totálně zamrzlý počítač

Zpráva

peknal · #1 Příspěvek od **peknal** » 19 lis 2014 21:36

Prosím o pomoc při odstranění Malware. klasické čištění selhává. Nějak jsem nainsotaloval program mystartsearch, který už nešel odmazat . Tohle jsem složitě načítal několik desítek minut.

Logfile of random's system information tool 1.10 (written by random/random)
Run by milan at 2014-11-19 21:25:44
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 7 GB (5%) free of 153 GB
Total RAM: 1535 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:26:05, on 19.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\vsnpmi03.exe
C:\Windows\System32\WScript.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Users\milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\milan\Downloads\RSIT.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\milan\Downloads\RSIT.exe
C:\Program Files\trend micro\milan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SNPMI03] C:\Windows\vsnpmi03.exe
O4 - HKLM\..\Run: [msjhkuSrv] "C:\Windows\system32\msjhku.vbe" msaaqeui msvlmc
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files\Android-Sync\AndroidSync.exe -m
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKCU\..\Run: [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\milan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesPDLR.exe] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
O4 - HKCU\..\Run: [Google Update] "C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe

--
End of file - 6035 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2709638672-2288162957-48926482-1000Core.job - C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2709638672-2288162957-48926482-1000UA.job - C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-10-09 81920]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 974432]
"SNPMI03"=C:\Windows\vsnpmi03.exe [2003-08-08 32768]
"msjhkuSrv"=C:\Windows\system32\msjhku.vbe [2013-12-03 583]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"AndroidSync"=C:\Program Files\Android-Sync\AndroidSync.exe [2014-06-09 6252976]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"SpywareTerminatorShield"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2014-11-12 2774904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NextLive"=C:\Users\milan\AppData\Roaming\newnext.me\nengine.dll,EntryPoint -m l []
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2014-07-25 311616]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2014-07-25 845120]
"KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2014-07-25 1562264]
"KiesPDLR.exe"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2014-07-25 845120]
"Google Update"=C:\Users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22 107912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-11-19 20:48:42 ----D---- C:\rsit
2014-11-16 23:37:24 ----SHD---- C:\$RECYCLE.BIN
2014-11-16 23:34:07 ----A---- C:\Windows\zoek-delete.exe
2014-11-16 23:34:03 ----D---- C:\Windows\Temp
2014-11-16 21:51:08 ----D---- C:\zoek_backup
2014-11-16 21:23:22 ----A---- C:\ComboFix.txt
2014-11-16 20:07:50 ----A---- C:\Windows\MBR.exe
2014-11-16 20:07:49 ----A---- C:\Windows\NIRCMD.exe
2014-11-16 20:07:48 ----A---- C:\Windows\SWREG.exe
2014-11-16 20:07:48 ----A---- C:\Windows\PEV.exe
2014-11-16 20:07:47 ----A---- C:\Windows\zip.exe
2014-11-16 20:07:47 ----A---- C:\Windows\SWSC.exe
2014-11-16 20:07:47 ----A---- C:\Windows\sed.exe
2014-11-16 20:07:47 ----A---- C:\Windows\grep.exe
2014-11-16 20:02:45 ----D---- C:\Windows\ERDNT
2014-11-16 20:02:10 ----D---- C:\Qoobox
2014-11-16 10:07:44 ----A---- C:\Windows\system32\drivers\sp_rsdrv2.sys
2014-11-16 10:07:42 ----D---- C:\Users\milan\AppData\Roaming\Spyware Terminator
2014-11-16 10:04:50 ----D---- C:\Program Files\Spyware Terminator
2014-11-14 22:43:01 ----D---- C:\ProgramData\Spyware Terminator
2014-11-14 21:05:47 ----A---- C:\autoexec.bat
2014-11-14 21:02:09 ----D---- C:\Program Files\Enigma Software Group
2014-11-14 20:52:41 ----D---- C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-11-14 20:52:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2014-11-12 06:59:44 ----A---- C:\Windows\system32\msxml3.dll
2014-11-12 06:59:43 ----A---- C:\Windows\system32\msxml3r.dll
