Prosim o kontrolu logu

Příspěvekod **jaro3** » 30 lis 2016 23:42

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Reklama

bill.da · Příspěvekod **bill.da** » 01 pro 2016 07:40

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by top on źt 01.12.2016 at 7:13:25,14.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\top\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1.12.2016 7:14:17 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Origin Games deleted successfully
C:\PROGRA~2\Seznam.cz deleted successfully
C:\PROGRA~3\ProductData deleted successfully
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} deleted successfully
C:\Users\top\AppData\Roaming\MPC-HC deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Origin Games not found
C:\PROGRA~2\Seznam.cz not found
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} not found
C:\Users\top\AppData\Local\Seznam.cz deleted
C:\Users\top\AppData\Roaming\Seznam Browser deleted
C:\Users\top\AppData\Roaming\ProductData deleted
C:\windows\SysNative\tasks\ASC9_PerformanceMonitor deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\found.000" deleted

==== Orphaned Tasks deleted from Registry ======================

ASC9_PerformanceMonitor deleted
ESET Windows 10 upgrade - Refresh settings deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fe_7.0@nokia.com"="C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0" [28.10.2015 17:29]

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{1F1BDB41-82DD-4D2E-8BFA-7B8EA7BFB1B8} - http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12
HKCU\SearchScopes\{2A59445B-BF62-4183-82B7-B8E320545969} - https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on Users Desktops ======================

C:\Users\top\Desktop\Barbie(TM) Deníček - Tajemství střední školy.lnk -
C:\Users\top\Desktop\Disk (E) – zástupce.lnk -
C:\Users\top\Desktop\Dokumenty – zástupce.lnk -
C:\Users\top\Desktop\EVEREST Ultimate Edition.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\top\Desktop\frd – zástupce.lnk -
C:\Users\top\Desktop\Hřebčín.lnk -
C:\Users\top\Desktop\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\top\Desktop\MSS-FFF739 – zástupce.lnk -
C:\Users\top\Desktop\My Horse and Me 2 – zástupce.lnk -
C:\Users\top\Desktop\Místní disk (D) – zástupce.lnk -
C:\Users\top\Desktop\Seznam.cz.lnk - C:\Users\top\AppData\Roaming\Seznam Browser\Seznam.cz.exe
C:\Users\top\Desktop\TS3.lnk - C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe
C:\Users\Public\Desktop\Advanced SystemCare 9.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /manual
C:\Users\Public\Desktop\Ashampoo Burning Studio 10.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\Barbie(TM) Módní přehlídka.lnk -
C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk - C:\Program Files (x86)\Activision\Modern Warfare 2\iw4sp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLauncher.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Nokia Suite.lnk - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Users\Public\Desktop\PolarEditOctagon10x8.lnk - C:\Program Files (x86)\PolarEditOctagon10x8\PolarEdit1018.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\RevoUnin.exe
C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk - C:\Windows\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
C:\Users\Public\Desktop\Star Stable 2.lnk - C:\Program Files (x86)\Stabenfeldt\Star Stable 2\PXStudioEngine.exe
C:\Users\Public\Desktop\The Sims 4.lnk - C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe

==== shortcuts in Users Start Menu ======================

C:\Users\top\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam Pošťák.lnk -
C:\Users\top\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.lnk - C:\Users\top\AppData\Roaming\Seznam Browser\Seznam.cz.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision\Play Call of Duty Modern Warfare 2 Multiplayer.lnk - C:\Program Files (x86)\Activision\Modern Warfare 2\iw4mp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision\Play Call of Duty Modern Warfare 2 Singleplayer.lnk - C:\Program Files (x86)\Activision\Modern Warfare 2\iw4sp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision\Uninstall Call of Duty Modern Warfare 2.lnk - C:\Program Files (x86)\Activision\Modern Warfare 2\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Advanced SystemCare 9.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /manual
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Odinstalovat aplikaci Advanced SystemCare.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Protect.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /Protect
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Speed Up.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /turboboost
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Toolbox.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /toolbox
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 10\Ashampoo Burning Studio 10 Gadget.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\gadget\bs10.gadget
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 10\Ashampoo Burning Studio 10.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 10\Backup Extractor.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\backupextractor10.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 10\Help.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\lang\BurningStudio-en-us.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 10\Readme.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\readme_en.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 10\Uninstall Ashampoo Burning Studio 10.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barbie(TM)\Barbie(TM) Deníček - Tajemství střední školy\Barbie(TM) Deníček - Tajemství střední školy.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barbie(TM)\Barbie(TM) Deníček - Tajemství střední školy\Odinstalovat aplikaci Barbie(TM) Deníček - Tajemství střední školy.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barbie(TM)\Barbie(TM) Módní přehlídka\Barbie(TM) Módní přehlídka.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barbie(TM)\Barbie(TM) Módní přehlídka\Manuál.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barbie(TM)\Barbie(TM) Módní přehlídka\Odinstalovat.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barbie(TM)\Barbie(TM) Módní přehlídka\Readme.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\The Sims™ 3 Domácí mazlíčci.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\The Sims™ 3.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Odinstalovat aplikaci IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_112\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_112\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_112\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Odinstalovat aplikaci Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ochrana koncového bodu Trusteer\Konzola ochrany koncového bodu Trusteer.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ochrana koncového bodu Trusteer\Spustit ochranu koncového bodu Trusteer.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ochrana koncového bodu Trusteer\Zastavit ochranu koncového bodu Trusteer.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Odinstalovat Origin.lnk - C:\Program Files (x86)\Origin\OriginUninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Virus Removal Tool\Sophos Virus Removal Tool.lnk - C:\Windows\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stabenfeldt\Star Stable 2\Nápověda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stabenfeldt\Star Stable 2\Odinstalovat Star Stable 2.lnk - C:\Program Files (x86)\InstallShield Installation Information\{6DD86DE9-1AE7-41B0-9326-1A90E32BAE88}\setup.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stabenfeldt\Star Stable 2\Star Stable 2.lnk - C:\Program Files (x86)\Stabenfeldt\Star Stable 2\PXStudioEngine.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\top\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe
C:\Users\top\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\top\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\top\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\top\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\top\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b38c8a402571e3e7\Seznam.cz.lnk - C:\Users\top\AppData\Roaming\Seznam Browser\Seznam.cz.exe --user-data-dir="C:\Users\top\AppData\Local\Seznam.cz\User Data" --profile-directory=Default --app-id=ckjpageadhfekbilpnlbcjgbflimllbk
C:\Users\top\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\top\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\top\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\top\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe

