Preventivka - spíše tam toho najdeme!

Zpráva

#16 Příspěvek od **vyosek** » 26 čer 2015 07:04

Tak jeste jeden CFScript.txt, postup stejny

KillAll::

Rootkit::
c:\windows\SysWow64\drivers\TS888x64.sys
c:\windows\system32\drivers\TAOAccelerator64.sys
c:\windows\system32\drivers\TSSKX64.sys
c:\windows\system32\drivers\TAOKernel64.sys
c:\windows\system32\drivers\TFsFltX64.sys
c:\windows\system32\drivers\BDMWrench_x64.sys
c:\windows\system32\drivers\BDArKit.sys
c:\windows\system32\drivers\BDDefense.sys
c:\windows\system32\drivers\bd0003.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\bd0001.sys
c:\windows\system32\drivers\rsutils.sys
c:\windows\system32\drivers\sysmon.sys
c:\windows\system32\drivers\rsndisp.sys

File::
c:\windows\SysWow64\drivers\TS888x64.sys
c:\windows\system32\drivers\TAOAccelerator64.sys
c:\windows\system32\drivers\TSSKX64.sys
c:\windows\system32\drivers\TAOKernel64.sys
c:\windows\system32\drivers\TFsFltX64.sys
c:\windows\system32\drivers\BDMWrench_x64.sys
c:\windows\system32\drivers\BDArKit.sys
c:\windows\system32\drivers\BDDefense.sys
c:\windows\system32\drivers\bd0003.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\bd0001.sys
c:\windows\system32\drivers\rsutils.sys
c:\windows\system32\drivers\sysmon.sys
c:\windows\system32\drivers\rsndisp.sys

Folder::
c:\users\Zdeněk\AppData\Roaming\Baidu
c:\programdata\Rising
c:\program files (x86)\Rising
c:\program files (x86)\Tencent

Driver::
BDMWrench_x64
RsMgrSvc
RsRavMon

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RSDTRAY"=-
"QQPCTray"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.QMDeskTopGCIcon]
[-HKEY_CLASSES_ROOT\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]

File::
c:\windows\Tasks\Adobe Flash Player Updater.job

Reboot::