2014-11-12 06:59:34 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:59:33 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:59:33 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:59:28 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:59:27 ----A---- C:\Windows\system32\ie4uinit.exe
2014-11-12 06:59:26 ----A---- C:\Windows\system32\iernonce.dll
2014-11-12 06:59:24 ----A---- C:\Windows\system32\iedkcs32.dll
2014-11-12 06:59:23 ----A---- C:\Windows\system32\urlmon.dll
2014-11-12 06:59:20 ----A---- C:\Windows\system32\jsproxy.dll
2014-11-12 06:59:19 ----A---- C:\Windows\system32\ieUnatt.exe
2014-11-12 06:59:17 ----A---- C:\Windows\system32\jscript9diag.dll
2014-11-12 06:59:17 ----A---- C:\Windows\system32\dxtmsft.dll
2014-11-12 06:59:16 ----A---- C:\Windows\system32\ieapfltr.dll
2014-11-12 06:59:14 ----A---- C:\Windows\system32\msfeeds.dll
2014-11-12 06:59:04 ----A---- C:\Windows\system32\msrating.dll
2014-11-12 06:59:02 ----A---- C:\Windows\system32\iesetup.dll
2014-11-12 06:58:58 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:58:57 ----A---- C:\Windows\system32\wininet.dll
2014-11-12 06:58:49 ----A---- C:\Windows\system32\dxtrans.dll
2014-11-12 06:58:46 ----A---- C:\Windows\system32\ieui.dll
2014-11-12 06:58:42 ----A---- C:\Windows\system32\ieframe.dll
2014-11-12 06:58:33 ----A---- C:\Windows\system32\mshtmled.dll
2014-11-12 06:58:27 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:58:18 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:58:14 ----A---- C:\Windows\system32\iertutil.dll
2014-11-12 06:58:00 ----A---- C:\Windows\system32\mshtml.dll
2014-11-12 06:57:50 ----A---- C:\Windows\system32\vbscript.dll
2014-11-12 06:57:47 ----A---- C:\Windows\system32\jscript9.dll
2014-11-12 06:56:27 ----A---- C:\Windows\system32\oleaut32.dll
2014-11-12 06:55:41 ----A---- C:\Windows\system32\IMJP10K.DLL
2014-11-12 06:55:07 ----A---- C:\Windows\system32\msi.dll
2014-11-12 06:54:25 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:54:24 ----A---- C:\Windows\system32\EncDump.dll
2014-11-12 06:54:24 ----A---- C:\Windows\system32\audiosrv.dll
2014-11-12 06:54:24 ----A---- C:\Windows\system32\AudioEng.dll
2014-11-12 06:54:23 ----A---- C:\Windows\system32\AudioSes.dll
2014-11-12 06:52:47 ----A---- C:\Windows\system32\schannel.dll
2014-11-12 06:52:45 ----A---- C:\Windows\system32\ncrypt.dll
2014-11-12 06:52:44 ----A---- C:\Windows\system32\msv1_0.dll
2014-11-12 06:52:44 ----A---- C:\Windows\system32\kerberos.dll
2014-11-12 06:52:43 ----A---- C:\Windows\system32\wdigest.dll
2014-11-12 06:52:43 ----A---- C:\Windows\system32\TSpkg.dll
2014-11-12 06:52:41 ----A---- C:\Windows\system32\credssp.dll
2014-11-12 06:52:21 ----A---- C:\Windows\system32\win32k.sys
2014-11-12 06:52:19 ----A---- C:\Windows\system32\packager.dll
2014-11-12 06:52:07 ----A---- C:\Windows\system32\adtschema.dll
2014-11-12 06:52:06 ----A---- C:\Windows\system32\termsrv.dll
2014-11-12 06:52:06 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-11-12 06:52:05 ----A---- C:\Windows\system32\msaudite.dll
2014-11-12 06:52:05 ----A---- C:\Windows\system32\lsasrv.dll
2014-10-22 14:54:27 ----D---- C:\Program Files\Microsoft Synchronization Services
2014-10-22 14:54:21 ----D---- C:\Program Files\Common Files\DESIGNER
2014-10-22 14:52:23 ----D---- C:\Windows\PCHEALTH
2014-10-22 14:52:23 ----D---- C:\Program Files\Microsoft Sync Framework
2014-10-22 14:52:23 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2014-10-22 14:47:24 ----D---- C:\Program Files\Microsoft Visual Studio 8
2014-10-22 14:44:54 ----D---- C:\Program Files\Microsoft Analysis Services
2014-10-21 19:05:31 ----A---- C:\Windows\vx86036.dat
2014-10-21 19:05:19 ----A---- C:\CKINFO.TXT
2014-10-21 19:05:08 ----D---- C:\ProgramData\CrypKey
2014-10-21 19:03:50 ----A---- C:\Windows\Crypkey.ini
2014-10-21 19:01:23 ----RA---- C:\Windows\Setup_ck.exe
2014-10-21 19:01:23 ----A---- C:\Windows\system32\Crypserv.exe
2014-10-21 19:01:23 ----A---- C:\Windows\system32\Ckldrv.sys
2014-10-21 19:01:23 ----A---- C:\Windows\Setup_ck.dll
2014-10-21 19:01:23 ----A---- C:\Windows\Ckrfresh.exe
2014-10-21 19:01:23 ----A---- C:\Windows\Ckconfig.exe
2014-10-21 19:00:45 ----D---- C:\Program Files\Stellar Phoenix Outlook PST Repair

