Samovoľné deaktivovanie okna vo win7.

Kronos · Příspěvekod **Kronos** » 31 led 2016 16:31

Zdravím.
Mám taký problém už dlhšiu dobu sa mi sami od seba deaktivujú okná ako keď ich od kliknem trvá to zhruba 10 min. potom to prestane ale po nejakom čase to začne zas. System som prešiel antivirusom Avira a žiadny vírus nenašiel. Skúšal som to prehľadať aj v núdzovom režime programom Malwarebytes tak isto nič. :-(

Už neviem čo mám robiť tak som zašiel sem po nejakú odbornú radu.

Reklama

Příspěvekod **jerabina** » 31 led 2016 16:32

Ahoj, vítej na fóru PC-HELP!

Udělej prosím log z programu HJT. Návod nalezneš v mém podpisu.

Kronos · Příspěvekod **Kronos** » 31 led 2016 16:57

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:55:30, on 31. 1. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17909)

FIREFOX: 39.0 (x86 sk)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\Antivirus\avgnt.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\kristian\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kristian\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll
O2 - BHO: AviraBrowserSafety.BrowserSafety - {c3c77255-42c0-499f-b664-6e981a0b1647} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [EasySettingBox] C:\Program Files\Samsung\Easy Setting Box\EasySettingBox.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\kristian\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\kristian\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Avira Browser Safety - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - mscoree.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8761 bytes

Příspěvekod **jerabina** » 31 led 2016 17:02

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Kronos · Příspěvekod **Kronos** » 31 led 2016 17:58

# AdwCleaner v5.032 - Logfile created 31/01/2016 at 17:14:25
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : kristian - KRISTIAN-PC
# Running from : C:\Users\kristian\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files\BitLord
Folder Found : C:\ProgramData\simplitec
Folder Found : C:\Users\kristian\AppData\Local\BitLord
Folder Found : C:\Users\kristian\AppData\Local\MalwareProtectionLive
Folder Found : C:\Users\kristian\AppData\Roaming\BitLord
Folder Found : C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\gsvvxlqr.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Folder Found : C:\Users\kristian\Documents\BitLord

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Key Found : HKLM\SOFTWARE\simplitec

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1168 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Dátum kontroly: 31. 1. 2016
Čas kontroly: 17:28
Protokol: Malwarebytes Anti-Malware.txt
Správca: Áno

Verzia: 2.2.0.1024
Dazabáza malware: v2016.01.31.04
Databáza rootkitov: v2016.01.20.01
Licencia: Bezplatná verzia
Ochrana pred škodlivým softvérom: Vypnuté
Ochrana pred škodlivými webstránkami: Vypnuté
Vlastná ochrana: Vypnuté

OS: Windows 7 Service Pack 1
CPU: x86
Súborový systém: NTFS
Používateľ: kristian

Typ kontroly: Kontrola hrozieb
Výsledok: Dokončená
Skontrolovaných objektov: 347488
Uplynulý čas: 12 min, 22 s

Pamäť: Zapnuté
Pri spustení: Zapnuté
Súborový systém: Zapnuté
Archívy: Zapnuté
Rootkity: Vypnuté
Heuristika: Zapnuté
PUP: Zapnuté
PUM: Zapnuté

Procesy: 0
(Žiadne škodlivé položky neboli zistené)

Moduly: 0
(Žiadne škodlivé položky neboli zistené)

Kľúče databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Hodnoty databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Údaj databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Priečinky: 0
(Žiadne škodlivé položky neboli zistené)

Súbory: 0
(Žiadne škodlivé položky neboli zistené)

Fyzické sektory: 0
(Žiadne škodlivé položky neboli zistené)

(end)

Příspěvekod **jerabina** » 31 led 2016 18:05

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Kronos · Příspěvekod **Kronos** » 31 led 2016 20:23

# AdwCleaner v5.032 - Logfile created 31/01/2016 at 19:48:53
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : kristian - KRISTIAN-PC
# Running from : C:\Users\kristian\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\BitLord
[-] Folder Deleted : C:\ProgramData\simplitec
[-] Folder Deleted : C:\Users\kristian\AppData\Local\BitLord
[-] Folder Deleted : C:\Users\kristian\AppData\Local\MalwareProtectionLive
[-] Folder Deleted : C:\Users\kristian\AppData\Roaming\BitLord
[-] Folder Deleted : C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\gsvvxlqr.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[-] Folder Deleted : C:\Users\kristian\Documents\BitLord

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
[-] Key Deleted : HKLM\SOFTWARE\simplitec

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1314 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x86
Ran by kristian (Administrator) on ne 31. 01. 2016 at 19:57:14,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 6

Successfully deleted: C:\Users\kristian\AppData\Roaming\3909 (Folder)
Successfully deleted: C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\gsvvxlqr.default\extensions\safesearchplus2@avira.com\data\search.xml (File)
Successfully deleted: C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J57F7LC3 (Folder)
Successfully deleted: C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LKM8DD3U (Folder)
Successfully deleted: C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBRYSN2P (Folder)
Successfully deleted: C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X22L21YK (Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 31. 01. 2016 at 19:58:53,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : kristian [Administrator]
Started from : C:\Users\kristian\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/31/2016 20:16:42

