff8596c1f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_PNP[27] : Unknown @ 0xffffffff8596c1f8

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] pm06ttbe.default : user_pref("browser.startup.homepage", "http://seznam.cz/"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] 563c9f70c6385da28fd02d48c1de72f5
[BSP] f12d1e0844ff7257f4238a4d6981cc9d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[Yelkinson]

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by xXx on st 13.01.2016 at 16:08:17,87.

Running in: Normal Mode Internet Access Detected
Launched: F:\Users\xXx\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

F:\Program Files\Common Files\SolidWorks Shared deleted successfully
F:\PROGRA~2\CanonEPP deleted successfully
F:\PROGRA~2\CanonIJEPPEX2 deleted successfully
F:\Users\xXx\AppData\Roaming\MPC-HC deleted successfully
F:\Users\xXx\AppData\Local\LG Electronics deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{075FB1A5-A992-41D0-9320-8C00A2BE5DE9} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14E4D556-DEC8-4F65-9854-2D00434EDA3E} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{172C21D4-188D-4550-85C5-3F7C947CC8D3} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BB8866D-67E0-427B-8057-FF91FA050DC9} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3250B95B-4972-4653-8CBB-D9EED2DC189A} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5699BCA0-2EEE-4FDC-B812-4A9EF6B4F4B3} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E49BD6-707C-4946-933E-10D7A45E533F} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65E4BE80-67CF-4BD1-B516-7CEF0D174731} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{675BB966-1F0B-4EB9-81AE-8275BDA73DD8} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{678CBE33-04C9-48B5-A20A-124520DC19C7} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77797B33-DCB5-4615-BBED-387D67CB0EC0} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79846349-EDBB-4B1A-A4AE-4A176FD26E6D} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4ef9-8EE7-A3C3B7D83BB0} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8130A370-102F-47FF-9E66-6F78CC8F59B8} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{938CEFB0-6DE4-431E-814C-89C8445A7DFF} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93E42B33-5B8A-443B-ADA8-CEE28D3335AA} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96420514-7614-4081-B77A-012607049265} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9848B4AE-DDA9-4435-97CF-55783BE8CE5A} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B206346A-98AC-4E8D-B69C-2C045F16D810} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4B9E08C-5846-4817-865D-6F4EE8A7D7E5} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF1FF83-D72B-46DC-AC26-DEE8D1BD8B3F} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC2949EA-C438-4828-80A7-51AA414FF513} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAFD5B44-1DFD-4AC1-9747-1CD0FFF31D25} deleted successfully
HKEY_USERS\S-1-5-21-4180440179-413253161-2612144775-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9C8C0C5-7258-40BA-B116-7562ED46C54E} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from F:\Users\xXx\AppData\Roaming\Mozilla\Firefox\Profiles\pm06ttbe.default\prefs.js:
user_pref("browser.startup.homepage", "http://seznam.cz/");
user_pref("browser.search.useDBForOrder", true);

Added to F:\Users\xXx\AppData\Roaming\Mozilla\Firefox\Profiles\pm06ttbe.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from F:\Users\xXx\AppData\Roaming\Mozilla\Firefox\Profiles\x0o2ntcq.default\prefs.js:

Added to F:\Users\xXx\AppData\Roaming\Mozilla\Firefox\Profiles\x0o2ntcq.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: F:\Users\xXx\AppData\Roaming\Mozilla\Firefox\Profiles\pm06ttbe.default

user.js not found
---- Lines suggestor removed from prefs.js ----
user_pref("extensions.WinToFlashSuggestor.aid", "10045");
user_pref("extensions.WinToFlashSuggestor.uid", "b50ea6b3a91065ef934884624174563f");
---- FireFox user.js and prefs.js backups ----

prefs_03.02.2015_1911_.backup
prefs_13.01.2016_1620_.backup

ProfilePath: F:\Users\xXx\AppData\Roaming\Mozilla\Firefox\Profiles\x0o2ntcq.default

user.js not found
---- Lines suggestor removed from prefs.js ----
user_pref("extensions.WinToFlashSuggestor.aid", "10045");
user_pref("extensions.WinToFlashSuggestor.uid", "b50ea6b3a91065ef934884624174563f");
---- FireFox user.js and prefs.js backups ----

prefs_13.01.2016_1620_.backup

==== Deleting Files \ Folders ======================

F:\PROGRA~2\Package Cache deleted
F:\Users\xXx\AppData\Local\HWVendorDetection.log deleted
F:\Users\xXx\AppData\Local\Unity deleted
F:\Windows\system32\GroupPolicy\Machine deleted
F:\Windows\system32\GroupPolicy\User deleted
F:\Windows\system32\GroupPolicy\gpt.ini deleted
"F:\Users\xXx\AppData\LocalLow\Unity" deleted

==== Firefox Start and Search pages ======================

ProfilePath: F:\Users\xXx\AppData\Roaming\Mozilla\Firefox\Profiles\pm06ttbe.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: F:\Users\xXx\AppData\Roaming\Mozilla\Firefox\Profiles\x0o2ntcq.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: F:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: F:\Users\xXx\AppData\Roaming\Mozilla\Firefox\Profiles\pm06ttbe.default
E7AC2BFD4928D251DAF1E51176C9EDD0 - F:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat
A30C10E0C3542B7A87FF7D2DFF4C9294 - F:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
3118619EBBA4257109A3FBEE807790F4 - F:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
1B743D5B6FD001660FAB17DD7C347A38 - f:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll - Silverlight Plug-In
E7006BB5611298DBDD03FE3519C19AC2 - F:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25
238F239EAEFF7E3E782913D599084E18 - F:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18
9C06DBC403F91D518ED117E460F03F85 - F:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ
70858ED7836E5C849D33576A84DC8CCF - F:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll - Shockwave Flash
221D0173E441CC841916E7B1B98FDD27 - F:\Program Files\Roblox\Versions\version-7d5a5b16f3354346\NPRobloxProxy.dll - Roblox Launcher Plugin
4F3F6B17B4A5BDB68B3CB0367A2C214E - f:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrlui.dll - Microsoft® Silverlight
4C3339535707992E4DEA0DD8A7CB7F52 - F:\Program Files\Roblox\Versions\version-7d5a5b16f3354346\NPRobloxProxy64.dll - Roblox Launcher Plugin