======List of files/folders modified in the last 1 month======

2014-11-19 21:25:57 ----D---- C:\Program Files\trend micro
2014-11-19 16:49:16 ----D---- C:\Windows\System32
2014-11-19 16:49:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-19 16:49:13 ----D---- C:\Windows\inf
2014-11-19 08:15:38 ----D---- C:\Windows\system32\config
2014-11-19 07:13:31 ----D---- C:\Windows\system32\catroot
2014-11-19 07:13:23 ----D---- C:\Windows\system32\catroot2
2014-11-19 07:13:04 ----D---- C:\Windows\winsxs
2014-11-18 07:04:45 ----SHD---- C:\System Volume Information
2014-11-17 08:24:06 ----D---- C:\Windows\Tasks
2014-11-16 23:45:51 ----RD---- C:\Program Files
2014-11-16 23:35:41 ----D---- C:\Windows
2014-11-16 23:17:01 ----D---- C:\ProgramData
2014-11-16 22:10:08 ----D---- C:\Windows\system32\drivers\etc
2014-11-16 21:24:13 ----D---- C:\Windows\system32\drivers
2014-11-16 21:12:34 ----A---- C:\Windows\system.ini
2014-11-16 20:51:01 ----D---- C:\Windows\AppPatch
2014-11-16 20:50:49 ----D---- C:\Program Files\Common Files
2014-11-15 17:56:25 ----SHD---- C:\Windows\Installer
2014-11-15 17:56:23 ----D---- C:\Windows\system32\Tasks
2014-11-15 17:55:49 ----D---- C:\Config.Msi
2014-11-14 20:13:17 ----D---- C:\Windows\debug
2014-11-14 15:17:22 ----D---- C:\Windows\Prefetch
2014-11-14 08:04:34 ----D---- C:\Windows\Microsoft.NET
2014-11-14 08:02:31 ----RSD---- C:\Windows\assembly
2014-11-14 07:25:15 ----D---- C:\Windows\system32\MRT
2014-11-13 08:41:12 ----D---- C:\Windows\rescache
2014-11-13 07:06:32 ----D---- C:\Windows\system32\cs-CZ
2014-11-13 06:08:08 ----D---- C:\Windows\system32\en-US
2014-11-13 06:08:00 ----D---- C:\Program Files\Internet Explorer
2014-11-12 12:11:37 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-11-03 08:00:20 ----D---- C:\hry
2014-10-31 23:25:42 ----A---- C:\Windows\system32\MRT.exe
2014-10-30 12:24:45 ----N---- C:\Windows\system32\MpSigStub.exe
2014-10-25 08:52:08 ----D---- C:\ProgramData\Microsoft Help
2014-10-25 08:38:07 ----A---- C:\Windows\win.ini
2014-10-22 14:58:18 ----RSD---- C:\Windows\Fonts
2014-10-22 14:57:51 ----D---- C:\Windows\ShellNew
2014-10-22 14:57:44 ----D---- C:\Program Files\Common Files\microsoft shared
2014-10-22 14:56:45 ----D---- C:\Program Files\MSBuild
2014-10-22 14:52:32 ----D---- C:\Program Files\Microsoft Office
2014-10-22 14:52:23 ----SD---- C:\ProgramData\Microsoft
2014-10-21 20:21:43 ----D---- C:\Windows\system32\wdi
2014-10-20 14:03:32 ----SD---- C:\Users\milan\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 231800]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-13 159232]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 catchme;catchme; \??\C:\Users\milan\AppData\Local\Temp\catchme.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-04-11 89856]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 snpmi03;VideoCAM NB 300; C:\Windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-04-11 184192]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2014-04-11 184192]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2008-05-08 122880]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2014-04-30 233472]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 22192]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2014-11-12 585080]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12 267440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-06 102912]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 19 lis 2014 21:45

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

peknal · #3 Příspěvek od **peknal** » 21 lis 2014 17:27

Dobrý den , omlouvám, se, ještě k tomu všemu mi klekl zdroj takže reaguji opožděně .Navíc jakékoliv spuštění prohlížeče i programu typu Word je téměř nemožné, takže nemám nic aktuálního a nevím zda výstup adw cleaner je úplný. Nijak zvlášť nepomůže ani nouzový režim .
zde co jsem vytvořil. Třeba z toho něco poznáte.