==== shortcuts After Repair ======================

C:\Users\top\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b38c8a402571e3e7\Seznam.cz.lnk - C:\Users\top\AppData\Roaming\Seznam Browser\Seznam.cz.exe

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Seznam Browser deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\top\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\top\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1190 folders=180 230549707 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\top\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\top\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on źt 01.12.2016 at 7:37:56,64 ======================

bill.da · Příspěvekod **bill.da** » 01 pro 2016 08:12

ComboFix 16-11-13.01 - top 01.12.2016 7:46.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8192.5935 [GMT 1:00]
Spuštěný z: c:\users\top\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-11-01 do 2016-12-01 )))))))))))))))))))))))))))))))
.
.
2016-12-01 06:55 . 2016-12-01 06:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-12-01 06:55 . 2016-12-01 06:55 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2016-12-01 06:55 . 2016-12-01 06:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-12-01 06:38 . 2016-12-01 06:38 -------- d-----w- c:\users\top\AppData\Roaming\ProductData
2016-12-01 06:35 . 2016-12-01 06:13 24064 ----a-w- c:\windows\zoek-delete.exe
2016-12-01 06:35 . 2016-12-01 06:58 -------- d-----w- c:\users\top\AppData\Local\Temp
2016-12-01 06:35 . 2016-12-01 06:35 -------- d-----w- c:\programdata\ProductData
2016-12-01 06:13 . 2016-12-01 06:30 -------- d-----w- C:\zoek_backup
2016-11-30 17:19 . 2016-11-30 17:19 -------- d-----w- c:\programdata\Sophos
2016-11-30 17:18 . 2016-11-30 17:18 -------- d-----w- c:\program files (x86)\Sophos
2016-11-30 16:54 . 2016-11-30 16:54 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2016-11-30 09:41 . 2016-11-30 16:04 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-30 09:40 . 2016-11-30 09:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-11-30 09:40 . 2016-03-10 13:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-11-30 09:40 . 2016-03-10 13:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-11-30 09:40 . 2016-03-10 13:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-11-30 09:29 . 2016-11-30 16:50 -------- d-----w- C:\AdwCleaner
2016-11-29 06:56 . 2016-11-29 06:57 -------- d-----w- c:\users\top\AppData\Local\ashampoo
2016-11-29 06:54 . 2016-11-29 06:54 -------- d-----w- c:\program files (x86)\Ashampoo
2016-11-28 17:11 . 2016-11-28 17:11 -------- d-----w- c:\users\top\AppData\Local\Star Stable 2
2016-11-28 17:10 . 2016-11-28 17:10 -------- d-----w- c:\program files (x86)\Stabenfeldt
2016-11-28 07:18 . 2016-11-28 07:18 -------- d-----w- c:\users\top\AppData\Roaming\Mikrotik
2016-11-18 06:14 . 2016-11-18 06:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2016-11-15 06:51 . 2016-10-06 16:49 235184 ----a-w- c:\windows\system32\drivers\RapportHades64.sys
2016-11-15 06:51 . 2016-10-06 16:49 489712 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2016-11-15 06:49 . 2016-11-15 06:49 -------- d-----w- c:\users\top\AppData\Local\Trusteer
2016-11-15 06:48 . 2016-11-15 06:48 -------- d-----w- c:\program files (x86)\Trusteer
2016-11-15 06:44 . 2016-11-15 06:44 -------- d-----w- c:\programdata\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-01 05:37 . 2016-01-03 09:28 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-11-18 06:15 . 2016-11-18 06:15 345600 ----a-w- c:\windows\system32\schannel.dll
2016-11-18 06:15 . 2016-11-18 06:15 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-11-18 06:14 . 2016-11-18 06:14 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2016-11-18 06:14 . 2016-11-18 06:14 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-11-18 06:14 . 2016-11-18 06:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-11-09 14:11 . 2015-12-31 17:36 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-09 14:11 . 2015-12-31 17:36 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-09 10:35 . 2015-09-10 18:56 141011376 -c--a-w- c:\windows\system32\MRT.exe
2016-10-31 15:46 . 2015-12-31 17:05 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-10-22 07:51 . 2016-10-22 07:51 756736 ----a-w- c:\windows\system32\win32spl.dll
2016-10-22 07:51 . 2016-10-22 07:51 497152 ----a-w- c:\windows\SysWow64\win32spl.dll
2016-10-22 07:51 . 2016-10-22 07:51 41984 ----a-w- c:\windows\system32\UtcResources.dll