goffy1985 · #17 Příspěvek od **goffy1985** » 26 čer 2015 17:56

ComboFix 15-06-24.01 - Zdeněk 26.06.2015 18:38:08.5.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6694 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Rising Software Deployment System *Enabled/Updated* {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Rising Software Deployment System *Enabled/Updated* {60A88726-9BAA-8843-60B1-768966A982DA}
.
FILE ::
"c:\windows\system32\drivers\bd0001.sys"
"c:\windows\system32\drivers\bd0002.sys"
"c:\windows\system32\drivers\bd0003.sys"
"c:\windows\system32\drivers\BDArKit.sys"
"c:\windows\system32\drivers\BDDefense.sys"
"c:\windows\system32\drivers\BDMWrench_x64.sys"
"c:\windows\system32\drivers\rsndisp.sys"
"c:\windows\system32\drivers\rsutils.sys"
"c:\windows\system32\drivers\sysmon.sys"
"c:\windows\system32\drivers\TAOAccelerator64.sys"
"c:\windows\system32\drivers\TAOKernel64.sys"
"c:\windows\system32\drivers\TFsFltX64.sys"
"c:\windows\system32\drivers\TSSKX64.sys"
"c:\windows\SysWow64\drivers\TS888x64.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Rising
c:\program files (x86)\Rising\App.exe
c:\program files (x86)\Rising\RAV\12345678.000
c:\program files (x86)\Rising\RAV\antipromotionmon.dll
c:\program files (x86)\Rising\RAV\atl90.dll
c:\program files (x86)\Rising\RAV\bacore.dll
c:\program files (x86)\Rising\RAV\bawhite.dat
c:\program files (x86)\Rising\RAV\bawhite.dll
c:\program files (x86)\Rising\RAV\browserruncount.dat
c:\program files (x86)\Rising\RAV\CCenter.db
c:\program files (x86)\Rising\RAV\cfgxml\adefmon.mond
c:\program files (x86)\Rising\RAV\cfgxml\mond.xml
c:\program files (x86)\Rising\RAV\cfgxml\mondcoms.xml
c:\program files (x86)\Rising\RAV\cfgxml\repairmanager.mond
c:\program files (x86)\Rising\RAV\cfgxml\repairmanager.mondcoms
c:\program files (x86)\Rising\RAV\cfgxml\userdata.mond
c:\program files (x86)\Rising\RAV\cfgxml\userdata.rstray
c:\program files (x86)\Rising\RAV\cloudnet.dll
c:\program files (x86)\Rising\RAV\cloudnotifier.dll
c:\program files (x86)\Rising\RAV\cloudqry.dll
c:\program files (x86)\Rising\RAV\cloudsta.dll
c:\program files (x86)\Rising\RAV\cloudstore.dll
c:\program files (x86)\Rising\RAV\Cloudv3.dll
c:\program files (x86)\Rising\RAV\cloudwork.dll
c:\program files (x86)\Rising\RAV\cnt08.dll
c:\program files (x86)\Rising\RAV\cnt09.dll
c:\program files (x86)\Rising\RAV\CompsVer.inf
c:\program files (x86)\Rising\RAV\comx3.dll
c:\program files (x86)\Rising\RAV\dataups.dat
c:\program files (x86)\Rising\RAV\defmon.dll
c:\program files (x86)\Rising\RAV\desktop.ini
c:\program files (x86)\Rising\RAV\dfw.dll
c:\program files (x86)\Rising\RAV\hookbase.dll
c:\program files (x86)\Rising\RAV\Label.dat
c:\program files (x86)\Rising\RAV\localopt.dll
c:\program files (x86)\Rising\RAV\LogAc.bmp
c:\program files (x86)\Rising\RAV\LogDc.bmp
c:\program files (x86)\Rising\RAV\logfiles\ravmond.exe.cloudwork.log
c:\program files (x86)\Rising\RAV\logfiles\ravmond.exe.log
c:\program files (x86)\Rising\RAV\logfiles\RSMAIN.EXE.log
c:\program files (x86)\Rising\RAV\mergexml.dll
c:\program files (x86)\Rising\RAV\Microsoft.VC90.ATL.manifest
c:\program files (x86)\Rising\RAV\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Rising\RAV\moncom08.dll
c:\program files (x86)\Rising\RAV\moncomm.dll
c:\program files (x86)\Rising\RAV\mondef.dll
c:\program files (x86)\Rising\RAV\mondrv.dll
c:\program files (x86)\Rising\RAV\monrule.dll
c:\program files (x86)\Rising\RAV\msvcp90.dll
c:\program files (x86)\Rising\RAV\msvcr90.dll
c:\program files (x86)\Rising\RAV\NetConfig.ini
c:\program files (x86)\Rising\RAV\pngdll.dll
c:\program files (x86)\Rising\RAV\Proccom.dll
c:\program files (x86)\Rising\RAV\Proccomm.dll
c:\program files (x86)\Rising\RAV\procenv.dll
c:\program files (x86)\Rising\RAV\prvcloudcfg.ini
c:\program files (x86)\Rising\RAV\rav936\chs.lag
c:\program files (x86)\Rising\RAV\rav936\lics936.txt
c:\program files (x86)\Rising\RAV\ravmond.exe
c:\program files (x86)\Rising\RAV\ravmond.exe_status.ini
c:\program files (x86)\Rising\RAV\RavSetup.dll
c:\program files (x86)\Rising\RAV\ravxp.exe
c:\program files (x86)\Rising\RAV\repairmanager.dll
c:\program files (x86)\Rising\RAV\restorelog.txt
c:\program files (x86)\Rising\RAV\Rising.ico
c:\program files (x86)\Rising\RAV\RsBaseNetWrapper.dll
c:\program files (x86)\Rising\RAV\rscfg.dll
c:\program files (x86)\Rising\RAV\rscom.dll
c:\program files (x86)\Rising\RAV\rscombas.dll
c:\program files (x86)\Rising\RAV\rscommx2.dll
c:\program files (x86)\Rising\RAV\rscurl.dll
c:\program files (x86)\Rising\RAV\rslog.dll
c:\program files (x86)\Rising\RAV\rsmain.dll
c:\program files (x86)\Rising\RAV\rsmain.exe
c:\program files (x86)\Rising\RAV\RsMain.ico
c:\program files (x86)\Rising\RAV\rsnscfg.dat
c:\program files (x86)\Rising\RAV\rspalvd.dll
c:\program files (x86)\Rising\RAV\RsSmall.bmp
c:\program files (x86)\Rising\RAV\rssqlite.dll
c:\program files (x86)\Rising\RAV\rssrv.dll
c:\program files (x86)\Rising\RAV\rstask.xml
c:\program files (x86)\Rising\RAV\rstasku.xml
c:\program files (x86)\Rising\RAV\RstoreDll.dll
c:\program files (x86)\Rising\RAV\RsTray.ico
c:\program files (x86)\Rising\RAV\rsutils_if.dll
c:\program files (x86)\Rising\RAV\rsxml3a.dll
c:\program files (x86)\Rising\RAV\rsxml3w.dll
c:\program files (x86)\Rising\RAV\selfmon.dll
c:\program files (x86)\Rising\RAV\setup.dat
c:\program files (x86)\Rising\RAV\syslay.dll
c:\program files (x86)\Rising\RAV\sysmon_if.dll
c:\program files (x86)\Rising\RAV\traywnd.dll
c:\program files (x86)\Rising\RAV\uprsmon.dat
c:\program files (x86)\Rising\RAV\uprsuser.dat
c:\program files (x86)\Rising\RAV\url.ini
c:\program files (x86)\Rising\RAV\XMLS\_RAV.xml
c:\program files (x86)\Rising\RAV\XMLS\CLOUDQRY.xml
c:\program files (x86)\Rising\RAV\XMLS\CLOUDV3.xml
c:\program files (x86)\Rising\RAV\XMLS\HOOKBASE.xml
c:\program files (x86)\Rising\RAV\XMLS\LICENSE.xml
c:\program files (x86)\Rising\RAV\XMLS\MONBASEDUI.xml
c:\program files (x86)\Rising\RAV\XMLS\MSCRT9.xml