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Systweak -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] gsvvxlqr.default : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EARS-00Y5B1 ATA Device +++++
--- User ---
[MBR] 33f1b7f5d119a0a79a16f9d1f08b23c2
[BSP] 7207f6042392db18177cc9d584665469 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Zariadenie nie je pripravené. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?iadavka nie je podporovaná. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Zariadenie nie je pripravené. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?iadavka nie je podporovaná. )

+++++ PhysicalDrive3: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] Zariadenie nie je pripravené. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?iadavka nie je podporovaná. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Zariadenie nie je pripravené. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?iadavka nie je podporovaná. )

+++++ PhysicalDrive5: Generic Mini SD Reader USB Device +++++
Error reading User MBR! ([15] Zariadenie nie je pripravené. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?iadavka nie je podporovaná. )

Příspěvekod **jerabina** » 31 led 2016 20:28

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Kronos · Příspěvekod **Kronos** » 01 úno 2016 13:21

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : kristian [Administrator]
Started from : C:\Users\kristian\Desktop\RogueKiller.exe
Mode : Delete -- Date : 02/01/2016 12:20:49

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EARS-00Y5B1 ATA Device +++++
--- User ---
[MBR] 33f1b7f5d119a0a79a16f9d1f08b23c2
[BSP] 7207f6042392db18177cc9d584665469 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Zariadenie nie je pripravené. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?iadavka nie je podporovaná. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Zariadenie nie je pripravené. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?iadavka nie je podporovaná. )

+++++ PhysicalDrive3: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] Zariadenie nie je pripravené. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?iadavka nie je podporovaná. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Zariadenie nie je pripravené. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?iadavka nie je podporovaná. )

+++++ PhysicalDrive5: Generic Mini SD Reader USB Device +++++
Error reading User MBR! ([15] Zariadenie nie je pripravené. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?iadavka nie je podporovaná. )

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by kristian on po 01. 02. 2016 at 12:25:24,81.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\kristian\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1. 2. 2016 12:26:26 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\IDM deleted successfully
C:\PROGRA~2\WinZip deleted successfully
C:\Users\kristian\AppData\Roaming\DMCache deleted successfully
C:\Users\kristian\AppData\Roaming\MMFApplications deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2995324089-3222424015-723345418-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} deleted successfully
HKEY_USERS\S-1-5-21-2995324089-3222424015-723345418-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully
HKEY_USERS\S-1-5-21-2995324089-3222424015-723345418-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\gsvvxlqr.default\prefs.js:

Added to C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\gsvvxlqr.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\install.exe deleted
C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\gsvvxlqr.default\extensions\abs@avira.com deleted
C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\gsvvxlqr.default\extensions\safesearchplus2@avira.com deleted
"C:\PROGRA~2\Package Cache\{3882E617-A19F-38D0-8ED9-6F0DBC348A34}v14.0.20626.0\packages\WPT\webtoolsextensionsvs14.msi" not deleted
"C:\PROGRA~2\Package Cache\{61A70737-1FE8-E16A-8791-5C8D54990F5B}v5.2.30624.0\packages\WPT\WebFrameworksTools_VS14_ENU.cab" not deleted
"C:\PROGRA~2\Package Cache" not deleted
"C:\PROGRA~2\Package Cache\{3882E617-A19F-38D0-8ED9-6F0DBC348A34}v14.0.20626.0" not deleted
"C:\PROGRA~2\Package Cache\{61A70737-1FE8-E16A-8791-5C8D54990F5B}v5.2.30624.0" not deleted
"C:\PROGRA~2\Package Cache\{3882E617-A19F-38D0-8ED9-6F0DBC348A34}v14.0.20626.0\packages" not deleted
"C:\PROGRA~2\Package Cache\{3882E617-A19F-38D0-8ED9-6F0DBC348A34}v14.0.20626.0\packages\WPT" not deleted
"C:\PROGRA~2\Package Cache\{61A70737-1FE8-E16A-8791-5C8D54990F5B}v5.2.30624.0\packages" not deleted
"C:\PROGRA~2\Package Cache\{61A70737-1FE8-E16A-8791-5C8D54990F5B}v5.2.30624.0\packages\WPT" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\gsvvxlqr.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\gsvvxlqr.default
6EB985F553B9B45633348B8C8A5849C1 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
A419F8F86D7DF773D4793D2808F88A0D - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
53AE688DA401ECF9AF68465A185D635C - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
4A68CB867E7E8049386610693E9D43D4 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
ipmkfpcnmccejididiaagpgchgjfajgp - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Messenger - kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllmngcdibgbgjnginpehneeofhbmdjm
AdBlock - kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Drive App Launcher - kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh

==== Chromium Startpages ======================

C:\Users\kristian\AppData\Local\Google\Chrome\User Data\Default\Preferences
n_startup":4,"startup_urls":["http://www.google.com/"]}}