2016-10-22 07:51 . 2016-10-22 07:51 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-10-22 07:51 . 2016-10-22 07:51 2048 ----a-w- c:\windows\system32\tzres.dll
2016-10-22 07:51 . 2016-10-22 07:51 1386496 ----a-w- c:\windows\system32\diagtrack.dll
2016-09-25 14:02 . 2016-09-25 14:02 988160 ----a-w- c:\windows\SysWow64\drmv2clt.dll
2016-09-25 14:02 . 2016-09-25 14:02 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-09-25 14:02 . 2016-09-25 14:02 842240 ----a-w- c:\windows\system32\blackbox.dll
2016-09-25 14:02 . 2016-09-25 14:02 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-09-25 14:02 . 2016-09-25 14:02 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2016-09-25 14:02 . 2016-09-25 14:02 744960 ----a-w- c:\windows\SysWow64\blackbox.dll
2016-09-25 14:02 . 2016-09-25 14:02 641024 ----a-w- c:\windows\system32\msscp.dll
2016-09-25 14:02 . 2016-09-25 14:02 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2016-09-25 14:02 . 2016-09-25 14:02 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-09-25 14:02 . 2016-09-25 14:02 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-09-25 14:02 . 2016-09-25 14:02 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2016-09-25 14:02 . 2016-09-25 14:02 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-09-25 14:02 . 2016-09-25 14:02 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-09-25 14:02 . 2016-09-25 14:02 406016 ----a-w- c:\windows\SysWow64\drmmgrtn.dll
2016-09-25 14:02 . 2016-09-25 14:02 325632 ----a-w- c:\windows\system32\msnetobj.dll
2016-09-25 14:02 . 2016-09-25 14:02 14632960 ----a-w- c:\windows\system32\wmp.dll
2016-09-25 14:02 . 2016-09-25 14:02 12574720 ----a-w- c:\windows\system32\wmploc.DLL
2016-09-25 14:02 . 2016-09-25 14:02 12574208 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-09-25 14:02 . 2016-09-25 14:02 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2016-09-25 14:02 . 2016-09-25 14:02 94440 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2016-09-25 14:02 . 2016-09-25 14:02 81920 ----a-w- c:\windows\system32\cryptsp.dll
2016-09-25 14:02 . 2016-09-25 14:02 54272 ----a-w- c:\windows\SysWow64\WsmRes.dll
2016-09-25 14:02 . 2016-09-25 14:02 54272 ----a-w- c:\windows\system32\WsmRes.dll
2016-09-25 14:02 . 2016-09-25 14:02 504320 ----a-w- c:\windows\SysWow64\msscp.dll
2016-09-25 14:02 . 2016-09-25 14:02 461312 ----a-w- c:\windows\system32\scavengeui.dll
2016-09-25 14:02 . 2016-09-25 14:02 433152 ----a-w- c:\windows\system32\mfplat.dll
2016-09-25 14:02 . 2016-09-25 14:02 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2016-09-25 14:02 . 2016-09-25 14:02 347136 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2016-09-25 14:02 . 2016-09-25 14:02 310784 ----a-w- c:\windows\system32\WsmWmiPl.dll
2016-09-25 14:02 . 2016-09-25 14:02 266752 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2016-09-25 14:02 . 2016-09-25 14:02 265216 ----a-w- c:\windows\SysWow64\msnetobj.dll
2016-09-25 14:02 . 2016-09-25 14:02 249344 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2016-09-25 14:02 . 2016-09-25 14:02 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2016-09-25 14:02 . 2016-09-25 14:02 2023424 ----a-w- c:\windows\system32\WsmSvc.dll
2016-09-25 14:02 . 2016-09-25 14:02 199168 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2016-09-25 14:02 . 2016-09-25 14:02 182272 ----a-w- c:\windows\system32\WsmAuto.dll
2016-09-25 14:02 . 2016-09-25 14:02 146944 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2016-09-25 14:02 . 2016-09-25 14:02 13824 ----a-w- c:\windows\system32\wsmprovhost.exe
2016-09-25 14:02 . 2016-09-25 14:02 12800 ----a-w- c:\windows\system32\wsmplpxy.dll
2016-09-25 14:02 . 2016-09-25 14:02 12288 ----a-w- c:\windows\SysWow64\wsmprovhost.exe
2016-09-25 14:02 . 2016-09-25 14:02 1178112 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2016-09-25 14:02 . 2016-09-25 14:02 11264 ----a-w- c:\windows\system32\msmmsp.dll
2016-09-25 14:02 . 2016-09-25 14:02 1068544 ----a-w- c:\windows\system32\cryptui.dll
2016-09-25 14:02 . 2016-09-25 14:02 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
2016-09-25 14:02 . 2016-09-25 14:02 680448 ----a-w- c:\windows\system32\audiosrv.dll
2016-09-25 14:02 . 2016-09-25 14:02 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2016-09-25 14:02 . 2016-09-25 14:02 499712 ----a-w- c:\windows\system32\AUDIOKSE.dll
2016-09-25 14:02 . 2016-09-25 14:02 442368 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2016-09-25 14:02 . 2016-09-25 14:02 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2016-09-25 14:02 . 2016-09-25 14:02 295936 ----a-w- c:\windows\system32\AudioSes.dll
2016-09-25 14:02 . 2016-09-25 14:02 284672 ----a-w- c:\windows\system32\EncDump.dll