# AdwCleaner v4.101 - Report created 20/11/2014 at 22:51:07
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : milan - MILAN-PC
# Running from : C:\Users\milan\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

Zoek.exe v5.0.0.0 Updated 20-November-2014
Tool run by milan on p 21.11.2014 at 6:44:41,34.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\milan\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-16-223707.log 24444 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default\prefs.js:

Added to C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\milan\.android deleted
C:\Windows\System32\PerfStringBackup.TMP deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\milan\AppData\Roaming\TomTom\HOME\Profiles\dnqr7n0g.default
- Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.400.851694@tomtom.com

==== Firefox Plugins ======================

==== Chromium Look ======================

Seznam Li\u0161ti\u010Dka - Email - milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Li\u0161ti\u010Dka - Rychl\u00E1 volba - milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak

==== Chromium Startpages ======================

C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.goggle.com/",
"urls_to_restore_on_startup": [ "https://www.google.cz/" ]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Seznam Url="http://search.seznam.cz/?sourceid=quick ... earchTerms}"
{0DE4E9B9-FB3D-4BFB-849E-B71A749BEDDE} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_13415"
{12FE0ECB-4E09-4BBC-AC99-E98FE77DC104} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&so ... arch_13415"
{190BBF82-5B36-42FD-AABD-993FBA6FC7C3} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_13415"
{22206F5D-0BC6-449C-BC7A-42F648795613} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_13415"
{4A605972-FBC9-4620-905D-EFAE96484D4A} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchT ... arch_13415"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
{B960FCBF-3694-4E83-B274-610CF05EBAD9} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... arch_13415"
{C8174F1F-6A0F-478C-ADC9-13CD03FDFB6D} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415"
{D240567A-6330-4CD7-8425-113D40077793} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q= ... arch_13415"
{D3A16458-092A-4F72-99C8-4306801E3D4A} Google Url="http://www.google.com/search?q={searchT ... utEncoding?}"

==== Reset Google Chrome ======================

C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\milan\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Users\milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\milan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1241 folders=147 117622238 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\milan\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\milan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on p 21.11.2014 at 11:25:18,19 ======================

#4 Příspěvek od **vyosek** » 21 lis 2014 17:57

Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Dejte jeho log c:\combofix.txt

peknal · #5 Příspěvek od **peknal** » 21 lis 2014 22:23

ani nevíte ,jak mě to trestá, šlo o akt čirého zoufalství,který ale umožnil funkčnost počítače. Bohužel ,ale za chvíli už to byl o stejné,ne li horší. Zpráva je velká zkusím ji rozdělit