c:\program files (x86)\Rising\RAV\XMLS\RAV936.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVBASE.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVCONFIG.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVDEFDB.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVLOG.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVMAINDUI.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVMON.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVXP.xml
c:\program files (x86)\Rising\RAV\XMLS\RSCFG.xml
c:\program files (x86)\Rising\RAV\XMLS\RSCOMM.xml
c:\program files (x86)\Rising\RAV\XMLS\RSDK.xml
c:\program files (x86)\Rising\RAV\XMLS\RSMONDEF.xml
c:\program files (x86)\Rising\RAV\XMLS\setup.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\_RAV\_RAV.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\_RAV\setup.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\cloudnet.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\cloudqry.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\CLOUDQRY.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\cloudsta.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\rscurl.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\rsnscfg.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\cloudnotifier.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\cloudstore.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\Cloudv3.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\CLOUDV3.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\cloudwork.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\datastorage.db
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\dataups.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\localopt.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\userdata.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\userdata.rstray
c:\program files (x86)\Rising\RSD\Backup\RAV\CompsVer.inf
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\64\rsndisp.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\64\rsutils.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\64\sysmon.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\hookbase.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\HOOKBASE.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\kguard.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\kguard_if.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\mondrv.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsdll.dll.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsndisp.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsutils.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsutils_if.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\sysmon.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\sysmon_if.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\Label.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\LICENSE\12345678.000
c:\program files (x86)\Rising\RSD\Backup\RAV\LICENSE\LICENSE.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\MONBASEDUI.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\moncomm.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\ravmond.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\rscombas.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\rssrv.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\atl90.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\Microsoft.VC90.ATL.manifest
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\MSCRT9.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\msvcp90.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\msvcr90.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV936\chs.lag
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV936\lics936.txt
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV936\RAV936.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\LogAc.bmp
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\LogDc.bmp
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\pngdll.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RAV.ico
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RAVBASE.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RavSetup.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\Repair.url
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\repairmanager.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\repairmanager.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\repairmanager.mondcoms
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\Rising.ico
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RsMain.ico
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rspalvd.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RsSmall.bmp
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rstask.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RsTray.ico
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\setup.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\url.ini
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVCONFIG\mergexml.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVCONFIG\ravcfg.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVCONFIG\RAVCONFIG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\mondef.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\RAVDEFDB.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\rsmon.db1
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\rsuser.db1