2016-09-25 14:02 . 2016-09-25 14:02 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-09-25 14:02 . 2016-09-25 14:02 195072 ----a-w- c:\windows\SysWow64\AudioSes.dll
2016-09-25 14:02 . 2016-09-25 14:02 9728 ----a-w- c:\windows\system32\pcalua.exe
2016-09-25 14:02 . 2016-09-25 14:02 8704 ----a-w- c:\windows\system32\pcaevts.dll
2016-09-25 14:02 . 2016-09-25 14:02 80896 ----a-w- c:\windows\SysWow64\cryptsp.dll
2016-09-25 14:02 . 2016-09-25 14:02 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2016-09-25 14:02 . 2016-09-25 14:02 440320 ----a-w- c:\windows\system32\AudioEng.dll
2016-09-25 14:02 . 2016-09-25 14:02 37376 ----a-w- c:\windows\system32\pcadm.dll
2016-09-25 14:02 . 2016-09-25 14:02 371712 ----a-w- c:\windows\system32\qdvd.dll
2016-09-25 14:02 . 2016-09-25 14:02 3209216 ----a-w- c:\windows\SysWow64\mf.dll
2016-09-25 14:02 . 2016-09-25 14:02 187904 ----a-w- c:\windows\system32\pcasvc.dll
2016-09-25 14:02 . 2016-09-25 14:02 1573888 ----a-w- c:\windows\system32\quartz.dll
2016-09-25 14:02 . 2016-09-25 14:02 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2016-09-25 14:02 . 2016-09-25 14:02 125952 ----a-w- c:\windows\system32\audiodg.exe
2016-09-25 14:02 . 2016-09-25 14:02 11264 ----a-w- c:\windows\system32\pcawrk.exe
2016-09-25 14:02 . 2016-09-25 14:02 1005056 ----a-w- c:\windows\SysWow64\cryptui.dll
2016-09-25 14:02 . 2016-09-25 14:02 632320 ----a-w- c:\windows\system32\evr.dll
2016-09-25 14:02 . 2016-09-25 14:02 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2016-09-25 14:02 . 2016-09-25 14:02 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2016-09-25 14:02 . 2016-09-25 14:02 489984 ----a-w- c:\windows\SysWow64\evr.dll
2016-09-25 14:02 . 2016-09-25 14:02 4121600 ----a-w- c:\windows\system32\mf.dll
2016-09-25 14:02 . 2016-09-25 14:02 24576 ----a-w- c:\windows\system32\mfpmp.exe
2016-09-25 14:02 . 2016-09-25 14:02 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2016-09-25 14:02 . 2016-09-25 14:02 206848 ----a-w- c:\windows\system32\mfps.dll
2016-09-25 14:02 . 2016-09-25 14:02 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2016-09-25 14:02 . 2016-09-25 14:02 2048 ----a-w- c:\windows\system32\mferror.dll
2016-09-25 14:02 . 2016-09-25 14:02 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2016-09-25 14:00 . 2016-09-25 14:00 3229696 ----a-w- c:\windows\explorer.exe
2016-09-25 14:00 . 2016-09-25 14:00 2972672 ----a-w- c:\windows\SysWow64\explorer.exe
2016-09-25 14:00 . 2016-09-25 14:00 1941504 ----a-w- c:\windows\system32\authui.dll
2016-09-25 14:00 . 2016-09-25 14:00 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-09-25 14:00 . 2016-09-25 14:00 1806848 ----a-w- c:\windows\SysWow64\authui.dll
2016-09-25 14:00 . 2016-09-25 14:00 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 9"="c:\program files (x86)\IObit\Advanced SystemCare\ASCTray.exe" [2016-07-27 2023712]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-02-10 50599552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 7ByteIo;7ByteIo; [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
R3 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R3 cpuz135;cpuz135; [x]
R3 cpuz137;cpuz137; [x]
R3 cpuz138;cpuz138;c:\users\top\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\top\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MEDCServerComponent-Apache;MEDC Server Component - Apache;c:\manageengine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe;c:\manageengine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssinstall;SInstalátor;c:\windows\SysWOW64\ssins.exe;c:\windows\SysWOW64\ssins.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm258.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 RapportCerberus_1609053;RapportCerberus_1609053;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AdvancedSystemCareService9;Advanced SystemCare Service 9;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2016-11-26 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-09 14:11]
.
2016-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-31 14:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-11-12 08:39 2472224 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 4030008]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
.
**************************************************************************
.
Celkový čas: 2016-12-01 08:10:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-12-01 07:10
.
Před spuštěním: Volných bajtů: 35 218 735 104
Po spuštění: Volných bajtů: 34 700 677 120
.
- - End Of File - - 981F84168A7A255F38BB8F265FF33FD5
413FC2A0C716421B3158746D63736515