==== Chromium Look ======================

Google Chrome Version: 37.0.2062.120


mcceagdollnkjlogmdckgjakjapmkdjf - xXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf

==== Chromium Startpages ======================

F:\Users\xXx\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.istartsurf.com/?type=hp&ts=1443206071&z=453041540a758cc85f3b895g4z8z1cfo2ebq4ecm2g&from=cor&uid=wdcxwd5001aals-00l3b2_wd-wcasy631133411334",
"startup_urls": [ "http://www.istartsurf.com/?type=hp&ts=1443206071&z=453041540a758cc85f3b895g4z8z1cfo2ebq4ecm2g&from=cor&uid=wdcxwd5001aals-00l3b2_wd-wcasy631133411334" ],


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130876799441068217&GUID=00000000-0000-0000-0000-000000000000"
"Start Page Before"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130876799441068217&GUID=00000000-0000-0000-0000-000000000000"
"Start Page Before"="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130876799441068217&GUID=00000000-0000-0000-0000-000000000000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
HKCU\SearchScopes\{C358981A-BAF7-4EA7-A441-F8B141DB2093} - http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194

==== Reset Google Chrome ======================

F:\Users\xXx\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
F:\Users\xXx\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
F:\Users\xXx\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully
F:\Users\xXx\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
F:\Users\xXx\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop deleted successfully

==== Empty IE Cache ======================

F:\Users\xXx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
F:\Users\xXx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
F:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
F:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
F:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
F:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

F:\Users\xXx\AppData\Local\Mozilla\Firefox\Profiles\pm06ttbe.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

F:\Users\xXx\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== F:\zoek_backup content ======================

F:\zoek_backup (files=388 folders=188 1952487975 bytes)

==== Empty Temp Folders ======================

F:\Users\Default\AppData\Local\temp emptied successfully
F:\Users\Default User\AppData\Local\temp emptied successfully
F:\Users\xXx\AppData\Local\Temp will be emptied at reboot
F:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
F:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
F:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

F:\Windows\Temp successfully emptied
F:\Users\xXx\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

F:\$RECYCLE.BIN successfully emptied

==== EOF on st 13.01.2016 at 16:25:29,29 ======================

[Yelkinson]