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\uprsmon.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\uprsuser.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLOG\RAVLOG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLOG\rslog.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMAINDUI\RAVMAINDUI.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMAINDUI\rsmain.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMAINDUI\rsmain.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMON\mond.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMON\mondcoms.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMON\RAVMON.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVXP\ravxp.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVXP\RAVXP.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCFG\rscfg.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCFG\RSCFG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\cnt08.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\cnt09.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\moncom08.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\Proccom.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\Proccomm.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\RsBaseNetWrapper.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\RSCOMM.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\rscommx2.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\rssqlite.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\syslay.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\comx3.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\dfw.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\procenv.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\rscom.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\RSDK.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\rsxml3a.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\rsxml3w.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\traywnd.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\adefmon.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\antipromotionmon.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\bacore.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\bawhite.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\bawhite.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\defmon.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\monrule.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\RSMONDEF.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\selfmon.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\x64\adefmon.mond
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\CfgDll.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\comx3.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\localopt.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\os.xml
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\popwndexe.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\protreg.sys
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsAppMgr.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsBackup.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD1252\Eng.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD932\Jpn.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD936\CHS.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD950\CHT.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rsdinfo.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rsdk.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rslang.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rsmginfo.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsMgrSvc.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSSetup.xml
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsStub.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RstoreDll.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\setup.dat
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\Setup.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\syslay.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\ui\snin.htm
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\update.xml
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\updater.exe
c:\program files (x86)\Rising\RSD\CfgDll.dll
c:\program files (x86)\Rising\RSD\comx3.dll
c:\program files (x86)\Rising\RSD\Data\RAV\RAV.ini
c:\program files (x86)\Rising\RSD\localopt.dll
c:\program files (x86)\Rising\RSD\os.xml
c:\program files (x86)\Rising\RSD\popwndexe.exe
c:\program files (x86)\Rising\RSD\restorelog.txt
c:\program files (x86)\Rising\RSD\RsAppMgr.dll
c:\program files (x86)\Rising\RSD\RsBackup.exe
c:\program files (x86)\Rising\RSD\RSD1252\Eng.lag
c:\program files (x86)\Rising\RSD\RSD932\Jpn.lag
c:\program files (x86)\Rising\RSD\RSD936\CHS.lag
c:\program files (x86)\Rising\RSD\RSD950\CHT.lag
c:\program files (x86)\Rising\RSD\rsdinfo.dll
c:\program files (x86)\Rising\RSD\rsdk.dll
c:\program files (x86)\Rising\RSD\rslang.dll
c:\program files (x86)\Rising\RSD\rsmginfo.dll
c:\program files (x86)\Rising\RSD\RsMgrSvc.dat
c:\program files (x86)\Rising\RSD\RsMgrSvc.exe
c:\program files (x86)\Rising\RSD\RsMgrSvc.exe.log
c:\program files (x86)\Rising\RSD\RsMgrsvc.ini
c:\program files (x86)\Rising\RSD\RsStub.exe
c:\program files (x86)\Rising\RSD\RstoreDll.dll
c:\program files (x86)\Rising\RSD\setup.dat
c:\program files (x86)\Rising\RSD\Setup.exe
c:\program files (x86)\Rising\RSD\Setup.exe.log
c:\program files (x86)\Rising\RSD\syslay.dll
c:\program files (x86)\Rising\RSD\ui\snin.htm
c:\program files (x86)\Rising\RSD\update.xml
c:\program files (x86)\Rising\RSD\updater.exe
c:\program files (x86)\Rising\RSD\updater2.exe
c:\program files (x86)\Rising\RSD\XMLS\RSSetup.xml
c:\programdata\Rising
c:\programdata\Rising\Rav\datastorage.db
c:\programdata\Rising\Rav\language.ini
c:\programdata\Rising\Rav\RAV.ini
c:\programdata\Rising\Rav\ravcfg.xml
c:\programdata\Rising\Rav\rsmon.db
c:\programdata\Rising\Rav\rsmon.db1
c:\programdata\Rising\Rav\rsuser.db
c:\programdata\Rising\Rav\rsuser.db1
c:\programdata\Rising\Rav\ShortCut\RAV.ico
c:\programdata\Rising\Rav\ShortCut\Repair.url
c:\programdata\Rising\RSD\rsmsgcache.ini
c:\programdata\Rising\RSD\rsmsginfo.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Legacy_BDMWRENCH_X64
-------\Service_bd0001
-------\Service_bd0002
-------\Service_BDMWrench_x64
-------\Service_RsMgrSvc
-------\Service_RsRavMon
-------\Legacy_rsutils