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\kristian\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\kristian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\kristian\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\kristian\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\kristian\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\kristian\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\kristian\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\kristian\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\kristian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=685 folders=784 1752337399 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\kristian\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Reset Hosts File ======================

Hosts File Reset Successfully

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\kristian\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Package Cache\{3882E617-A19F-38D0-8ED9-6F0DBC348A34}v14.0.20626.0\packages\WPT\webtoolsextensionsvs14.msi" not found
"C:\PROGRA~2\Package Cache\{61A70737-1FE8-E16A-8791-5C8D54990F5B}v5.2.30624.0\packages\WPT\WebFrameworksTools_VS14_ENU.cab" not found
"C:\PROGRA~2\Package Cache" not found

==== EOF on po 01. 02. 2016 at 12:42:07,17 ======================

ComboFix 16-01-31.01 - kristian . 02. 2016 13:04:34.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3291.2260 [GMT 1:00]
Running from: c:\users\kristian\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kristian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\kristian\AppData\Roaming\poclbm
c:\users\kristian\AppData\Roaming\poclbm\poclbm.ini
.
.
((((((((((((((((((((((((( Files Created from 2016-01-01 to 2016-02-01 )))))))))))))))))))))))))))))))
.
.
2016-02-01 11:40 . 2016-02-01 11:25 24064 ----a-w- c:\windows\zoek-delete.exe
2016-02-01 11:25 . 2016-02-01 11:37 -------- d-----w- C:\zoek_backup
2016-01-31 19:04 . 2016-02-01 10:59 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-01-31 19:04 . 2016-01-31 19:19 -------- d-----w- c:\programdata\RogueKiller
2016-01-31 16:26 . 2016-01-31 16:27 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-31 16:26 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-01-31 16:26 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-01-31 16:26 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-01-31 16:26 . 2016-01-31 16:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-01-31 16:12 . 2016-01-31 18:48 -------- d-----w- C:\AdwCleaner
2016-01-30 18:36 . 2016-01-23 00:47 110016 ----a-w- c:\windows\system32\nvStreaming.exe
2016-01-30 16:34 . 2016-01-30 16:37 -------- d-----w- C:\FRST
2016-01-30 10:11 . 2016-01-30 10:11 -------- d-----w- c:\users\kristian\AppData\Local\ElevatedDiagnostics
2016-01-27 11:24 . 2016-01-27 11:24 -------- d-----w- c:\programdata\Malwarebytes
2016-01-25 11:59 . 2016-01-25 11:59 -------- d-----w- C:\Games
2016-01-23 17:29 . 2016-01-23 17:29 -------- d-----w- c:\program files\Common Files\Java
2016-01-22 19:12 . 2016-01-22 19:12 -------- d-----w- c:\windows\system32\RTCOM
2016-01-22 19:10 . 2011-08-23 09:00 357712 ----a-w- c:\windows\system32\KAAPORT.dll
2016-01-22 19:09 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2016-01-22 18:46 . 2016-01-22 18:46 -------- d-----w- c:\users\kristian\AppData\Roaming\EasySettingBox
2016-01-22 18:44 . 2016-01-22 18:44 -------- d-----w- c:\program files\Samsung
2016-01-22 18:41 . 2016-01-22 18:41 -------- d-----w- c:\program files\MonitorDriver
2016-01-22 18:40 . 2016-01-22 18:40 -------- d-----w- c:\users\kristian\AppData\Roaming\InstallShield
2016-01-22 18:30 . 2015-12-18 06:11 42128 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2016-01-22 18:30 . 2015-12-18 06:10 90768 ----a-w- c:\windows\system32\nvaudcap32v.dll
2016-01-21 11:22 . 2016-01-25 09:14 -------- d-----w- c:\users\kristian\AppData\Roaming\vlc
2016-01-21 11:12 . 2016-01-21 11:17 -------- d-----w- c:\programdata\Free Online TV
2016-01-18 17:10 . 2016-01-18 17:10 -------- d-----w- c:\users\kristian\AppData\Roaming\Avira
2016-01-18 16:50 . 2015-12-03 14:24 55456 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2016-01-18 16:50 . 2015-12-03 14:24 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2016-01-18 16:50 . 2015-12-03 14:24 136272 ----a-w- c:\windows\system32\drivers\avipbb.sys
2016-01-18 16:50 . 2015-12-03 14:24 106968 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2016-01-18 16:19 . 2016-01-18 16:53 -------- d-----w- c:\program files\Avira
2016-01-18 16:19 . 2016-01-18 16:50 -------- d-----w- c:\programdata\Avira
2016-01-18 16:01 . 2016-01-18 16:01 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-01-18 11:38 . 2016-01-18 11:55 -------- d-----w- c:\programdata\EPS
2016-01-18 11:38 . 2016-01-18 11:38 -------- d-----w- c:\program files\Didsoft
2016-01-16 10:09 . 2016-01-16 10:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.7056.dll
2016-01-14 21:00 . 2016-01-14 21:00 -------- d-----w- c:\programdata\Steam
2016-01-14 14:52 . 2016-01-14 19:32 -------- d-----w- c:\program files\Total War ROME II
2016-01-13 18:22 . 2016-01-13 18:22 -------- d-----w- c:\users\kristian\AppData\Roaming\The Creative Assembly
2016-01-13 07:44 . 2016-01-13 07:44 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.2736.dll
2016-01-12 11:49 . 2016-01-12 11:49 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.4724.dll
2016-01-07 17:26 . 2016-01-07 17:26 -------- d-----w- c:\users\kristian\AppData\Roaming\MAGIX
2016-01-07 17:26 . 2016-01-07 17:26 -------- d-----w- c:\programdata\MAGIX
2016-01-07 17:25 . 2016-01-07 17:25 -------- d-----w- c:\users\kristian\AppData\Local\Opera Software
2016-01-07 17:25 . 2016-01-07 17:25 -------- d-----w- c:\users\kristian\AppData\Roaming\Opera Software
2016-01-07 17:25 . 2016-01-21 16:45 -------- d-----w- c:\program files\Opera
2016-01-07 17:21 . 2015-05-06 15:54 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2016-01-07 17:20 . 2016-01-15 12:14 -------- d-----w- C:\KMPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-23 17:28 . 2015-08-09 18:39 95840 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-01-23 03:45 . 2015-08-05 07:32 3258664 ----a-w- c:\windows\system32\nvapi.dll
2016-01-23 03:45 . 2015-08-05 07:32 14016768 ----a-w- c:\windows\system32\nvd3dum.dll
2016-01-23 03:45 . 2015-02-19 23:19 16328088 ----a-w- c:\windows\system32\nvwgf2um.dll
2016-01-23 01:00 . 2015-08-05 07:33 3946432 ----a-w- c:\windows\system32\nvcpl.dll
2016-01-23 01:00 . 2015-08-05 07:33 2591288 ----a-w- c:\windows\system32\nvsvc.dll
2016-01-23 01:00 . 2015-12-23 15:14 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-01-23 01:00 . 2015-12-23 15:14 436160 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-01-23 01:00 . 2015-08-05 07:33 941504 ----a-w- c:\windows\system32\nvvsvc.exe
2016-01-23 01:00 . 2015-08-05 07:33 68544 ----a-w- c:\windows\system32\nvshext.dll
2016-01-23 01:00 . 2015-08-05 07:33 381888 ----a-w- c:\windows\system32\nvmctray.dll
2016-01-23 01:00 . 2015-08-05 07:33 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-01-12 04:41 . 2015-08-08 07:57 1542600 ----a-w- c:\windows\system32\nvspcap.dll