ComboFix 16-01-07.01 - xXx 13.01.2016 16:28:19.2.2 - x86
Spuštěný z: f:\users\xXx\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-13 do 2016-01-13 )))))))))))))))))))))))))))))))
.
.
2016-01-13 15:37 . 2016-01-13 15:37 -------- d-----w- f:\users\Default\AppData\Local\temp
2016-01-13 15:22 . 2016-01-13 15:37 -------- d-----w- f:\users\xXx\AppData\Local\Temp
2016-01-13 15:22 . 2016-01-13 15:08 24064 ----a-w- f:\windows\zoek-delete.exe
2016-01-13 15:08 . 2016-01-13 15:21 -------- d-----w- F:\zoek_backup
2016-01-12 22:20 . 2016-01-12 22:20 -------- d-----w- f:\programdata\Ashampoo
2016-01-12 20:51 . 2015-12-08 21:00 2386944 ----a-w- f:\windows\system32\win32k.sys
2016-01-12 20:48 . 2015-11-25 10:43 9014120 ----a-w- f:\programdata\Microsoft\Windows Defender\Definition Updates\{B8E2E083-6D3A-45B8-AD40-333C396431F8}\mpengine.dll
2016-01-12 17:21 . 2016-01-12 17:23 -------- d-----w- f:\program files\RogueKiller
2016-01-12 12:25 . 2016-01-12 12:25 -------- d-----w- f:\programdata\Roblox
2016-01-11 16:58 . 2016-01-11 16:58 -------- d-----w- f:\users\xXx\.appwork
2016-01-11 16:52 . 2016-01-11 16:52 -------- d-----w- f:\users\xXx\AppData\Local\CEF
2016-01-11 16:52 . 2016-01-11 16:52 -------- d-----w- f:\users\xXx\AppData\Local\Adobe
2016-01-11 16:33 . 2016-01-13 13:39 -------- d-----w- f:\users\xXx\AppData\Local\CrashDumps
2016-01-11 12:19 . 2016-01-11 12:19 -------- d-----w- f:\program files\Roblox
2016-01-02 12:55 . 2007-03-19 17:05 13840 ----a-w- f:\windows\system32\wnaspi32.dll
2015-12-30 12:58 . 2015-10-08 23:17 69120 ----a-w- f:\windows\system32\nlsbres.dll
2015-12-30 12:58 . 2015-10-08 23:13 6144 ----a-w- f:\windows\system32\kbdgeoqw.dll
2015-12-30 12:58 . 2015-10-08 23:13 6144 ----a-w- f:\windows\system32\KBDAZEL.DLL
2015-12-28 00:28 . 2015-12-28 00:28 -------- d-----w- f:\users\xXx\AppData\Local\GWX
2015-12-27 09:26 . 2016-01-12 21:51 -------- d-s---w- f:\windows\system32\CompatTel
2015-12-27 09:26 . 2016-01-12 21:51 -------- d-----w- f:\windows\system32\appraiser
2015-12-27 00:34 . 2015-12-27 00:34 -------- d-s---w- f:\windows\system32\GWX
2015-12-27 00:34 . 2015-12-27 00:34 -------- d-----w- f:\windows\Migration
2015-12-26 12:48 . 2015-04-11 03:07 54656 ----a-w- f:\windows\system32\drivers\stream.sys
2015-12-26 12:48 . 2013-08-28 00:57 434688 ----a-w- f:\windows\system32\scavengeui.dll
2015-12-26 12:48 . 2014-02-04 02:07 149440 ----a-w- f:\windows\system32\drivers\storport.sys
2015-12-26 12:48 . 2014-02-04 02:07 234432 ----a-w- f:\windows\system32\drivers\msiscsi.sys
2015-12-26 12:48 . 2014-02-04 02:07 27072 ----a-w- f:\windows\system32\drivers\Diskdump.sys
2015-12-26 12:48 . 2014-02-04 02:00 2048 ----a-w- f:\windows\system32\iologmsg.dll
2015-12-26 12:48 . 2015-07-22 16:38 41984 ----a-w- f:\windows\system32\UtcResources.dll
2015-12-26 12:48 . 2015-07-22 17:53 937984 ----a-w- f:\windows\system32\diagtrack.dll
2015-12-26 12:48 . 2015-07-22 17:53 635392 ----a-w- f:\windows\system32\tdh.dll
2015-12-26 12:48 . 2015-07-09 17:42 1372160 ----a-w- f:\windows\system32\dwmcore.dll
2015-12-26 12:48 . 2015-07-09 17:42 67584 ----a-w- f:\windows\system32\dwmapi.dll
2015-12-26 12:46 . 2014-07-09 01:29 6144 ----a-w- f:\windows\system32\KBDYAK.DLL
2015-12-23 21:00 . 2015-12-24 12:16 -------- d-----w- f:\users\xXx\AppData\Roaming\dvdcss
2015-12-17 16:18 . 2015-12-17 16:18 -------- d-----w- f:\program files\Common Files\Adobe
2015-12-15 15:24 . 2015-12-15 15:24 -------- d-----w- f:\users\xXx\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-13 14:51 . 2015-02-02 17:48 30848 ----a-w- f:\windows\system32\drivers\TrueSight.sys
2016-01-12 18:04 . 2014-06-25 19:37 170200 ----a-w- f:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-30 10:03 . 2015-02-04 20:28 796864 ----a-w- f:\windows\system32\FlashPlayerApp.exe
2015-12-30 10:03 . 2015-02-04 20:28 142528 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-09 18:58 . 2015-12-09 18:58 1070232 ----a-w- f:\windows\system32\MSCOMCTL.OCX
2015-12-02 12:25 . 2012-12-28 14:38 247976 ------w- f:\windows\system32\MpSigStub.exe
2015-11-20 18:34 . 2015-12-09 12:45 93696 ----a-w- f:\windows\system32\wudriver.dll
2015-11-20 18:34 . 2015-12-09 12:45 35840 ----a-w- f:\windows\system32\wups2.dll
2015-11-20 18:34 . 2015-12-09 12:45 2956800 ----a-w- f:\windows\system32\wucltux.dll
2015-11-20 18:34 . 2015-12-09 12:45 2062848 ----a-w- f:\windows\system32\wuaueng.dll
2015-11-20 18:34 . 2015-12-09 12:45 174080 ----a-w- f:\windows\system32\wuwebv.dll
2015-11-20 18:34 . 2015-12-09 12:45 30208 ----a-w- f:\windows\system32\wups.dll
2015-11-20 18:34 . 2015-12-09 12:45 573440 ----a-w- f:\windows\system32\wuapi.dll
2015-11-20 18:34 . 2015-12-09 12:45 73728 ----a-w- f:\windows\system32\WinSetupUI.dll
2015-11-20 18:33 . 2015-12-09 12:45 11776 ----a-w- f:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:33 . 2015-12-09 12:45 35328 ----a-w- f:\windows\system32\wuapp.exe
2015-11-20 18:33 . 2015-12-09 12:45 136192 ----a-w- f:\windows\system32\wuauclt.exe
2015-11-20 12:21 . 2015-11-20 12:21 44608 ----a-w- f:\windows\system32\drivers\EpfwLWF.sys
2015-11-11 18:39 . 2015-12-09 12:46 1242624 ----a-w- f:\windows\system32\comsvcs.dll
2015-11-11 18:39 . 2015-12-09 12:46 487936 ----a-w- f:\windows\system32\catsrvut.dll
2015-11-10 18:39 . 2015-12-09 12:46 909824 ----a-w- f:\windows\system32\FntCache.dll
2015-11-10 18:39 . 2015-12-09 12:46 1251328 ----a-w- f:\windows\system32\DWrite.dll
2015-11-10 18:39 . 2015-12-09 12:46 811520 ----a-w- f:\windows\system32\user32.dll