-------\Service_rsutils
-------\Service_sysmon
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-26 do 2015-06-26 )))))))))))))))))))))))))))))))
.
.
2015-06-26 16:48 . 2015-06-26 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-26 08:27 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{492E892A-E11A-47D3-9DCD-FFD4B854D41C}\mpengine.dll
2015-06-25 15:13 . 2015-06-25 15:13 -------- d-----w- c:\programdata\SkidOrbit
2015-06-24 17:23 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-24 10:36 . 2015-06-24 10:13 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-24 10:13 . 2015-06-24 10:32 -------- d-----w- C:\zoek_backup
2015-06-23 19:42 . 2015-06-23 19:48 -------- d-----w- C:\AdwCleaner
2015-06-23 18:43 . 2015-06-23 18:43 -------- d-----w- C:\rsit
2015-06-23 18:43 . 2015-06-23 18:43 -------- d-----w- c:\program files\trend micro
2015-06-23 18:32 . 2015-06-23 18:32 0 ----a-w- c:\windows\prleth.sys
2015-06-23 18:32 . 2015-06-23 18:32 0 ----a-w- c:\windows\hgfs.sys
2015-06-23 16:32 . 2015-06-23 18:12 28984 ----a-w- c:\windows\SysWow64\drivers\TS888x64.sys
2015-06-22 18:29 . 2015-06-22 18:29 -------- d-----w- c:\users\ZDENK~2
2015-06-22 18:00 . 2015-06-22 17:59 99640 ----a-w- c:\windows\system32\drivers\TAOAccelerator64.sys
2015-06-22 17:59 . 2015-06-22 17:59 -------- d-----w- c:\users\Zden?
2015-06-22 17:59 . 2015-06-22 17:59 38200 ----a-w- c:\windows\system32\drivers\TSSKX64.sys
2015-06-22 17:59 . 2015-06-22 17:59 174392 ----a-w- c:\windows\system32\drivers\TAOKernel64.sys
2015-06-22 17:59 . 2015-06-22 17:59 87864 ----a-w- c:\windows\system32\drivers\TFsFltX64.sys
2015-06-22 17:56 . 2015-04-08 07:17 56136 ----a-w- c:\windows\system32\drivers\BDMWrench_x64.sys
2015-06-22 17:55 . 2015-04-08 07:17 152392 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2015-06-22 17:55 . 2015-04-08 07:17 103240 ----a-w- c:\windows\system32\drivers\BDDefense.sys
2015-06-22 17:55 . 2015-04-08 07:17 67400 ----a-w- c:\windows\system32\drivers\bd0003.sys
2015-06-22 17:55 . 2015-04-08 07:17 196936 ----a-w- c:\windows\system32\drivers\bd0002.sys
2015-06-22 17:55 . 2015-04-08 07:17 202576 ----a-w- c:\windows\system32\drivers\bd0001.sys
2015-06-22 17:55 . 2015-06-22 17:55 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Baidu
2015-06-22 17:54 . 2015-03-11 05:00 71056 ------w- c:\windows\system32\drivers\rsutils.sys
2015-06-22 17:54 . 2015-02-11 05:00 121072 ------w- c:\windows\system32\drivers\sysmon.sys
2015-06-22 17:54 . 2012-02-29 07:49 11888 ------w- c:\windows\system32\drivers\rsndisp.sys
2015-06-22 17:30 . 2015-06-22 17:30 -------- d-----w- c:\program files\Ubisoft
2015-06-19 11:00 . 2015-03-26 19:59 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51ED816A-4883-4BD3-9D79-D829404EB168}\gapaengine.dll
2015-06-09 19:32 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-06-01 17:10 . 2015-06-01 17:10 -------- d-----w- c:\users\Zdeněk\AppData\Local\GWX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-23 17:40 . 2014-01-03 08:48 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-23 17:40 . 2014-01-03 08:48 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 16:37 . 2015-02-21 13:32 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-09 21:27 . 2014-01-03 11:27 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:38 . 2014-06-16 17:59 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-25 18:19 . 2015-06-09 19:32 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 19:32 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-09 19:32 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 19:32 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-09 19:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-13 20:30 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 20:30 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 16:52 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-13 16:52 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 02:56 . 2015-05-13 16:52 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 16:54 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 16:54 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 07:37 . 2015-02-21 13:31 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-02-21 13:31 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-01-07 16:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 16:53 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 16:52 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 16:52 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 16:52 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QQPCTray"="c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTRAY.EXE" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv61xx.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VmbService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-03 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7541976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
TCP: Interfaces\{01919392-71EE-4495-9FEE-D3BA839FCCED}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{4E2608BF-D6A0-4680-BFC0-6AD30A8BC216}: NameServer = 217.77.165.81 217.77.161.131
FF - ProfilePath - c:\users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-RAV - c:\program files (x86)\Rising\RSD\Setup.exe
AddRemove-RSD - c:\program files (x86)\Rising\RSD\Setup.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\10.9.16350.226\\QQPCTRAY.EXE\" /regrun /qqrepair"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
.
**************************************************************************
.
Celkový čas: 2015-06-26 18:54:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-06-26 16:54
ComboFix2.txt 2015-06-25 19:41
ComboFix3.txt 2015-06-25 10:21
ComboFix4.txt 2015-06-24 14:00
ComboFix5.txt 2015-06-26 16:36
.
Před spuštěním: Volných bajtů: 65 356 144 640
Po spuštění: Volných bajtů: 65 333 907 456
.
- - End Of File - - F934948036027F36930CEAF612EAC4A2
A36C5E4F47E84449FF07ED3517B43A31