2016-01-12 04:41 . 2015-12-02 09:17 91568 ----a-w- c:\windows\system32\NvRtmpStreamer32.dll
2016-01-12 04:41 . 2015-08-08 07:57 1316184 ----a-w- c:\windows\system32\nvspbridge.dll
2016-01-01 10:16 . 2016-01-01 10:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.7432.dll
2015-12-29 15:24 . 2015-12-29 15:24 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.5084.dll
2015-12-28 12:20 . 2015-12-28 12:20 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.4852.dll
2015-12-23 14:43 . 2015-12-23 14:43 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.6640.dll
2015-12-22 19:29 . 2015-12-22 19:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.1948.dll
2015-12-19 16:35 . 2015-12-19 16:35 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.1784.dll
2015-12-18 18:11 . 2015-09-23 08:30 44608 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2015-12-16 17:04 . 2015-12-23 15:12 917112 ----a-w- c:\windows\system32\nvdispgenco3236143.dll
2015-12-16 17:04 . 2015-12-23 15:12 1060144 ----a-w- c:\windows\system32\nvdispco3236143.dll
2015-12-01 11:39 . 2015-12-01 11:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.6140.dll
2015-11-24 22:48 . 2015-12-02 09:42 35984 ----a-w- c:\windows\system32\nvhdap32.dll
2015-11-24 22:48 . 2015-12-02 09:42 170128 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2015-11-24 22:48 . 2015-12-02 09:41 916784 ----a-w- c:\windows\system32\nvdispgenco3235906.dll
2015-11-24 22:48 . 2015-12-02 09:41 1053488 ----a-w- c:\windows\system32\nvdispco3235906.dll
2015-11-24 22:48 . 2015-08-05 07:33 105080 ----a-w- c:\windows\system32\OpenCL.dll
2015-11-24 22:48 . 2015-02-19 23:19 926520 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2015-11-17 15:13 . 2015-11-17 15:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.5860.dll
2015-11-16 20:40 . 2015-11-16 20:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.5368.dll
2015-11-15 12:18 . 2015-11-15 12:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.5812.dll
2015-11-11 20:38 . 2015-11-11 20:38 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.4916.dll
2015-11-10 14:41 . 2015-11-10 14:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.3656.dll
2015-11-09 19:40 . 2015-11-09 19:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.3564.dll
2015-11-03 20:31 . 2015-11-03 20:31 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.4904.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-01-15 6628056]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 3576664]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2015-11-04 22790776]
"cz.seznam.software.autoupdate"="c:\users\kristian\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\kristian\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-01-12 2787264]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2016-01-12 1542600]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-13 1085656]
"Avira SystrayStartTrigger"="c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-12-08 66320]
"avgnt"="c:\program files\Avira\Antivirus\avgnt.exe" [2015-12-03 803200]
"EasySettingBox"="c:\program files\Samsung\Easy Setting Box\EasySettingBox.exe" [2014-06-18 463360]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-10-26 11680400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-12-22 596528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-08-05 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2015-8-5 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-11-17 16:15 50509440 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-12-14 20:01 3013712 ----a-w- c:\program files\Steam\Steam.exe
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\Antivirus\avmailc7.exe [2015-12-03 948392]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\Antivirus\avwebg7.exe [2015-12-03 1418560]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 cpuz137;cpuz137;c:\program files\CPUID\PC Wizard 2013\pcwiz_x32.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-06-19 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-21 91136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2015-07-06 45800]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2015-04-29 20256]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-12-03 37896]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\Antivirus\sched.exe [2015-12-03 466408]
S2 Avira.ServiceHost;Avira Service Host;c:\program files\Avira\Launcher\Avira.ServiceHost.exe [2015-12-08 251160]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-12-03 55456]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-12 929728]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-12 1879488]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-01-12 3996608]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-01-23 424384]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1034584]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2015-08-14 25016]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-12 25536]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-01-12 5178816]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2015-12-18 42128]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-06-17 718552]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-29 07:21 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-05 09:38]
.
2016-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-05 09:38]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
TCP: DhcpNameServer = 192.168.100.1
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\gsvvxlqr.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-AdobeBridge - (no file)
AddRemove-Papers, Please_is1 - c:\program files\Papers
AddRemove-{4cde0c8c-47b3-448f-babf-fe5d392432a6} - c:\programdata\Package Cache\{4cde0c8c-47b3-448f-babf-fe5d392432a6}\TypeScript_Full.exe
AddRemove-{4fcf070a-daac-45e9-a8b0-6850941f7ed8} - c:\programdata\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe
AddRemove-{50b32652-69d2-4b93-9316-edcd12067b8b} - c:\programdata\Package Cache\{50b32652-69d2-4b93-9316-edcd12067b8b}\vs_community.exe
AddRemove-{74d0e5db-b326-4dae-a6b2-445b9de1836e} - c:\programdata\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{eac7da46-2097-4dd4-80a6-8b67cbb2b23f} - c:\programdata\Package Cache\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}\Avira.OE.Setup.Bundle.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\Antivirus\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
c:\windows\system32\GWX\GWX.exe
c:\program files\Avira\Antivirus\avshadow.exe
c:\windows\system32\sppsvc.exe
c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\users\kristian\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
c:\program files\Avira\Launcher\Avira.Systray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2016-02-01 13:16:18 - machine was rebooted
ComboFix-quarantined-files.txt 2016-02-01 12:16
.
Pre-Run: 822 950 346 752 bytes free
Post-Run: 822 868 467 712 bytes free
.
- - End Of File - - 62BEF8678F3FA900BD0B450FA460628C
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 01 úno 2016 16:58