Příspěvekod **jaro3** » 01 pro 2016 11:13

Kde je log z RK po výmazech?

Odinstaluj:
AdvancedSystemCareService9

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\Adobe Flash Player Updater.job

Driver::
cpuz135
cpuz137

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

bill.da · Příspěvekod **bill.da** » 01 pro 2016 13:48

Smazl jsem ten AdvancedSystemCareService9 a udelal ten sken co chyběl.

bill.da · Příspěvekod **bill.da** » 01 pro 2016 13:49

RogueKiller V12.8.3.0 (x64) [Nov 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : top [Práva správce]
Started from : C:\Users\top\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 12/01/2016 13:12:41 (Duration : 00:31:36)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1220894994-1509848511-4111069859-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1220894994-1509848511-4111069859-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 0551257f0fb1d647b5003065929b0c64
[BSP] bc0806a5187bb02ad33d88e2144735ad : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD403LJ SCSI Disk Device +++++
--- User ---
[MBR] 79fee6c9ef91a46459fe77f966dd633e
[BSP] 43d06aeb00fffbc4f2ca30b6dcdc9366 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 128697 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 263573504 | Size: 449 MB
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 264494160 | Size: 252404 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )

+++++ PhysicalDrive2: Generic USB SD Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB CF Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB SM Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic USB MS Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