2015-11-05 19:02 . 2015-12-09 12:45 14848 ----a-w- f:\windows\system32\wshrm.dll
2015-11-05 09:48 . 2015-12-09 12:45 117760 ----a-w- f:\windows\system32\drivers\rmcast.sys
2015-11-03 18:56 . 2015-12-09 12:45 627712 ----a-w- f:\windows\system32\usp10.dll
2015-11-03 18:55 . 2015-12-09 12:45 179712 ----a-w- f:\windows\system32\els.dll
2015-10-29 17:49 . 2015-12-26 12:49 562176 ----a-w- f:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-12-26 12:49 470528 ----a-w- f:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-12-26 12:49 2178560 ----a-w- f:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-12-26 12:49 211968 ----a-w- f:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-12-26 12:49 2560 ----a-w- f:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="f:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2015-06-12 7536344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=f:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=f:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2013 Rychlé spuštění.lnk]
path=f:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Rychlé spuštění.lnk
backup=f:\windows\pss\SolidWorks 2013 Rychlé spuštění.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Nástroj pro stahování na pozadí.lnk]
path=f:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Nástroj pro stahování na pozadí.lnk
backup=f:\windows\pss\SolidWorks Nástroj pro stahování na pozadí.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2014-11-08 14:14 1298504 ----a-w- f:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-10-28 08:29 3675352 ----a-w- f:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mncaepcrSrv]
2014-01-19 18:57 1342 --s-a-w- f:\windows\inf\mncaepcr.vbe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2013-12-10 02:15 2279712 ----a-w- f:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
2013-11-08 20:46 1028384 ----a-w- f:\program files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2013-12-10 02:13 982232 ----a-w- f:\windows\System32\nvspcap.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-10-07 14:39 507776 ----a-w- f:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2015-12-17 16:54 2026520 ----a-w- f:\users\xXx\AppData\Roaming\uTorrent\uTorrent.exe
.
R0 mv61xx;mv61xx;f:\windows\system32\DRIVERS\mv61xx.sys [x]
R2 AsSysCtrlService;ASUS System Control Service;f:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 DokanMounter;DokanMounter;f:\program files\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
R2 MBAMService;MBAMService;f:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R3 DFX11_1;DFX Audio Enhancer 11.1;f:\windows\system32\drivers\dfx11_1.sys [2012-08-30 24424]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;f:\windows\system32\IEEtwCollector.exe [2015-12-12 102912]
R3 LgBttPort;LGE Bluetooth TransPort;f:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;f:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;f:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;f:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);f:\windows\system32\drivers\nvvad32v.sys [2013-12-05 34080]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;f:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;f:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;f:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 VGPU;VGPU;f:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;f:\windows\system32\Wat\WatAdminSvc.exe [2012-12-29 1343400]
R3 WiseHDInfo;WiseHDInfo;f:\windows\WiseHDInfo32.dll [2015-09-27 13264]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;f:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 mrdd;Marvell Removable Disk Control Driver;f:\windows\system32\DRIVERS\mrdd.sys [2008-11-12 18984]
S0 sptd;sptd;f:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;f:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-26 243128]
S2 DiagTrack;Diagnostics Tracking Service;f:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Dokan;Dokan;f:\windows\system32\drivers\dokan.sys [2011-01-10 95744]
S2 NvNetworkService;NVIDIA Network Service;f:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304]
S2 NvStreamSvc;NVIDIA Streamer Service;f:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 14658848]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;f:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
S3 MBAMProtector;MBAMProtector;f:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 tsusbhub;Remote Deskotop USB Hub;f:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-11 16:15 1096520 ----a-w- f:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-13 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 10:03]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - f:\users\xXx\AppData\Roaming\Mozilla\Firefox\Profiles\pm06ttbe.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-MSStp - f:\windows\system32\msstp.vbe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - f:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-Armored Warfare MyCom - f:\users\xXx\AppData\Local\MyComGames\MyComGames.exe
AddRemove-Armored Warfare MyCom Beta - f:\users\xXx\AppData\Local\MyComGames\MyComGames.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2016-01-13 16:39:38
ComboFix-quarantined-files.txt 2016-01-13 15:39
.
Před spuštěním: Volných bajtů: 325 560 512 512
Po spuštění: Volných bajtů: 325 505 122 304
.
- - End Of File - - C59DE31D3010A0E8A5B921BE1CF1DFA4
A36C5E4F47E84449FF07ED3517B43A31