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\system32\drivers\EpfwLWF.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Skype\Updater
c:\program files\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Kronos · Příspěvekod **Kronos** » 01 úno 2016 17:48

Po použití KomboFix mi to vyhodilo toto: Unable to start process 'C:\Users\kristian\AppData\Roaming\Seznam.cz\sznsetup.exe -V' Error nr: 1018 - Vyskytol sa pokus o nepovolenú operáciu s kľúčom databázy Registry, ktorý bol označený na odstránenie.

-----
LightSpeed::UnableToStartProcessException::UnableToStartProcessException(364): Exception: Unable to start process 'C:\Users\kristian\AppData\Roaming\Seznam.cz\sznsetup.exe -V' Error nr: 1018 - Vyskytol sa pokus o nepovolenú operáciu s kľúčom databázy Registry, ktorý bol označený na odstránenie.
(class LightSpeed::UnableToStartProcessException, LightSpeed::UnableToStartProcessException::UnableToStartProcessException)

Log:

ComboFix 16-01-31.01 - kristian . 02. 2016 17:28:26.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3291.2222 [GMT 1:00]
Running from: c:\users\kristian\Desktop\ComboFix.exe
Command switches used :: c:\users\kristian\Desktop\CFScript.txt
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\EpfwLWF.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdate.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateWebPlugin.exe
c:\program files\Google\Update\1.3.29.1\goopdate.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_am.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ar.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_bg.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_bn.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ca.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_cs.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_da.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_de.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_el.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_en.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_es.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_et.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fa.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fi.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fil.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_gu.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_hi.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_hr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_hu.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_id.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_is.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_it.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_iw.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ja.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_kn.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ko.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_lt.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_lv.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ml.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_mr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ms.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_nl.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_no.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_pl.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ro.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ru.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sk.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sl.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sv.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sw.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ta.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_te.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_th.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_tr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_uk.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ur.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_vi.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.29.1\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.29.1\psmachine.dll
c:\program files\Google\Update\1.3.29.1\psmachine_64.dll
c:\program files\Google\Update\1.3.29.1\psuser.dll
c:\program files\Google\Update\1.3.29.1\psuser_64.dll
c:\program files\Google\Update\Download\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\1.26.0707.2863\gsync.msi
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.29.1\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.97\48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\system32\drivers\EpfwLWF.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2016-01-01 to 2016-02-01 )))))))))))))))))))))))))))))))
.
.
2016-02-01 16:34 . 2016-02-01 16:40 -------- d-----w- c:\users\kristian\AppData\Local\temp
2016-02-01 16:34 . 2016-02-01 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-01 11:40 . 2016-02-01 11:25 24064 ----a-w- c:\windows\zoek-delete.exe
2016-02-01 11:25 . 2016-02-01 11:37 -------- d-----w- C:\zoek_backup
2016-01-31 19:04 . 2016-02-01 10:59 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-01-31 19:04 . 2016-01-31 19:19 -------- d-----w- c:\programdata\RogueKiller