bill.da · Příspěvekod **bill.da** » 01 pro 2016 14:24

ComboFix 16-11-13.01 - top 01.12.2016 13:59:14.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8192.5972 [GMT 1:00]
Spuštěný z: c:\users\top\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\top\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ135
-------\Legacy_CPUZ137
-------\Service_cpuz135
-------\Service_cpuz137
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-11-01 do 2016-12-01 )))))))))))))))))))))))))))))))
.
.
2016-12-01 13:09 . 2016-12-01 13:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-12-01 13:09 . 2016-12-01 13:09 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2016-12-01 13:09 . 2016-12-01 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-12-01 06:38 . 2016-12-01 06:38 -------- d-----w- c:\users\top\AppData\Roaming\ProductData
2016-12-01 06:35 . 2016-12-01 06:13 24064 ----a-w- c:\windows\zoek-delete.exe
2016-12-01 06:35 . 2016-12-01 13:12 -------- d-----w- c:\users\top\AppData\Local\Temp
2016-12-01 06:35 . 2016-12-01 07:50 -------- d-----w- c:\programdata\ProductData
2016-12-01 06:13 . 2016-12-01 06:30 -------- d-----w- C:\zoek_backup
2016-11-30 17:19 . 2016-11-30 17:19 -------- d-----w- c:\programdata\Sophos
2016-11-30 17:18 . 2016-11-30 17:18 -------- d-----w- c:\program files (x86)\Sophos
2016-11-30 16:54 . 2016-11-30 16:54 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2016-11-30 09:41 . 2016-11-30 16:04 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-30 09:40 . 2016-11-30 09:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-11-30 09:40 . 2016-03-10 13:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-11-30 09:40 . 2016-03-10 13:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-11-30 09:40 . 2016-03-10 13:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-11-30 09:29 . 2016-11-30 16:50 -------- d-----w- C:\AdwCleaner
2016-11-29 06:56 . 2016-11-29 06:57 -------- d-----w- c:\users\top\AppData\Local\ashampoo
2016-11-29 06:54 . 2016-11-29 06:54 -------- d-----w- c:\program files (x86)\Ashampoo
2016-11-28 17:11 . 2016-11-28 17:11 -------- d-----w- c:\users\top\AppData\Local\Star Stable 2
2016-11-28 17:10 . 2016-11-28 17:10 -------- d-----w- c:\program files (x86)\Stabenfeldt
2016-11-28 07:18 . 2016-11-28 07:18 -------- d-----w- c:\users\top\AppData\Roaming\Mikrotik
2016-11-18 06:14 . 2016-11-18 06:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2016-11-15 06:51 . 2016-10-06 16:49 235184 ----a-w- c:\windows\system32\drivers\RapportHades64.sys
2016-11-15 06:51 . 2016-10-06 16:49 489712 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2016-11-15 06:49 . 2016-11-15 06:49 -------- d-----w- c:\users\top\AppData\Local\Trusteer
2016-11-15 06:48 . 2016-11-15 06:48 -------- d-----w- c:\program files (x86)\Trusteer
2016-11-15 06:44 . 2016-11-15 06:44 -------- d-----w- c:\programdata\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-01 12:12 . 2016-01-03 09:28 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-11-18 06:15 . 2016-11-18 06:15 345600 ----a-w- c:\windows\system32\schannel.dll
2016-11-18 06:15 . 2016-11-18 06:15 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-11-18 06:14 . 2016-11-18 06:14 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2016-11-18 06:14 . 2016-11-18 06:14 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-11-18 06:14 . 2016-11-18 06:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-11-09 14:11 . 2015-12-31 17:36 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-09 14:11 . 2015-12-31 17:36 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-09 10:35 . 2015-09-10 18:56 141011376 -c--a-w- c:\windows\system32\MRT.exe
2016-10-31 15:46 . 2015-12-31 17:05 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-10-22 07:51 . 2016-10-22 07:51 756736 ----a-w- c:\windows\system32\win32spl.dll
2016-10-22 07:51 . 2016-10-22 07:51 497152 ----a-w- c:\windows\SysWow64\win32spl.dll
2016-10-22 07:51 . 2016-10-22 07:51 41984 ----a-w- c:\windows\system32\UtcResources.dll
2016-10-22 07:51 . 2016-10-22 07:51 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-10-22 07:51 . 2016-10-22 07:51 2048 ----a-w- c:\windows\system32\tzres.dll
2016-10-22 07:51 . 2016-10-22 07:51 1386496 ----a-w- c:\windows\system32\diagtrack.dll
2016-09-25 14:02 . 2016-09-25 14:02 988160 ----a-w- c:\windows\SysWow64\drmv2clt.dll
2016-09-25 14:02 . 2016-09-25 14:02 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-09-25 14:02 . 2016-09-25 14:02 842240 ----a-w- c:\windows\system32\blackbox.dll
2016-09-25 14:02 . 2016-09-25 14:02 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-09-25 14:02 . 2016-09-25 14:02 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2016-09-25 14:02 . 2016-09-25 14:02 744960 ----a-w- c:\windows\SysWow64\blackbox.dll
2016-09-25 14:02 . 2016-09-25 14:02 641024 ----a-w- c:\windows\system32\msscp.dll
2016-09-25 14:02 . 2016-09-25 14:02 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2016-09-25 14:02 . 2016-09-25 14:02 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-09-25 14:02 . 2016-09-25 14:02 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-09-25 14:02 . 2016-09-25 14:02 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2016-09-25 14:02 . 2016-09-25 14:02 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-09-25 14:02 . 2016-09-25 14:02 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-09-25 14:02 . 2016-09-25 14:02 406016 ----a-w- c:\windows\SysWow64\drmmgrtn.dll
2016-09-25 14:02 . 2016-09-25 14:02 325632 ----a-w- c:\windows\system32\msnetobj.dll
2016-09-25 14:02 . 2016-09-25 14:02 14632960 ----a-w- c:\windows\system32\wmp.dll
2016-09-25 14:02 . 2016-09-25 14:02 12574720 ----a-w- c:\windows\system32\wmploc.DLL
2016-09-25 14:02 . 2016-09-25 14:02 12574208 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-09-25 14:02 . 2016-09-25 14:02 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2016-09-25 14:02 . 2016-09-25 14:02 94440 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2016-09-25 14:02 . 2016-09-25 14:02 81920 ----a-w- c:\windows\system32\cryptsp.dll
2016-09-25 14:02 . 2016-09-25 14:02 54272 ----a-w- c:\windows\SysWow64\WsmRes.dll
2016-09-25 14:02 . 2016-09-25 14:02 54272 ----a-w- c:\windows\system32\WsmRes.dll
2016-09-25 14:02 . 2016-09-25 14:02 504320 ----a-w- c:\windows\SysWow64\msscp.dll
2016-09-25 14:02 . 2016-09-25 14:02 461312 ----a-w- c:\windows\system32\scavengeui.dll
2016-09-25 14:02 . 2016-09-25 14:02 433152 ----a-w- c:\windows\system32\mfplat.dll