ComboFix 14-11-15.01 - milan 16.11.2014 20:37:28.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1535.987 [GMT 1:00]
Spuštěný z: c:\combofix\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\milan\AppData\Roaming\LiveSupport.exe_log.txt
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\9DSv5N@rwB.edu\bootstrap.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\9DSv5N@rwB.edu\content\bg.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\9DSv5N@rwB.edu\chrome.manifest
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\9DSv5N@rwB.edu\install.rdf
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\EB6Lx@WV.edu\bootstrap.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\EB6Lx@WV.edu\content\bg.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\EB6Lx@WV.edu\chrome.manifest
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\EB6Lx@WV.edu\install.rdf
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru.json
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\app.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\aboutSupport.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonfs.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonmgr.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonStatus.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\backgroundImages.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\backup.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\barnavig.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\blacklist.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\bookmarks.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\branding.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\clids.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\cloudsource.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\colors.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\databaseMigration.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\dataprovider.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\fastdial.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\favicons.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\frontendHelper.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\installer.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\internalStructure.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\layout.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\metrika.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\install.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_0.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_3.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_9.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\package.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\protocolSupport.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\safebrowsing.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\searchExample.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\searchSuggest.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\strbundle.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\sync.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\syncPinned.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\syncTopHistory.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\thumbs.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\usageHistory.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\workers\barnavig.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\ycookie.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\components\core.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\config.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\defaults\preferences\yandex-vb.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\defaults\vendor\vendor.xml
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\chrome.manifest
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\chrome\yandex-vb.jar
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\install.rdf
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\AddonManager.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\DataURI.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Foundation.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\async.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\database.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\ecustom.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\fileutils.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\misc.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\netutils.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\patterns.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\promise.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\strutils.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\sysutils.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\task.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\xmlutils.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Log4Moz.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Preferences.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\SimpleHTMLParser.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\SimpleProtocol.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Stemmer.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\WindowListener.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\WinReg.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru.json
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\bar.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\aboutSupport.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonfs.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonmgr.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonStatus.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\anonymousStatistic.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\autoinst.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\barnavig.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\brand_prov.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\branding.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\browserUsage.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\clids.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\compsusage.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\defender.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\distribution.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\incoming.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\installer.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\install.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-5_2_0.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-6_4_0.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_0_0.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_6_0.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_8_0.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_8_1.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-8_0_0.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-8_1_0.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\barplugin.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\brandsvc.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\compapi.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\ncparser.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\npwidget.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\sliceapi.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native_comps.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\notifications.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\overlay_prov.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\pacman.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\cachedres.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\manifest.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\package.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\permissions.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\preset-with-manifest.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\preset.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\unit.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\slices.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\strbundle.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\update.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\vendorCookie.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\widgetlib.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\workers\barnavig.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\action.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\attribute.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\button.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\computed.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\enabled.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\extra-text.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\grid.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\checkbox.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\checked.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\image.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\menu.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\style.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\text.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\tooltip.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\url.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\widget.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\xml.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\elements.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\event-listener.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbbase.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbcalcnodes.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbfuncs.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbparser.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbtypes.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbui.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbwidget.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\ycookie.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\core.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsIYaSearch.xpt
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsSearchSuggestions.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsYaSearch.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\xbProtocol.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\config.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\dynamic-preferences\brand\ua\safebrowsing.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\dynamic-preferences\safebrowsing.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\preferences\yasearch.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fdefault-partner.xml
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fdefault.xml
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Ftb.xml
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fua.xml
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\vendor\vendor.xml
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\chrome.manifest
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\chrome\yasearch.jar
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\install.rdf