2016-01-31 16:26 . 2016-01-31 16:27 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-31 16:26 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-01-31 16:26 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-01-31 16:26 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-01-31 16:26 . 2016-01-31 16:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-01-31 16:12 . 2016-01-31 18:48 -------- d-----w- C:\AdwCleaner
2016-01-30 18:36 . 2016-01-23 00:47 110016 ----a-w- c:\windows\system32\nvStreaming.exe
2016-01-30 16:34 . 2016-01-30 16:37 -------- d-----w- C:\FRST
2016-01-30 10:11 . 2016-01-30 10:11 -------- d-----w- c:\users\kristian\AppData\Local\ElevatedDiagnostics
2016-01-27 11:24 . 2016-01-27 11:24 -------- d-----w- c:\programdata\Malwarebytes
2016-01-25 11:59 . 2016-01-25 11:59 -------- d-----w- C:\Games
2016-01-23 17:29 . 2016-01-23 17:29 -------- d-----w- c:\program files\Common Files\Java
2016-01-22 19:12 . 2016-01-22 19:12 -------- d-----w- c:\windows\system32\RTCOM
2016-01-22 19:10 . 2011-08-23 09:00 357712 ----a-w- c:\windows\system32\KAAPORT.dll
2016-01-22 19:09 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2016-01-22 18:46 . 2016-01-22 18:46 -------- d-----w- c:\users\kristian\AppData\Roaming\EasySettingBox
2016-01-22 18:44 . 2016-01-22 18:44 -------- d-----w- c:\program files\Samsung
2016-01-22 18:41 . 2016-01-22 18:41 -------- d-----w- c:\program files\MonitorDriver
2016-01-22 18:40 . 2016-01-22 18:40 -------- d-----w- c:\users\kristian\AppData\Roaming\InstallShield
2016-01-22 18:30 . 2015-12-18 06:11 42128 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2016-01-22 18:30 . 2015-12-18 06:10 90768 ----a-w- c:\windows\system32\nvaudcap32v.dll
2016-01-21 11:22 . 2016-01-25 09:14 -------- d-----w- c:\users\kristian\AppData\Roaming\vlc
2016-01-21 11:12 . 2016-01-21 11:17 -------- d-----w- c:\programdata\Free Online TV
2016-01-18 17:10 . 2016-01-18 17:10 -------- d-----w- c:\users\kristian\AppData\Roaming\Avira
2016-01-18 16:50 . 2015-12-03 14:24 55456 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2016-01-18 16:50 . 2015-12-03 14:24 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2016-01-18 16:50 . 2015-12-03 14:24 136272 ----a-w- c:\windows\system32\drivers\avipbb.sys
2016-01-18 16:50 . 2015-12-03 14:24 106968 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2016-01-18 16:19 . 2016-01-18 16:53 -------- d-----w- c:\program files\Avira
2016-01-18 16:19 . 2016-01-18 16:50 -------- d-----w- c:\programdata\Avira
2016-01-18 16:01 . 2016-01-18 16:01 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-01-18 11:38 . 2016-01-18 11:55 -------- d-----w- c:\programdata\EPS
2016-01-18 11:38 . 2016-01-18 11:38 -------- d-----w- c:\program files\Didsoft
2016-01-16 10:09 . 2016-01-16 10:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.7056.dll
2016-01-14 21:00 . 2016-01-14 21:00 -------- d-----w- c:\programdata\Steam
2016-01-14 14:52 . 2016-01-14 19:32 -------- d-----w- c:\program files\Total War ROME II
2016-01-13 18:22 . 2016-01-13 18:22 -------- d-----w- c:\users\kristian\AppData\Roaming\The Creative Assembly
2016-01-13 07:44 . 2016-01-13 07:44 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.2736.dll
2016-01-12 11:49 . 2016-01-12 11:49 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.4724.dll
2016-01-07 17:26 . 2016-01-07 17:26 -------- d-----w- c:\users\kristian\AppData\Roaming\MAGIX
2016-01-07 17:26 . 2016-01-07 17:26 -------- d-----w- c:\programdata\MAGIX
2016-01-07 17:25 . 2016-01-07 17:25 -------- d-----w- c:\users\kristian\AppData\Local\Opera Software
2016-01-07 17:25 . 2016-01-07 17:25 -------- d-----w- c:\users\kristian\AppData\Roaming\Opera Software
2016-01-07 17:25 . 2016-01-21 16:45 -------- d-----w- c:\program files\Opera
2016-01-07 17:21 . 2015-05-06 15:54 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2016-01-07 17:20 . 2016-01-15 12:14 -------- d-----w- C:\KMPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-23 17:28 . 2015-08-09 18:39 95840 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-01-23 03:45 . 2015-08-05 07:32 3258664 ----a-w- c:\windows\system32\nvapi.dll
2016-01-23 03:45 . 2015-08-05 07:32 14016768 ----a-w- c:\windows\system32\nvd3dum.dll
2016-01-23 03:45 . 2015-02-19 23:19 16328088 ----a-w- c:\windows\system32\nvwgf2um.dll
2016-01-23 01:00 . 2015-08-05 07:33 3946432 ----a-w- c:\windows\system32\nvcpl.dll
2016-01-23 01:00 . 2015-08-05 07:33 2591288 ----a-w- c:\windows\system32\nvsvc.dll
2016-01-23 01:00 . 2015-12-23 15:14 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-01-23 01:00 . 2015-12-23 15:14 436160 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-01-23 01:00 . 2015-08-05 07:33 941504 ----a-w- c:\windows\system32\nvvsvc.exe
2016-01-23 01:00 . 2015-08-05 07:33 68544 ----a-w- c:\windows\system32\nvshext.dll
2016-01-23 01:00 . 2015-08-05 07:33 381888 ----a-w- c:\windows\system32\nvmctray.dll
2016-01-23 01:00 . 2015-08-05 07:33 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-01-12 04:41 . 2015-08-08 07:57 1542600 ----a-w- c:\windows\system32\nvspcap.dll
2016-01-12 04:41 . 2015-12-02 09:17 91568 ----a-w- c:\windows\system32\NvRtmpStreamer32.dll
2016-01-12 04:41 . 2015-08-08 07:57 1316184 ----a-w- c:\windows\system32\nvspbridge.dll
2016-01-01 10:16 . 2016-01-01 10:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.7432.dll
2015-12-29 15:24 . 2015-12-29 15:24 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.5084.dll
2015-12-28 12:20 . 2015-12-28 12:20 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.4852.dll
2015-12-23 14:43 . 2015-12-23 14:43 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.6640.dll
2015-12-22 19:29 . 2015-12-22 19:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.1948.dll