2016-09-25 14:02 . 2016-09-25 14:02 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2016-09-25 14:02 . 2016-09-25 14:02 347136 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2016-09-25 14:02 . 2016-09-25 14:02 310784 ----a-w- c:\windows\system32\WsmWmiPl.dll
2016-09-25 14:02 . 2016-09-25 14:02 266752 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2016-09-25 14:02 . 2016-09-25 14:02 265216 ----a-w- c:\windows\SysWow64\msnetobj.dll
2016-09-25 14:02 . 2016-09-25 14:02 249344 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2016-09-25 14:02 . 2016-09-25 14:02 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2016-09-25 14:02 . 2016-09-25 14:02 2023424 ----a-w- c:\windows\system32\WsmSvc.dll
2016-09-25 14:02 . 2016-09-25 14:02 199168 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2016-09-25 14:02 . 2016-09-25 14:02 182272 ----a-w- c:\windows\system32\WsmAuto.dll
2016-09-25 14:02 . 2016-09-25 14:02 146944 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2016-09-25 14:02 . 2016-09-25 14:02 13824 ----a-w- c:\windows\system32\wsmprovhost.exe
2016-09-25 14:02 . 2016-09-25 14:02 12800 ----a-w- c:\windows\system32\wsmplpxy.dll
2016-09-25 14:02 . 2016-09-25 14:02 12288 ----a-w- c:\windows\SysWow64\wsmprovhost.exe
2016-09-25 14:02 . 2016-09-25 14:02 1178112 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2016-09-25 14:02 . 2016-09-25 14:02 11264 ----a-w- c:\windows\system32\msmmsp.dll
2016-09-25 14:02 . 2016-09-25 14:02 1068544 ----a-w- c:\windows\system32\cryptui.dll
2016-09-25 14:02 . 2016-09-25 14:02 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
2016-09-25 14:02 . 2016-09-25 14:02 680448 ----a-w- c:\windows\system32\audiosrv.dll
2016-09-25 14:02 . 2016-09-25 14:02 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2016-09-25 14:02 . 2016-09-25 14:02 499712 ----a-w- c:\windows\system32\AUDIOKSE.dll
2016-09-25 14:02 . 2016-09-25 14:02 442368 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2016-09-25 14:02 . 2016-09-25 14:02 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2016-09-25 14:02 . 2016-09-25 14:02 295936 ----a-w- c:\windows\system32\AudioSes.dll
2016-09-25 14:02 . 2016-09-25 14:02 284672 ----a-w- c:\windows\system32\EncDump.dll
2016-09-25 14:02 . 2016-09-25 14:02 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-09-25 14:02 . 2016-09-25 14:02 195072 ----a-w- c:\windows\SysWow64\AudioSes.dll
2016-09-25 14:02 . 2016-09-25 14:02 9728 ----a-w- c:\windows\system32\pcalua.exe
2016-09-25 14:02 . 2016-09-25 14:02 8704 ----a-w- c:\windows\system32\pcaevts.dll
2016-09-25 14:02 . 2016-09-25 14:02 80896 ----a-w- c:\windows\SysWow64\cryptsp.dll
2016-09-25 14:02 . 2016-09-25 14:02 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2016-09-25 14:02 . 2016-09-25 14:02 440320 ----a-w- c:\windows\system32\AudioEng.dll
2016-09-25 14:02 . 2016-09-25 14:02 37376 ----a-w- c:\windows\system32\pcadm.dll
2016-09-25 14:02 . 2016-09-25 14:02 371712 ----a-w- c:\windows\system32\qdvd.dll
2016-09-25 14:02 . 2016-09-25 14:02 3209216 ----a-w- c:\windows\SysWow64\mf.dll
2016-09-25 14:02 . 2016-09-25 14:02 187904 ----a-w- c:\windows\system32\pcasvc.dll
2016-09-25 14:02 . 2016-09-25 14:02 1573888 ----a-w- c:\windows\system32\quartz.dll
2016-09-25 14:02 . 2016-09-25 14:02 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2016-09-25 14:02 . 2016-09-25 14:02 125952 ----a-w- c:\windows\system32\audiodg.exe
2016-09-25 14:02 . 2016-09-25 14:02 11264 ----a-w- c:\windows\system32\pcawrk.exe
2016-09-25 14:02 . 2016-09-25 14:02 1005056 ----a-w- c:\windows\SysWow64\cryptui.dll
2016-09-25 14:02 . 2016-09-25 14:02 632320 ----a-w- c:\windows\system32\evr.dll
2016-09-25 14:02 . 2016-09-25 14:02 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2016-09-25 14:02 . 2016-09-25 14:02 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2016-09-25 14:02 . 2016-09-25 14:02 489984 ----a-w- c:\windows\SysWow64\evr.dll
2016-09-25 14:02 . 2016-09-25 14:02 4121600 ----a-w- c:\windows\system32\mf.dll
2016-09-25 14:02 . 2016-09-25 14:02 24576 ----a-w- c:\windows\system32\mfpmp.exe
2016-09-25 14:02 . 2016-09-25 14:02 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2016-09-25 14:02 . 2016-09-25 14:02 206848 ----a-w- c:\windows\system32\mfps.dll
2016-09-25 14:02 . 2016-09-25 14:02 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2016-09-25 14:02 . 2016-09-25 14:02 2048 ----a-w- c:\windows\system32\mferror.dll
2016-09-25 14:02 . 2016-09-25 14:02 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2016-09-25 14:00 . 2016-09-25 14:00 3229696 ----a-w- c:\windows\explorer.exe
2016-09-25 14:00 . 2016-09-25 14:00 2972672 ----a-w- c:\windows\SysWow64\explorer.exe
2016-09-25 14:00 . 2016-09-25 14:00 1941504 ----a-w- c:\windows\system32\authui.dll
2016-09-25 14:00 . 2016-09-25 14:00 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-09-25 14:00 . 2016-09-25 14:00 1806848 ----a-w- c:\windows\SysWow64\authui.dll
2016-09-25 14:00 . 2016-09-25 14:00 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-02-10 50599552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
R3 7ByteIo;7ByteIo; [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
R3 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R3 cpuz138;cpuz138;c:\users\top\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\top\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MEDCServerComponent-Apache;MEDC Server Component - Apache;c:\manageengine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe;c:\manageengine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssinstall;SInstalátor;c:\windows\SysWOW64\ssins.exe;c:\windows\SysWOW64\ssins.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm258.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 RapportCerberus_1609053;RapportCerberus_1609053;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2016-11-26 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-09 14:11]
.
2016-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-31 14:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 4030008]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
.
**************************************************************************
.
Celkový čas: 2016-12-01 14:22:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-12-01 13:22
ComboFix2.txt 2016-12-01 07:10
.
Před spuštěním: Volných bajtů: 48 279 932 928
Po spuštění: Volných bajtů: 47 882 694 656
.
- - End Of File - - 394204D22E5BC532DDFC07DC3B41B212
413FC2A0C716421B3158746D63736515