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\AddonManager.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\DataURI.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Foundation.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\async.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\database.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\dlqueue.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\ecustom.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\fileutils.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\legacy.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\misc.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\netutils.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\patterns.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\promise.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\strutils.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\sysutils.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\task.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\xmlutils.js
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Log4Moz.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Preferences.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\SimpleHTMLParser.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\SimpleProtocol.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Stemmer.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\WindowListener.jsm
c:\users\milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\WinReg.jsm
c:\users\milan\AppData\Roaming\regsvr32.exe_log.txt
c:\users\milan\Documents\~WRL0002.tmp
c:\windows\host32.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ntos.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\twext.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-16 do 2014-11-16 )))))))))))))))))))))))))))))))
.
.
2014-11-16 20:07 . 2014-11-16 20:12 -------- d-----w- c:\users\milan\AppData\Local\temp
2014-11-16 18:18 . 2014-11-16 18:18 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B9B6B63-C810-4750-BB20-A5BE3475B68B}\offreg.dll
2014-11-16 17:37 . 2014-09-17 13:31 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18452B80-3BED-4533-8F30-95D23A4D7F3C}\gapaengine.dll
2014-11-16 17:35 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B9B6B63-C810-4750-BB20-A5BE3475B68B}\mpengine.dll
2014-11-16 09:09 . 2014-11-16 09:09 -------- d-----w- c:\users\milan\AppData\Roaming\Inbox Storage
2014-11-16 09:08 . 2014-11-16 09:09 -------- d-----w- c:\program files\Inbox Storage
2014-11-16 09:07 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2014-11-16 09:07 . 2014-11-16 09:07 -------- d-----w- c:\users\milan\AppData\Roaming\Spyware Terminator
2014-11-16 09:04 . 2014-11-16 17:09 -------- d-----w- c:\program files\Spyware Terminator
2014-11-15 16:56 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-15 16:54 . 2014-11-15 16:54 -------- d-sh--w- c:\users\milan\AppData\Local\EmieBrowserModeList
2014-11-14 21:43 . 2014-11-16 17:19 -------- d-----w- c:\programdata\Spyware Terminator
2014-11-14 20:02 . 2014-11-14 20:02 -------- d-----w- c:\program files\Enigma Software Group
2014-11-14 19:52 . 2014-11-15 16:54 -------- d-----w- c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-11-14 19:52 . 2014-11-14 19:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-11-13 19:24 . 2014-11-13 19:24 -------- d-----w- c:\users\milan\AppData\Roaming\EZDownloader
2014-11-13 18:00 . 2014-11-13 21:04 -------- d-----w- c:\users\milan\AppData\Roaming\SkypEmoticons
2014-11-13 17:56 . 2014-11-13 17:56 -------- d-----w- c:\programdata\Trusted Publisher
2014-11-13 17:54 . 2014-11-13 17:54 -------- d-----w- c:\program files\DeltaFix
2014-11-13 17:45 . 2014-11-13 17:47 -------- d-----w- c:\program files\YoutubeAdBlocke
2014-11-13 17:43 . 2014-11-14 19:59 -------- d-----w- c:\program files\GoSave
2014-11-13 17:42 . 2014-11-13 17:42 -------- d-----w- c:\programdata\6637186604258676933
2014-11-13 17:41 . 2014-11-13 17:41 -------- d-----w- c:\programdata\aeepdhieabcekehiiacgmnhmpcfiennl
2014-11-12 05:58 . 2014-11-07 19:23 815280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-11-12 05:58 . 2014-11-06 03:28 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-12 05:58 . 2014-11-06 03:20 772608 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-11-12 05:58 . 2014-11-06 02:20 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-12 05:58 . 2014-11-06 03:10 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-12 05:58 . 2014-11-06 02:36 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-11-12 05:57 . 2014-11-06 02:21 4298240 ----a-w- c:\windows\system32\jscript9.dll
2014-11-12 05:55 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 05:55 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-12 05:54 . 2014-10-03 01:44 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-12 05:54 . 2014-10-03 01:44 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-12 05:54 . 2014-10-03 01:44 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-12 05:54 . 2014-10-03 01:44 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-12 05:54 . 2014-10-03 01:44 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-12 05:52 . 2014-09-19 09:23 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-12 05:52 . 2014-09-19 09:23 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-12 05:52 . 2014-09-19 09:23 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-12 05:52 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 05:52 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 05:52 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 05:52 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-10 20:28 . 2014-11-10 20:28 -------- d-----w- c:\users\milan\Royal Enfield 2012
2014-11-10 20:28 . 2014-11-10 20:28 -------- d-----w- c:\users\milan\PC Drivers HeadQuarters
2014-11-10 20:27 . 2014-11-10 20:28 -------- d-----w- c:\users\milan\ostrožské vánoce
2014-11-10 20:27 . 2014-11-10 20:27 -------- d-----w- c:\users\milan\nsu 1926
2014-10-22 13:54 . 2014-10-22 13:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2014-10-22 13:52 . 2014-10-22 13:52 -------- d-----w- c:\windows\PCHEALTH
2014-10-22 13:52 . 2014-10-22 13:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2014-10-22 13:52 . 2014-10-22 13:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-10-22 13:47 . 2014-10-22 13:47 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-10-22 13:44 . 2014-10-22 13:44 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-10-21 18:05 . 2014-10-21 18:05 -------- d-----w- c:\programdata\CrypKey
2014-10-21 18:01 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe
2014-10-21 18:01 . 2008-03-17 16:45 19584 ----a-w- c:\windows\system32\Ckldrv.sys
2014-10-21 18:01 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
2014-10-21 18:01 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
2014-10-21 18:01 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
2014-10-21 18:01 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2014-10-21 18:00 . 2014-10-22 18:16 -------- d-----w- c:\program files\Stellar Phoenix Outlook PST Repair
2014-10-21 16:52 . 2014-10-21 16:52 -------- d-----w- c:\users\milan\AppData\Roaming\ParetoLogic
2014-10-21 16:52 . 2014-10-21 16:52 -------- d-----w- c:\users\milan\AppData\Roaming\DriverCure
2014-10-21 16:51 . 2014-10-22 12:11 -------- d-----w- c:\programdata\ParetoLogic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-16 20:15 . 2014-11-16 20:15 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B9B6B63-C810-4750-BB20-A5BE3475B68B}\MpKslcecd900f.sys
2014-11-12 11:11 . 2013-02-27 06:14 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 11:11 . 2013-02-27 06:14 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-06 03:13 . 2014-11-12 05:57 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-06 01:52 . 2014-11-12 05:58 1892864 ----a-w- c:\windows\system32\wininet.dll
2014-10-30 11:24 . 2012-01-03 06:30 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-25 01:32 . 2014-11-12 05:52 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-12 05:56 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:50 . 2014-11-12 05:52 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-10 00:45 . 2014-11-12 05:52 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-09-25 01:40 . 2014-10-01 05:03 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 09:23 . 2014-11-12 05:52 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:23 . 2014-11-12 05:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:23 . 2014-11-12 05:52 248832 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:23 . 2014-11-12 05:52 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-17 13:31 . 2012-02-10 17:42 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 21:47 . 2014-09-23 19:59 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04 . 2014-10-16 19:15 372736 ----a-w- c:\windows\system32\rastls.dll
2014-08-23 01:46 . 2014-08-28 12:07 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-21 06:26 . 2014-11-12 05:59 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-08-21 06:23 . 2014-11-12 05:59 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-09-27 08:06 . 2012-01-03 10:54 24880733 ----a-w- c:\program files\portable-BurningStudio7.21.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{a3ce8007-70bd-4409-8fc4-59fa2401bb7e}]
2014-11-13 17:46 766976 ----a-w- c:\program files\YoutubeAdBlocke\YhijoCuLdawsDa.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\milan\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2014-07-25 311616]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-07-25 845120]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2014-07-25 1562264]
"KiesPDLR.exe"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-07-25 845120]
"Inbox Storage"="c:\program files\Inbox Storage\InboxStorage.exe" [2014-03-26 4107176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-09 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-09 7741440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-09 81920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"SNPMI03"="c:\windows\vsnpmi03.exe" [2003-08-08 32768]
"msjhkuSrv"="c:\windows\system32\msjhku.vbe" [2013-12-03 583]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"AndroidSync"="c:\program files\Android-Sync\AndroidSync.exe" [2014-06-09 6252976]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2014-11-11 2774904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 24c54e38;DeltaFix;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-04-11 89856]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 snpmi03;VideoCAM NB 300;c:\windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-04-11 184192]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2014-04-11 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S1 MpKsl805a86d3;MpKsl805a86d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B9B6B63-C810-4750-BB20-A5BE3475B68B}\MpKsl805a86d3.sys [2014-11-16 39464]
S1 MpKslcecd900f;MpKslcecd900f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B9B6B63-C810-4750-BB20-A5BE3475B68B}\MpKslcecd900f.sys [2014-11-16 39464]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2014-04-30 233472]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [2014-11-11 585080]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLCECD900F
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2014-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 11:11]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709638672-2288162957-48926482-1000Core.job
- c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-09 06:08]
.
2014-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709638672-2288162957-48926482-1000UA.job
- c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-09 06:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.mystartsearch.com/?type=hp&ts=14159 ... XX3LS0FBN9
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.60.60
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
MSConfigStartUp-Pokki - %LOCALAPPDATA%\Pokki\Engine\Launcher.dll
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.