2015-12-19 16:35 . 2015-12-19 16:35 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.1784.dll
2015-12-16 17:04 . 2015-12-23 15:12 917112 ----a-w- c:\windows\system32\nvdispgenco3236143.dll
2015-12-16 17:04 . 2015-12-23 15:12 1060144 ----a-w- c:\windows\system32\nvdispco3236143.dll
2015-12-01 11:39 . 2015-12-01 11:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.6140.dll
2015-11-24 22:48 . 2015-12-02 09:42 35984 ----a-w- c:\windows\system32\nvhdap32.dll
2015-11-24 22:48 . 2015-12-02 09:42 170128 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2015-11-24 22:48 . 2015-12-02 09:41 916784 ----a-w- c:\windows\system32\nvdispgenco3235906.dll
2015-11-24 22:48 . 2015-12-02 09:41 1053488 ----a-w- c:\windows\system32\nvdispco3235906.dll
2015-11-24 22:48 . 2015-08-05 07:33 105080 ----a-w- c:\windows\system32\OpenCL.dll
2015-11-24 22:48 . 2015-02-19 23:19 926520 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2015-11-17 15:13 . 2015-11-17 15:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.5860.dll
2015-11-16 20:40 . 2015-11-16 20:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.5368.dll
2015-11-15 12:18 . 2015-11-15 12:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.5812.dll
2015-11-11 20:38 . 2015-11-11 20:38 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.4916.dll
2015-11-10 14:41 . 2015-11-10 14:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.3656.dll
2015-11-09 19:40 . 2015-11-09 19:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.3564.dll
2015-11-03 20:31 . 2015-11-03 20:31 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F22FC614-E5C6-4C8B-954A-540BD87B66C9}\offreg.4904.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-01-15 6628056]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 3576664]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2015-11-04 22790776]
"cz.seznam.software.autoupdate"="c:\users\kristian\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\kristian\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-01-12 2787264]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2016-01-12 1542600]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-13 1085656]
"Avira SystrayStartTrigger"="c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-12-08 66320]
"avgnt"="c:\program files\Avira\Antivirus\avgnt.exe" [2015-12-03 803200]
"EasySettingBox"="c:\program files\Samsung\Easy Setting Box\EasySettingBox.exe" [2014-06-18 463360]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-10-26 11680400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-12-22 596528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-08-05 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2015-8-5 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-11-17 16:15 50509440 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-12-14 20:01 3013712 ----a-w- c:\program files\Steam\Steam.exe
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\Antivirus\avmailc7.exe [2015-12-03 948392]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\Antivirus\avwebg7.exe [2015-12-03 1418560]
R3 cpuz137;cpuz137;c:\program files\CPUID\PC Wizard 2013\pcwiz_x32.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-06-19 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-21 91136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2015-07-06 45800]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2015-04-29 20256]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-12-03 37896]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\Antivirus\sched.exe [2015-12-03 466408]
S2 Avira.ServiceHost;Avira Service Host;c:\program files\Avira\Launcher\Avira.ServiceHost.exe [2015-12-08 251160]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-12-03 55456]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-12 929728]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-12 1879488]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-01-12 3996608]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-01-23 424384]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1034584]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2015-08-14 25016]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-12 25536]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-01-12 5178816]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2015-12-18 42128]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-06-17 718552]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NVSTREAMKMS
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-29 07:21 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.97\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
TCP: DhcpNameServer = 192.168.100.1
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\gsvvxlqr.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\Antivirus\avguard.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\GWX\GWX.exe
c:\program files\Avira\Antivirus\avshadow.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
c:\windows\system32\conhost.exe
c:\users\kristian\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
c:\program files\Avira\Launcher\Avira.Systray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2016-02-01 17:43:48 - machine was rebooted
ComboFix-quarantined-files.txt 2016-02-01 16:43
ComboFix2.txt 2016-02-01 12:16
.
Pre-Run: 822 922 326 016 bytes free
Post-Run: 822 733 074 432 bytes free
.
- - End Of File - - 487963D8773B68791434C30CFFD769BA
A36C5E4F47E84449FF07ED3517B43A31