#18 Příspěvek od **vyosek** » 26 čer 2015 18:00

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"=-
"QQPCTray"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QQPCTray"=-

:files
c:\windows\system32\drivers\TAOAccelerator64.sys
c:\windows\SysWow64\drivers\TS888x64.sys
c:\windows\system32\drivers\TSSKX64.sys
c:\windows\system32\drivers\TAOKernel64.sys
c:\windows\system32\drivers\TFsFltX64.sys
c:\windows\system32\drivers\BDMWrench_x64.sys
c:\windows\system32\drivers\BDArKit.sys
c:\windows\system32\drivers\BDDefense.sys
c:\windows\system32\drivers\bd0003.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\bd0001.sys
c:\users\Zdeněk\AppData\Roaming\Baidu
c:\Program Files (x86)\Tencent
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

goffy1985 · #19 Příspěvek od **goffy1985** » 26 čer 2015 18:22

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QQPCTray not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\QQPCTray not found.
========== FILES ==========
File/Folder c:\windows\system32\drivers\TAOAccelerator64.sys not found.
c:\windows\SysWow64\drivers\TS888x64.sys moved successfully.
File/Folder c:\windows\system32\drivers\TSSKX64.sys not found.
File/Folder c:\windows\system32\drivers\TAOKernel64.sys not found.
File/Folder c:\windows\system32\drivers\TFsFltX64.sys not found.
File/Folder c:\windows\system32\drivers\BDMWrench_x64.sys not found.
File/Folder c:\windows\system32\drivers\BDArKit.sys not found.
File/Folder c:\windows\system32\drivers\BDDefense.sys not found.
File/Folder c:\windows\system32\drivers\bd0003.sys not found.
File/Folder c:\windows\system32\drivers\bd0002.sys not found.
File/Folder c:\windows\system32\drivers\bd0001.sys not found.
c:\users\Zdeněk\AppData\Roaming\Baidu\Common folder moved successfully.
c:\users\Zdeněk\AppData\Roaming\Baidu\BDZC folder moved successfully.
c:\users\Zdeněk\AppData\Roaming\Baidu folder moved successfully.
File/Folder c:\Program Files (x86)\Tencent not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Zdeněk
->Temp folder emptied: 1949862 bytes
->Temporary Internet Files folder emptied: 10824841 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 425473757 bytes
->Flash cache emptied: 1890 bytes

User: Zden臎k
->Temp folder emptied: 0 bytes

User: Zden靕
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3453 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 418,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Zdeněk
->Flash cache emptied: 0 bytes

User: Zden臎k

User: Zden靕

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Zdeněk
->Java cache emptied: 0 bytes

User: Zden臎k

User: Zden靕

Total Java Files Cleaned = 0,00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 06262015_191713

Files moved on Reboot...
File move failed. C:\Users\Zdeněk\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395c8fd8a861_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Zdeněk\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395c8fd8a861_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
File C:\Users\Zdeněk\AppData\Local\Temp\etilqs_jLCaAG7fw5FKwVA not found!
File C:\Users\Zdeněk\AppData\Local\Temp\etilqs_RiEbzaS5EdbJPos not found!
C:\Users\Zdeněk\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#20 Příspěvek od **vyosek** » 26 čer 2015 18:34

Tak poprosim o FRST http://forum.viry.cz/viewtopic.php?f=30&t=133101 a snad uz tam budou jen drobnosti - tyhle cinske smejdy jsou zasite a odolne jak kjava

goffy1985 · #21 Příspěvek od **goffy1985** » 26 čer 2015 18:43

snad správně provedeno....

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Zdeněk (administrator) on ZDENĚKPC on 26-06-2015 19:42:15
Running from C:\Users\Zdeněk\Desktop
Loaded Profiles: Zdeněk (Available Profiles: Zdeněk)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7541976 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... J90S205295
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... M%3DIESR02
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1053365669-2197649965-748403606-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-25] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 94.74.192.252 94.74.192.244
Tcpip\..\Interfaces\{01919392-71EE-4495-9FEE-D3BA839FCCED}: [NameServer] 217.77.165.81 217.77.161.131
Tcpip\..\Interfaces\{4E2608BF-D6A0-4680-BFC0-6AD30A8BC216}: [NameServer] 217.77.165.81 217.77.161.131