[jerabina]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::

Folder::
f:\program files\DAEMON Tools Lite

File::
f:\windows\inf\mncaepcr.vbe
f:\windows\Tasks\Adobe Flash Player Updater.job
f:\windows\system32\msstp.vbe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mncaepcrSrv]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

DDS::
FF - prefs.js: browser.startup.homepage - about:home

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu, klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Yelkinson]

ComboFix 16-01-07.01 - xXx 13.01.2016 19:56:24.3.2 - x86
Spuštěný z: f:\users\xXx\Desktop\ComboFix.exe
Použité ovládací přepínače :: f:\users\xXx\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
.
FILE ::
"f:\windows\inf\mncaepcr.vbe"
"f:\windows\system32\msstp.vbe"
"f:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\program files\DAEMON Tools Lite
f:\program files\DAEMON Tools Lite\DT.gadget
f:\program files\DAEMON Tools Lite\DTCommonRes.dll
f:\program files\DAEMON Tools Lite\DTGadget32.dll
f:\program files\DAEMON Tools Lite\DTGadget64.dll
f:\program files\DAEMON Tools Lite\DTHelper.exe
f:\program files\DAEMON Tools Lite\DTLite.exe
f:\program files\DAEMON Tools Lite\DTShellHlp.exe
f:\program files\DAEMON Tools Lite\dtsoftbus01.cat
f:\program files\DAEMON Tools Lite\dtsoftbus01.inf
f:\program files\DAEMON Tools Lite\dtsoftbus01.sys
f:\program files\DAEMON Tools Lite\Engine.dll
f:\program files\DAEMON Tools Lite\imgengine.dll
f:\program files\DAEMON Tools Lite\InstallGadget.exe
f:\program files\DAEMON Tools Lite\Lang\AFK.dll
f:\program files\DAEMON Tools Lite\Lang\ARA.dll
f:\program files\DAEMON Tools Lite\Lang\BGR.dll
f:\program files\DAEMON Tools Lite\Lang\BIH.dll
f:\program files\DAEMON Tools Lite\Lang\CAT.dll
f:\program files\DAEMON Tools Lite\Lang\CSY.dll
f:\program files\DAEMON Tools Lite\Lang\DAN.dll
f:\program files\DAEMON Tools Lite\Lang\DEU.dll
f:\program files\DAEMON Tools Lite\Lang\ELL.dll
f:\program files\DAEMON Tools Lite\Lang\ENU.dll
f:\program files\DAEMON Tools Lite\Lang\ESN.dll
f:\program files\DAEMON Tools Lite\Lang\FIN.dll
f:\program files\DAEMON Tools Lite\Lang\FRA.dll
f:\program files\DAEMON Tools Lite\Lang\GLC.dll
f:\program files\DAEMON Tools Lite\Lang\HEB.dll
f:\program files\DAEMON Tools Lite\Lang\HRV.dll
f:\program files\DAEMON Tools Lite\Lang\HUN.dll
f:\program files\DAEMON Tools Lite\Lang\HYE.dll
f:\program files\DAEMON Tools Lite\Lang\CHS.dll
f:\program files\DAEMON Tools Lite\Lang\CHT.dll
f:\program files\DAEMON Tools Lite\Lang\IND.dll
f:\program files\DAEMON Tools Lite\Lang\ITA.dll
f:\program files\DAEMON Tools Lite\Lang\JPN.dll
f:\program files\DAEMON Tools Lite\Lang\KAT.dll
f:\program files\DAEMON Tools Lite\Lang\KOR.dll
f:\program files\DAEMON Tools Lite\Lang\LTH.dll
f:\program files\DAEMON Tools Lite\Lang\LVI.dll
f:\program files\DAEMON Tools Lite\Lang\NLB.dll
f:\program files\DAEMON Tools Lite\Lang\NOR.dll
f:\program files\DAEMON Tools Lite\Lang\PLK.dll
f:\program files\DAEMON Tools Lite\Lang\PTB.dll
f:\program files\DAEMON Tools Lite\Lang\ROM.dll
f:\program files\DAEMON Tools Lite\Lang\RUS.dll
f:\program files\DAEMON Tools Lite\Lang\SKY.dll
f:\program files\DAEMON Tools Lite\Lang\SLV.dll
f:\program files\DAEMON Tools Lite\Lang\SRL.dll
f:\program files\DAEMON Tools Lite\Lang\SVE.dll
f:\program files\DAEMON Tools Lite\Lang\TRK.dll
f:\program files\DAEMON Tools Lite\Lang\UKR.dll
f:\program files\DAEMON Tools Lite\SPTDinst-x64.exe
f:\program files\DAEMON Tools Lite\SPTDinst-x86.exe
f:\program files\DAEMON Tools Lite\uninst.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-13 do 2016-01-13 )))))))))))))))))))))))))))))))
.
.
2016-01-13 19:02 . 2016-01-13 19:03 -------- d-----w- f:\users\xXx\AppData\Local\temp
2016-01-13 19:02 . 2016-01-13 19:02 -------- d-----w- f:\users\Public\AppData\Local\temp
2016-01-13 19:02 . 2016-01-13 19:02 -------- d-----w- f:\users\HomeGroupUser$\AppData\Local\temp
2016-01-13 19:02 . 2016-01-13 19:02 -------- d-----w- f:\users\Guest\AppData\Local\temp
2016-01-13 19:02 . 2016-01-13 19:02 -------- d-----w- f:\users\Default\AppData\Local\temp
2016-01-13 19:02 . 2016-01-13 19:02 -------- d-----w- f:\users\Administrator\AppData\Local\temp
2016-01-13 15:22 . 2016-01-13 15:08 24064 ----a-w- f:\windows\zoek-delete.exe
2016-01-13 15:08 . 2016-01-13 15:21 -------- d-----w- F:\zoek_backup
2016-01-12 22:20 . 2016-01-12 22:20 -------- d-----w- f:\programdata\Ashampoo
2016-01-12 20:51 . 2015-12-08 21:00 2386944 ----a-w- f:\windows\system32\win32k.sys
2016-01-12 20:48 . 2015-11-25 10:43 9014120 ----a-w- f:\programdata\Microsoft\Windows Defender\Definition Updates\{B8E2E083-6D3A-45B8-AD40-333C396431F8}\mpengine.dll
2016-01-12 17:21 . 2016-01-12 17:23 -------- d-----w- f:\program files\RogueKiller
2016-01-12 12:25 . 2016-01-12 12:25 -------- d-----w- f:\programdata\Roblox
2016-01-11 16:58 . 2016-01-11 16:58 -------- d-----w- f:\users\xXx\.appwork