Kronos · Příspěvekod **Kronos** » 01 úno 2016 18:00

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:53:02, on 1. 2. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17909)

FIREFOX: 39.0 (x86 sk)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Avira\Antivirus\avgnt.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\kristian\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\kristian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll
O2 - BHO: AviraBrowserSafety.BrowserSafety - {c3c77255-42c0-499f-b664-6e981a0b1647} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [EasySettingBox] C:\Program Files\Samsung\Easy Setting Box\EasySettingBox.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\kristian\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\kristian\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Avira Browser Safety - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - mscoree.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 7143 bytes

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-02-01 17:55:25
-----------------------------
17:55:25.014 OS Version: Windows 6.1.7601 Service Pack 1
17:55:25.014 Number of processors: 4 586 0x1E05
17:55:25.014 ComputerName: KRISTIAN-PC UserName: kristian
17:55:53.047 Initialize success
17:55:53.094 VM: initialized successfully
17:55:53.094 VM: Intel CPU supported
17:57:04.413 VM: supported disk I/O ataport.SYS
17:57:21.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
17:57:21.090 Disk 0 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 3
17:57:21.199 Disk 0 MBR read successfully
17:57:21.199 Disk 0 MBR scan
17:57:21.215 Disk 0 Windows 7 default MBR code
17:57:21.215 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:57:21.231 Disk 0 default boot code
17:57:21.231 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
17:57:21.246 Disk 0 scanning sectors +1953521664
17:57:21.309 Disk 0 scanning C:\Windows\system32\drivers
17:57:25.973 Service scanning
17:57:35.676 Modules scanning
17:57:35.692 Disk 0 trace - called modules:
17:57:35.707 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:57:35.723 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xc3637030]
17:57:35.739 3 CLASSPNP.SYS[c97a959e] -> nt!IofCallDriver -> [0xc30e4328]
17:57:35.739 5 ACPI.sys[c92173d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-6[0xc3160908]
17:57:35.754 Disk 0 statistics 76857/0/0 @ 9,40 MB/s
17:57:35.754 Scan finished successfully
17:57:58.047 Disk 0 MBR has been saved successfully to "C:\Users\kristian\Desktop\MBR.dat"
17:57:58.047 The log file has been saved successfully to "C:\Users\kristian\Desktop\aswMBR.txt"

Samovoľné deaktivovanie okna vo win7. Vyřešeno

Samovoľné deaktivovanie okna vo win7.

Re: Samovoľné deaktivovanie okna vo win7.

Re: Samovoľné deaktivovanie okna vo win7.

Re: Samovoľné deaktivovanie okna vo win7.

Re: Samovoľné deaktivovanie okna vo win7.

Re: Samovoľné deaktivovanie okna vo win7.

Re: Samovoľné deaktivovanie okna vo win7.

Re: Samovoľné deaktivovanie okna vo win7.

Re: Samovoľné deaktivovanie okna vo win7.

Re: Samovoľné deaktivovanie okna vo win7.

Re: Samovoľné deaktivovanie okna vo win7.

Re: Samovoľné deaktivovanie okna vo win7.

Kdo je online