FireFox:
========
FF ProfilePath: C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()
FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1053365669-2197649965-748403606-1000: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF Extension: YouTube mp3 - C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default\Extensions\info@youtube-mp3.org.xpi [2014-12-30]
FF Extension: Adblock Plus - C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-05]
FF Extension: Adblock Edge - C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-05]
StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-07-14] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-03] (Disc Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [213504 2011-07-12] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2010-10-26] (Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 19:42 - 2015-06-26 19:42 - 00011750 _____ C:\Users\Zdeněk\Desktop\FRST.txt
2015-06-26 19:42 - 2015-06-26 19:42 - 00000000 ____D C:\FRST
2015-06-26 19:41 - 2015-06-26 19:41 - 02112512 _____ (Farbar) C:\Users\Zdeněk\Desktop\FRST64.exe
2015-06-26 19:17 - 2015-06-26 19:17 - 00000000 ____D C:\_OTM
2015-06-26 19:16 - 2015-06-26 19:16 - 00522240 _____ (OldTimer Tools) C:\Users\Zdeněk\Desktop\OTM.exe
2015-06-26 18:54 - 2015-06-26 18:54 - 00032132 _____ C:\ComboFix.txt
2015-06-25 17:13 - 2015-06-26 19:20 - 00000000 ____D C:\Users\Zdeněk\Documents\Assassin's Creed Unity
2015-06-25 17:13 - 2015-06-25 17:13 - 00000000 ____D C:\ProgramData\SkidOrbit
2015-06-25 17:10 - 2015-06-25 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-06-25 15:00 - 2015-06-25 15:00 - 00000000 ____D C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-24 16:10 - 2015-06-25 14:18 - 00000000 ____D C:\Users\Zden靕\AppData\Roaming\Baidu
2015-06-24 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-24 15:19 - 2015-06-26 18:49 - 00005014 _____ C:\Windows\PFRO.log
2015-06-24 13:08 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-24 13:08 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-24 13:04 - 2015-06-26 18:55 - 00000000 ____D C:\Qoobox
2015-06-24 13:03 - 2015-06-26 18:48 - 00000000 ____D C:\Windows\erdnt
2015-06-24 13:02 - 2015-06-24 13:03 - 05630176 ____R (Swearware) C:\ComboFix.exe
2015-06-24 12:36 - 2015-06-24 12:13 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-24 12:14 - 2015-06-24 12:39 - 00007234 _____ C:\cpf.log
2015-06-24 12:13 - 2015-06-24 12:32 - 00000000 ____D C:\zoek_backup
2015-06-24 12:12 - 2015-06-24 12:13 - 01308672 _____ C:\Users\Zdeněk\Desktop\zoek.exe
2015-06-23 21:42 - 2015-06-23 21:48 - 00000000 ____D C:\AdwCleaner
2015-06-23 21:41 - 2015-06-23 21:41 - 02244096 _____ C:\Users\Zdeněk\Desktop\adwcleaner_4.207.exe
2015-06-23 20:43 - 2015-06-23 20:43 - 00000000 ____D C:\rsit
2015-06-23 20:43 - 2015-06-23 20:43 - 00000000 ____D C:\Program Files\trend micro
2015-06-23 20:42 - 2015-06-23 20:42 - 01222144 _____ C:\Users\Zdeněk\Desktop\RSITx64.exe
2015-06-23 20:32 - 2015-06-23 20:32 - 00000000 _____ C:\Windows\prleth.sys
2015-06-23 20:32 - 2015-06-23 20:32 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-22 20:29 - 2015-06-22 20:29 - 00000000 ____D C:\Users\Zden臎k
2015-06-22 20:00 - 2015-06-22 19:59 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00000000 ____D C:\Users\Zden靕
2015-06-22 19:59 - 2015-06-22 19:59 - 00000000 ____D C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-22 19:56 - 2015-04-08 09:17 - 00056136 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00202576 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00196936 _____ (Baidu) C:\Windows\system32\Drivers\bd0002.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00152392 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00103240 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00067400 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys
2015-06-22 19:54 - 2015-06-22 19:54 - 00000150 __RSH C:\rising.ini
2015-06-22 19:54 - 2015-06-22 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System
2015-06-22 19:54 - 2015-03-11 07:00 - 00071056 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-06-22 19:54 - 2015-02-11 07:00 - 00121072 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-06-22 19:54 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-06-22 19:47 - 2015-06-22 19:47 - 00018549 _____ C:\Windows\DirectX.log
2015-06-22 19:30 - 2015-06-22 19:30 - 00000000 ____D C:\Program Files\Ubisoft
2015-06-22 09:10 - 2015-06-26 19:19 - 00004368 _____ C:\Windows\setupact.log
2015-06-22 09:10 - 2015-06-22 09:10 - 00000000 _____ C:\Windows\setuperr.log
2015-06-15 21:24 - 2015-06-15 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-09 21:33 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 21:33 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 21:33 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 21:33 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 21:33 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 21:33 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 21:33 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 21:33 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 21:33 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 21:33 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 21:33 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 21:33 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 21:33 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 21:33 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-09 21:33 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-09 21:33 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-09 21:33 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-09 21:33 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-09 21:32 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 21:32 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 21:32 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 21:32 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 21:32 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-09 21:32 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-09 21:32 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-09 21:32 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-09 21:32 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-09 21:32 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-09 21:32 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-09 21:32 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-09 21:32 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-09 21:32 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-09 21:32 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-09 21:32 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-09 21:32 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-09 21:32 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-09 21:32 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-09 21:32 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-09 21:32 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-09 21:32 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-09 21:32 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-09 21:32 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-09 21:32 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-09 21:32 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-09 21:32 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-09 21:32 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-09 21:32 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-09 21:32 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-09 21:32 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-09 21:32 