2016-01-11 16:52 . 2016-01-11 16:52 -------- d-----w- f:\users\xXx\AppData\Local\CEF
2016-01-11 16:52 . 2016-01-11 16:52 -------- d-----w- f:\users\xXx\AppData\Local\Adobe
2016-01-11 16:33 . 2016-01-13 13:39 -------- d-----w- f:\users\xXx\AppData\Local\CrashDumps
2016-01-11 12:19 . 2016-01-11 12:19 -------- d-----w- f:\program files\Roblox
2016-01-02 12:55 . 2007-03-19 17:05 13840 ----a-w- f:\windows\system32\wnaspi32.dll
2015-12-30 12:58 . 2015-10-08 23:17 69120 ----a-w- f:\windows\system32\nlsbres.dll
2015-12-30 12:58 . 2015-10-08 23:13 6144 ----a-w- f:\windows\system32\kbdgeoqw.dll
2015-12-30 12:58 . 2015-10-08 23:13 6144 ----a-w- f:\windows\system32\KBDAZEL.DLL
2015-12-28 00:28 . 2015-12-28 00:28 -------- d-----w- f:\users\xXx\AppData\Local\GWX
2015-12-27 09:26 . 2016-01-12 21:51 -------- d-s---w- f:\windows\system32\CompatTel
2015-12-27 09:26 . 2016-01-12 21:51 -------- d-----w- f:\windows\system32\appraiser
2015-12-27 00:34 . 2015-12-27 00:34 -------- d-s---w- f:\windows\system32\GWX
2015-12-27 00:34 . 2015-12-27 00:34 -------- d-----w- f:\windows\Migration
2015-12-26 12:48 . 2015-04-11 03:07 54656 ----a-w- f:\windows\system32\drivers\stream.sys
2015-12-26 12:48 . 2013-08-28 00:57 434688 ----a-w- f:\windows\system32\scavengeui.dll
2015-12-26 12:48 . 2014-02-04 02:07 149440 ----a-w- f:\windows\system32\drivers\storport.sys
2015-12-26 12:48 . 2014-02-04 02:07 234432 ----a-w- f:\windows\system32\drivers\msiscsi.sys
2015-12-26 12:48 . 2014-02-04 02:07 27072 ----a-w- f:\windows\system32\drivers\Diskdump.sys
2015-12-26 12:48 . 2014-02-04 02:00 2048 ----a-w- f:\windows\system32\iologmsg.dll
2015-12-26 12:48 . 2015-07-22 16:38 41984 ----a-w- f:\windows\system32\UtcResources.dll
2015-12-26 12:48 . 2015-07-22 17:53 937984 ----a-w- f:\windows\system32\diagtrack.dll
2015-12-26 12:48 . 2015-07-22 17:53 635392 ----a-w- f:\windows\system32\tdh.dll
2015-12-26 12:48 . 2015-07-09 17:42 1372160 ----a-w- f:\windows\system32\dwmcore.dll
2015-12-26 12:48 . 2015-07-09 17:42 67584 ----a-w- f:\windows\system32\dwmapi.dll
2015-12-26 12:46 . 2014-07-09 01:29 6144 ----a-w- f:\windows\system32\KBDYAK.DLL
2015-12-23 21:00 . 2015-12-24 12:16 -------- d-----w- f:\users\xXx\AppData\Roaming\dvdcss
2015-12-17 16:18 . 2015-12-17 16:18 -------- d-----w- f:\program files\Common Files\Adobe
2015-12-15 15:24 . 2015-12-15 15:24 -------- d-----w- f:\users\xXx\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-13 14:51 . 2015-02-02 17:48 30848 ----a-w- f:\windows\system32\drivers\TrueSight.sys
2016-01-12 18:04 . 2014-06-25 19:37 170200 ----a-w- f:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-30 10:03 . 2015-02-04 20:28 796864 ----a-w- f:\windows\system32\FlashPlayerApp.exe
2015-12-30 10:03 . 2015-02-04 20:28 142528 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-09 18:58 . 2015-12-09 18:58 1070232 ----a-w- f:\windows\system32\MSCOMCTL.OCX
2015-12-02 12:25 . 2012-12-28 14:38 247976 ------w- f:\windows\system32\MpSigStub.exe
2015-11-20 18:34 . 2015-12-09 12:45 93696 ----a-w- f:\windows\system32\wudriver.dll
2015-11-20 18:34 . 2015-12-09 12:45 35840 ----a-w- f:\windows\system32\wups2.dll
2015-11-20 18:34 . 2015-12-09 12:45 2956800 ----a-w- f:\windows\system32\wucltux.dll
2015-11-20 18:34 . 2015-12-09 12:45 2062848 ----a-w- f:\windows\system32\wuaueng.dll
2015-11-20 18:34 . 2015-12-09 12:45 174080 ----a-w- f:\windows\system32\wuwebv.dll
2015-11-20 18:34 . 2015-12-09 12:45 30208 ----a-w- f:\windows\system32\wups.dll
2015-11-20 18:34 . 2015-12-09 12:45 573440 ----a-w- f:\windows\system32\wuapi.dll
2015-11-20 18:34 . 2015-12-09 12:45 73728 ----a-w- f:\windows\system32\WinSetupUI.dll
2015-11-20 18:33 . 2015-12-09 12:45 11776 ----a-w- f:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:33 . 2015-12-09 12:45 35328 ----a-w- f:\windows\system32\wuapp.exe
2015-11-20 18:33 . 2015-12-09 12:45 136192 ----a-w- f:\windows\system32\wuauclt.exe
2015-11-20 12:21 . 2015-11-20 12:21 44608 ----a-w- f:\windows\system32\drivers\EpfwLWF.sys
2015-11-11 18:39 . 2015-12-09 12:46 1242624 ----a-w- f:\windows\system32\comsvcs.dll
2015-11-11 18:39 . 2015-12-09 12:46 487936 ----a-w- f:\windows\system32\catsrvut.dll
2015-11-10 18:39 . 2015-12-09 12:46 909824 ----a-w- f:\windows\system32\FntCache.dll
2015-11-10 18:39 . 2015-12-09 12:46 1251328 ----a-w- f:\windows\system32\DWrite.dll
2015-11-10 18:39 . 2015-12-09 12:46 811520 ----a-w- f:\windows\system32\user32.dll
2015-11-05 19:02 . 2015-12-09 12:45 14848 ----a-w- f:\windows\system32\wshrm.dll
2015-11-05 09:48 . 2015-12-09 12:45 117760 ----a-w- f:\windows\system32\drivers\rmcast.sys
2015-11-03 18:56 . 2015-12-09 12:45 627712 ----a-w- f:\windows\system32\usp10.dll
2015-11-03 18:55 . 2015-12-09 12:45 179712 ----a-w- f:\windows\system32\els.dll