bill.da · Příspěvekod **bill.da** » 01 pro 2016 14:28

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:27:25, on 1.12.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18525)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Users\top\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MEDC Server Component - Apache (MEDCServerComponent-Apache) - Apache Software Foundation - C:\ManageEngine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\Windows\SysWOW64\ssins.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6882 bytes

bill.da · Příspěvekod **bill.da** » 01 pro 2016 14:31

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-12-01 14:29:42
-----------------------------
14:29:42.274 OS Version: Windows x64 6.1.7601 Service Pack 1
14:29:42.274 Number of processors: 2 586 0x6B01
14:29:42.274 ComputerName: TOP-PC UserName: top
14:29:43.102 Initialize success
14:29:43.196 VM: initialized successfully
14:29:43.196 VM: Amd CPU virtualization not supported
14:30:02.251 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:30:02.251 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 76189MB BusType: 3
14:30:02.267 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000069
14:30:02.267 Disk 1 Vendor: SAMSUNG_ CT10 Size: 381553MB BusType: 3
14:30:02.376 Disk 1 MBR read successfully
14:30:02.376 Disk 1 MBR scan
14:30:02.376 Disk 1 unknown MBR code
14:30:02.798 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 128697 MB offset 63
14:30:02.814 Disk 1 Boot: NTFS code=2
14:30:02.830 Disk 1 Partition 2 00 27 Hidden NTFS WinRE NTFS 449 MB offset 263573504
14:30:02.830 Disk 1 Partition - 00 05 Extended 252404 MB offset 264494160
14:30:02.845 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 252404 MB offset 264494223
14:30:03.236 Disk 1 scanning C:\Windows\system32\drivers
14:30:10.048 Service scanning
14:30:25.080 Modules scanning
14:30:25.095 Disk 1 trace - called modules:
14:30:25.111 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
14:30:25.126 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007605060]
14:30:25.126 3 CLASSPNP.SYS[fffff8800157243f] -> nt!IofCallDriver -> [0xfffffa8007449bb0]
14:30:25.142 5 ACPI.sys[fffff88000ea07a1] -> nt!IofCallDriver -> \Device\00000069[0xfffffa800743a060]
14:30:25.142 Disk 1 statistics 126519/0/0 @ 9,28 MB/s
14:30:25.142 Scan finished successfully
14:30:43.658 Disk 1 MBR has been saved successfully to "C:\Users\top\Desktop\MBR.dat"
14:30:43.673 The log file has been saved successfully to "C:\Users\top\Desktop\aswMBR.txt"

Příspěvekod **jaro3** » 01 pro 2016 17:32

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Co problémy?

bill.da · Příspěvekod **bill.da** » 01 pro 2016 18:38

RogueKiller V12.8.3.0 (x64) [Nov 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : top [Práva správce]
Started from : C:\Users\top\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 12/01/2016 18:06:15 (Duration : 00:30:12)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1220894994-1509848511-4111069859-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1220894994-1509848511-4111069859-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 0551257f0fb1d647b5003065929b0c64
[BSP] bc0806a5187bb02ad33d88e2144735ad : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD403LJ SCSI Disk Device +++++
--- User ---
[MBR] 79fee6c9ef91a46459fe77f966dd633e
[BSP] 43d06aeb00fffbc4f2ca30b6dcdc9366 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 128697 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 263573504 | Size: 449 MB
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 264494160 | Size: 252404 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )

+++++ PhysicalDrive2: Generic USB SD Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB CF Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB SM Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic USB MS Reader +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Příspěvekod **jaro3** » 01 pro 2016 23:08

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?

Prosim o kontrolu logu Vyřešeno

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Kdo je online