peknal · #6 Příspěvek od **peknal** » 21 lis 2014 22:33

zAMKNUTÉ registry vynechávám, pokud bude třeba vykopíruji - Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Celkový čas: 2014-11-16 21:23:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-11-16 20:23
.
Před spuštěním: Volných bajtů: 67 790 569 472
Po spuštění: Volných bajtů: 67 639 734 272
.
- - End Of File - - D24B4A0A259DC913571CEE27558870B1
A36C5E4F47E84449FF07ED3517B43A31

#7 Příspěvek od **vyosek** » 22 lis 2014 16:48

Odinstalujte Spyware Terminator

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\users\milan\AppData\Roaming\Spyware Terminator
c:\program files\Spyware Terminator
c:\programdata\Spyware Terminator
c:\program files\Enigma Software Group
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
c:\users\milan\AppData\Roaming\SkypEmoticons
c:\programdata\Trusted Publisher
c:\program files\DeltaFix
c:\program files\YoutubeAdBlocke
c:\program files\GoSave
c:\programdata\6637186604258676933
c:\programdata\aeepdhieabcekehiiacgmnhmpcfiennl
c:\users\milan\AppData\Roaming\newnext.me

File::
c:\windows\system32\drivers\sp_rsdrv2.sys
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709638672-2288162957-48926482-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709638672-2288162957-48926482-1000UA.job

Collect::
c:\users\milan\AppData\Roaming\newnext.me\nengine.dll
c:\windows\system32\msjhku.vbe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{a3ce8007-70bd-4409-8fc4-59fa2401bb7e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"=-
"KiesTrayAgent"=-
"KiesPDLR"=-
"KiesPreload"=-
"KiesPDLR.exe"=-
"Inbox Storage"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msjhkuSrv"=-
"Adobe ARM"=-
"BCSSync"=-
"SpywareTerminatorShield"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

Driver::
24c54e38
sp_rsdrv2

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

peknal · #8 Příspěvek od **peknal** » 24 lis 2014 21:46

Dobrý večer,
Combofix,který byl v počítači pro dokončení Vašeho scriptu žádal přeinstalaci z důvodů neaktuální verze. Úlohu po vložení prostě nedokončil. Po instalaci nové verze a vložení CFScript,txt. jak jste mi předal vyšel tento výstup. Opět z důvodu délky souboru předávám bez zamknutých registrů. Snad mě nezabijete ani nevypudíte ..