2015-10-29 17:49 . 2015-12-26 12:49 562176 ----a-w- f:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-12-26 12:49 470528 ----a-w- f:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-12-26 12:49 2178560 ----a-w- f:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-12-26 12:49 211968 ----a-w- f:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-12-26 12:49 2560 ----a-w- f:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="f:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2015-06-12 7536344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=f:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=f:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2013 Rychlé spuštění.lnk]
path=f:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Rychlé spuštění.lnk
backup=f:\windows\pss\SolidWorks 2013 Rychlé spuštění.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Nástroj pro stahování na pozadí.lnk]
path=f:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Nástroj pro stahování na pozadí.lnk
backup=f:\windows\pss\SolidWorks Nástroj pro stahování na pozadí.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2014-11-08 14:14 1298504 ----a-w- f:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2013-12-10 02:15 2279712 ----a-w- f:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
2013-11-08 20:46 1028384 ----a-w- f:\program files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2013-12-10 02:13 982232 ----a-w- f:\windows\System32\nvspcap.dll
.
R0 mv61xx;mv61xx;f:\windows\system32\DRIVERS\mv61xx.sys [x]
R2 MBAMService;MBAMService;f:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R3 DFX11_1;DFX Audio Enhancer 11.1;f:\windows\system32\drivers\dfx11_1.sys [2012-08-30 24424]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;f:\windows\system32\IEEtwCollector.exe [2015-12-12 102912]
R3 LgBttPort;LGE Bluetooth TransPort;f:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;f:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;f:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;f:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);f:\windows\system32\drivers\nvvad32v.sys [2013-12-05 34080]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;f:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;f:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;f:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 VGPU;VGPU;f:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;f:\windows\system32\Wat\WatAdminSvc.exe [2012-12-29 1343400]
R3 WiseHDInfo;WiseHDInfo;f:\windows\WiseHDInfo32.dll [2015-09-27 13264]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;f:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 mrdd;Marvell Removable Disk Control Driver;f:\windows\system32\DRIVERS\mrdd.sys [2008-11-12 18984]
S0 sptd;sptd;f:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;f:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-26 243128]
S2 AsSysCtrlService;ASUS System Control Service;f:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 DiagTrack;Diagnostics Tracking Service;f:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Dokan;Dokan;f:\windows\system32\drivers\dokan.sys [2011-01-10 95744]
S2 DokanMounter;DokanMounter;f:\program files\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
S2 NvNetworkService;NVIDIA Network Service;f:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304]
S2 NvStreamSvc;NVIDIA Streamer Service;f:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 14658848]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;f:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
S3 MBAMProtector;MBAMProtector;f:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 tsusbhub;Remote Deskotop USB Hub;f:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-11 16:15 1096520 ----a-w- f:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-13 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 10:03]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - f:\users\xXx\AppData\Roaming\Mozilla\Firefox\Profiles\pm06ttbe.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-DAEMON Tools Lite - f:\program files\DAEMON Tools Lite\uninst.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
f:\windows\system32\nvvsvc.exe
f:\program files\NVIDIA Corporation\Display\nvxdsync.exe
f:\windows\system32\nvvsvc.exe
f:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
f:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
f:\windows\system32\taskhost.exe
f:\windows\system32\conhost.exe
f:\windows\system32\conhost.exe
f:\program files\NVIDIA Corporation\Display\nvtray.exe
f:\windows\system32\sppsvc.exe
f:\windows\system32\GWX\GWXConfigManager.exe
f:\windows\system32\taskhost.exe
.
**************************************************************************
.
Celkový čas: 2016-01-13 20:06:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-13 19:06
ComboFix2.txt 2016-01-13 15:39
.
Před spuštěním: Volných bajtů: 325 498 953 728
Po spuštění: Volných bajtů: 325 443 928 064
.
- - End Of File - - 95BF15D9004FCD55DFF1DB46A6B14DC9
A36C5E4F47E84449FF07ED3517B43A31

[Yelkinson]

v normalnim rezimu mi nesel spustit tak sem musel v nouzaku


aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-01-13 22:00:48
-----------------------------
22:00:48.110 OS Version: Windows 6.1.7601 Service Pack 1
22:00:48.110 Number of processors: 2 586 0x170A
22:00:48.110 ComputerName: XXX-PC UserName: xXx
22:01:12.492 Initialize success
22:05:55.227 Service scanning
22:06:06.241 Modules scanning
22:06:06.241 Disk 0 trace - called modules:
22:06:06.241 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
22:06:06.241 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bd5900]
22:06:06.241 3 CLASSPNP.SYS[8b4de59e] -> nt!IofCallDriver -> [0x85a85918]
22:06:06.257 5 ACPI.sys[8ad9f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-6[0x85a81030]
22:06:06.257 Scan finished successfully
22:07:38.578 The log file has been saved successfully to "F:\Users\xXx\Desktop\aswMBR.txt"

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Vlož nový log z HJT + informuj o problémech.

[Yelkinson]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:46:43, on 14.1.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)

FIREFOX: 43.0.4 (x86 cs)
Boot mode: Normal

Running processes:
F:\Windows\system32\Dwm.exe
F:\Windows\system32\taskhost.exe
F:\Windows\Explorer.EXE
F:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
F:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
F:\Users\xXx\AppData\Local\MyComGames\MyComGames.exe
F:\Program Files\NVIDIA Corporation\Display\nvtray.exe
F:\Windows\system32\SearchProtocolHost.exe
F:\Windows\system32\SearchFilterHost.exe
F:\Users\xXx\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0000000000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - F:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - F:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [RTHDVCPL] "F:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe" -s
O4 - HKCU\..\Run: [MyComGames] "F:\Users\xXx\AppData\Local\MyComGames\MyComGames.exe" -autostart
O4 - HKUS\S-1-5-21-4180440179-413253161-2612144775-1001\..\Run: [MyComGames] "F:\Users\xXx\AppData\Local\MyComGames\MyComGames.exe" -autostart (User '?')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - (no file)
O9 - Extra 'Tools' menuitem: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - F:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - F:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: DokanMounter - Unknown owner - F:\Program Files\Dokan\DokanLibrary\mounter.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMScheduler - Malwarebytes - F:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - F:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - F:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - F:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4512 bytes



WoT. mi porad nejde ...normalne zapnu vyskoci prihlasovaci obrazovka a uz tady sou nejake problemy protoze mi stranka problikava a nahore u napisu mi v zavorce vyskakuje "nepripojeno " tak nevim cim to muze byt otestovat pameti nemuzu protoze mi nejde mechanika.Pc sem asi pred 14 dny cistil od prachu a pak vsechno fungovalo a proste ted najednou to zacalo.
Wo warships to same.
Wo Warplanes funguje tak trochu s lagovanim ale de to.
War Thunder jeste nevim stahuju aktualizace.
a jeste mi prijde divny ze jakmile zapnu hru tak mi jedou vetraky naplno pritom se to neprehriva kokal sem do Hvmonitoru

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O9 - Extra button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - (no file)
O9 - Extra 'Tools' menuitem: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - (no file)

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.


Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

[Yelkinson]

----------------------------------------------------------------------------
CrystalDiskInfo 6.5.2 (C) 2008-2015 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Ultimate SP1 [6.1 Build 7601] (x86)
Date : 2016/01/14 17:07:36

-- Controller Map ----------------------------------------------------------
+ ATA Channel 0 (0) [ATA]
- Jednotka CD-ROM
- ATA Channel 1 (1) [ATA]
- ATA Channel 0 (0) [ATA]
- ATA Channel 1 (1) [ATA]
+ Intel(R) ICH10 Family 4 port Serial ATA Storage Controller 1 - 3A20 [ATA]
- ATA Channel 0 (0)
+ ATA Channel 1 (1)
- WDC WD5001AALS-00L3B2 ATA Device
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Intel(R) ICH10 Family 2 port Serial ATA Storage Controller 2 - 3A26 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)

-- Disk List ---------------------------------------------------------------
(1) WDC WD5001AALS-00L3B2 : 500,1 GB [0/3/0, pd1] - wd

----------------------------------------------------------------------------
(1) WDC WD5001AALS-00L3B2
----------------------------------------------------------------------------
Model : WDC WD5001AALS-00L3B2
Firmware : 01.03B01
Serial Number : WD-WCASY6311334
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 32767 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : ---- | SATA/300
Power On Hours : 24868 hod.
Power On Count : 3156 krát
Temperature : 38 C (100 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 161 159 _21 00000000133D Čas na roztočení ploten
04 _97 _97 __0 000000000CC4 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 100 253 __0 000000000000 Počet chybných hledání
09 _66 _66 __0 000000006124 Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _97 _97 __0 000000000C54 Počet cyklů zapnutí zařízení
C0 200 200 __0 00000000005E Počet vypnutí disku
C1 199 199 __0 000000000CC4 Počet cyklů načítání/vymazání
C2 109 _94 __0 000000000026 Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 __0 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5743 4153 5936 3331 3133 3334
020: 0000 FFFF 0032 3031 2E30 3342 3031 5744 4320 5744
030: 3530 3031 4141 4C53 2D30 304C 3342 3220 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0706 0000 0044 0040
080: 01FE 0000 746B 7F61 4123 7469 BC41 4123 207F 0039
090: 0039 0000 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 0000 0000 5001 4EE2
110: 0312 E332 0000 0000 0000 0000 0000 0000 0000 4010
120: 4010 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 169D 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 303F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 100E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 91A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 A1 9F 3D 13 00 00 00 00 00 04 32 00 61 61 C4
020: 0C 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 64 FD 00 00 00 00 00 00 00 09 32
040: 00 42 42 24 61 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 61 61 54 0C 00 00 00 00 00 C0 32
070: 00 C8 C8 5E 00 00 00 00 00 00 C1 32 00 C7 C7 C4
080: 0C 00 00 00 00 00 C2 22 00 6D 5E 26 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C6 30 00 C8 C8 00
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 08 00 C8 C8 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 84 00 98 2B 01 7B
170: 03 00 01 00 02 83 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 04 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CB

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 C8 C8 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 64 64 64 64 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 C8 C8 C8 C8 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ED

[Yelkinson]

memtest mi nejde viz