Milda

ComboFix 14-11-24.02 - milan 24.11.2014 20:59:04.3.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1535.696 [GMT 1:00]
Spuštěný z: c:\users\milan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\milan\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\sp_rsdrv2.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709638672-2288162957-48926482-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709638672-2288162957-48926482-1000UA.job"
.
file zipped: c:\windows\system32\msjhku.vbe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\cos.dat
c:\program files\Enigma Software Group\SpyHunter\gas.dat
c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20141114_210520.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20141114_222317.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20141115_171952.log
c:\program files\Enigma Software Group\SpyHunter\scanlog.log
c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
c:\program files\Spyware Terminator
c:\program files\Spyware Terminator\unins000.exe
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCall.dll
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla.dll
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla17.dll
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla18.exe
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla19.dll
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla2.dll
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla20.dll
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.dll
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseData.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SP_RSDRV2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-24 do 2014-11-24 )))))))))))))))))))))))))))))))
.
.
2014-11-24 20:25 . 2014-11-24 20:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-24 12:36 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF8A6827-3F60-4A80-BA3B-31A8729BD0F8}\mpengine.dll
2014-11-22 19:56 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-21 15:07 . 2014-09-17 13:31 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{176E4495-98F9-430D-997B-2DB9ED73964B}\gapaengine.dll
2014-11-21 10:26 . 2014-11-21 10:26 -------- d-----w- c:\users\milan\.android
2014-11-21 08:21 . 2014-11-24 20:29 -------- d-----w- c:\users\milan\AppData\Local\Temp
2014-11-19 21:12 . 2014-11-20 21:51 -------- d-----w- C:\AdwCleaner
2014-11-19 19:48 . 2014-11-19 20:03 -------- d-----w- C:\rsit
2014-11-19 07:01 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 07:01 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-16 20:51 . 2014-11-21 08:03 -------- d-----w- C:\zoek_backup
2014-11-16 09:07 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2014-11-15 16:54 . 2014-11-15 16:54 -------- d-sh--w- c:\users\milan\AppData\Local\EmieBrowserModeList
2014-11-14 19:52 . 2014-11-14 19:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-11-12 05:58 . 2014-11-07 19:23 815280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-11-12 05:58 . 2014-11-06 03:28 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-12 05:58 . 2014-11-06 01:52 1892864 ----a-w- c:\windows\system32\wininet.dll
2014-11-12 05:58 . 2014-11-06 03:20 772608 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-11-12 05:58 . 2014-11-06 02:20 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-12 05:58 . 2014-11-06 03:10 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-12 05:58 . 2014-11-06 02:36 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-11-12 05:57 . 2014-11-06 03:13 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-12 05:57 . 2014-11-06 02:21 4298240 ----a-w- c:\windows\system32\jscript9.dll
2014-11-12 05:56 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 05:55 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 05:55 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-12 05:54 . 2014-10-03 01:44 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-12 05:54 . 2014-10-03 01:44 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-12 05:54 . 2014-10-03 01:44 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-12 05:54 . 2014-10-03 01:44 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-12 05:54 . 2014-10-03 01:44 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-10 20:28 . 2014-11-10 20:28 -------- d-----w- c:\users\milan\Royal Enfield 2012
2014-11-10 20:27 . 2014-11-10 20:28 -------- d-----w- c:\users\milan\ostrožské vánoce
2014-11-10 20:27 . 2014-11-21 17:19 -------- d-----w- c:\users\milan\nsu 1926
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 11:11 . 2013-02-27 06:14 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 11:11 . 2013-02-27 06:14 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24 . 2012-01-03 06:30 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 01:40 . 2014-10-01 05:03 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-17 13:31 . 2012-02-10 17:42 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 21:47 . 2014-09-23 19:59 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04 . 2014-10-16 19:15 372736 ----a-w- c:\windows\system32\rastls.dll
2011-09-27 08:06 . 2012-01-03 10:54 24880733 ----a-w- c:\program files\portable-BurningStudio7.21.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-09 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-09 7741440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-09 81920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"SNPMI03"="c:\windows\vsnpmi03.exe" [2003-08-08 32768]
"AndroidSync"="c:\program files\Android-Sync\AndroidSync.exe" [2014-06-09 6252976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl4e6d3fa9;MpKsl4e6d3fa9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF8A6827-3F60-4A80-BA3B-31A8729BD0F8}\MpKsl4e6d3fa9.sys [2014-11-24 39464]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 CFcatchme;CFcatchme;c:\users\milan\AppData\Local\Temp\CFcatchme.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-04-11 89856]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 snpmi03;VideoCAM NB 300;c:\windows\system32\DRIVERS\snpmi03.sys [2004-01-12 186112]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-04-11 184192]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2014-04-11 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1343400]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2014-04-30 233472]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2014-04-30 37344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2014-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 11:11]
.
2014-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709638672-2288162957-48926482-1000Core.job
- c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-09 06:08]
.
2014-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709638672-2288162957-48926482-1000UA.job
- c:\users\milan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-09 06:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.60.60

Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-11-24 21:36:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-11-24 20:36
ComboFix2.txt 2014-11-24 19:44
ComboFix3.txt 2014-11-16 20:23
.
Před spuštěním: Volných bajtů: 78 498 222 080
Po spuštění: Volných bajtů: 78 301 196 288
.
- - End Of File - - 59EBCBECC1B178EB6790661E3A65F920
A36C5E4F47E84449FF07ED3517B43A31

#9 Příspěvek od **vyosek** » 24 lis 2014 21:49

Log ted uz vypada OK, jak se chova PC, vse OK? Muzem pouklizet??

peknal · #10 Příspěvek od **peknal** » 26 lis 2014 20:26

Dobrý večer, kromě toho že se zase rozpadlo železo, už se to začíná hýbat.
předem díly Milda

#11 Příspěvek od **vyosek** » 26 lis 2014 20:29

Jak to myslite, rozpadlo zelezo

Jake jsou nyni problemy??

peknal · #12 Příspěvek od **peknal** » 26 lis 2014 20:33

no opět nešel pustit , problém na desce. Už funguje a zatím normálně. Akorát občas vypne. Snad je ta desKa OK .

#13 Příspěvek od **vyosek** » 26 lis 2014 20:34

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

DelFix https://toolslib.net/downloads/finish/2/

Stahnete a spustte
Ponechte zatrzitkou pouze u volby Remote disinfection tools
Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Vypada to na HW problemy, mozna servis?

peknal · #14 Příspěvek od **peknal** » 26 lis 2014 21:02

vše provedeno jak jste určil. Vypadá to, že je po problému se zamrzáním. Omlouvám se za rozkouskovanost a amaterský postup s combofixem. Než se objeví něco dalšího vřelé díky. Milda

#15 Příspěvek od **vyosek** » 26 lis 2014 21:03

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

totálně zamrzlý počítač

totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač

Re: totálně zamrzlý počítač