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-09 21:32 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-09 21:32 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-09 21:32 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-09 21:32 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-09 21:32 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-09 21:32 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-09 21:32 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-09 21:32 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 21:32 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 21:32 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-09 21:32 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-09 21:32 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 21:32 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-09 21:32 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-09 21:32 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 21:32 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-09 21:32 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-09 21:32 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 21:32 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-09 21:32 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 21:32 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-09 21:32 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-09 21:32 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-09 21:32 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 21:32 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-09 21:32 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 21:32 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-09 21:32 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-09 21:32 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-09 21:32 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 21:32 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 21:32 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 21:32 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 21:32 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 21:32 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-09 21:32 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 21:32 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 21:32 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 21:32 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 21:32 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 21:32 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-09 21:32 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-09 21:32 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 21:32 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 21:32 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 21:32 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-09 21:32 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-09 21:32 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 21:32 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 21:32 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-09 21:32 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 21:32 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 21:32 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 21:32 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 21:32 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-09 21:32 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-09 21:32 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 21:32 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-09 21:32 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-09 21:32 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 21:32 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 21:32 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-09 21:32 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 21:32 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 21:32 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-09 21:32 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 21:32 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 21:32 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 21:32 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 21:32 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 21:32 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 21:32 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-01 19:10 - 2015-06-01 19:10 - 00000000 ____D C:\Users\Zdeněk\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 19:40 - 2014-01-03 10:48 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-26 19:27 - 2009-07-14 06:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-26 19:27 - 2009-07-14 06:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-26 19:23 - 2014-01-11 15:46 - 01734702 _____ C:\Windows\WindowsUpdate.log
2015-06-26 19:19 - 2014-01-02 18:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-26 19:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-26 18:50 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-26 18:48 - 2009-07-14 04:34 - 79429632 _____ C:\Windows\system32\config\software.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 22020096 _____ C:\Windows\system32\config\system.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 00331776 _____ C:\Windows\system32\config\default.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 00028672 _____ C:\Windows\system32\config\sam.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\security.bak
2015-06-26 11:20 - 2014-08-07 10:48 - 00000000 ____D C:\Users\Zdeněk\Desktop\Hry
2015-06-25 21:32 - 2009-07-14 04:34 - 58839040 _____ C:\Windows\system32\config\components.bak
2015-06-25 21:12 - 2014-01-02 15:17 - 00000000 ____D C:\Program Files\WinRAR
2015-06-25 17:00 - 2014-01-07 21:02 - 00000000 ____D C:\Users\Zdeněk\AppData\Roaming\Media Player Classic
2015-06-25 16:37 - 2014-08-06 20:29 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-06-25 15:00 - 2014-01-02 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-25 11:54 - 2014-01-02 15:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-24 13:31 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-24 12:14 - 2014-01-07 14:04 - 00000000 ____D C:\Users\Zdeněk\Desktop\vše
2015-06-23 21:48 - 2014-07-04 19:37 - 00000971 _____ C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-23 21:48 - 2014-01-02 16:26 - 00001049 _____ C:\Users\Zdeněk\Desktop\M.lnk
2015-06-23 19:40 - 2014-01-03 10:48 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 19:40 - 2014-01-03 10:48 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 19:40 - 2014-01-03 10:48 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 18:37 - 2015-02-21 15:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-23 18:30 - 2009-07-14 06:45 - 00798736 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-22 20:00 - 2014-01-02 14:47 - 00243168 _____ C:\Users\Zdeněk\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-22 09:34 - 2014-01-03 19:36 - 00000000 ____D C:\Users\Zdeněk\AppData\Roaming\DAEMON Tools Lite
2015-06-21 20:27 - 2014-01-03 20:47 - 00000000 ____D C:\Windows\Minidump
2015-06-21 20:22 - 2014-08-06 20:35 - 00000000 ____D C:\ProgramData\Orbit
2015-06-21 20:22 - 2014-01-03 19:54 - 00000000 ____D C:\Users\Zdeněk\Documents\My Games
2015-06-19 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-16 19:17 - 2014-01-02 17:02 - 00000000 ___RD C:\Users\Zdeněk\Desktop\Programy
2015-06-16 19:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PLA
2015-06-15 21:24 - 2015-02-21 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-12 19:01 - 2014-08-15 17:36 - 00000000 ____D C:\Users\Zdeněk\AppData\Local\Adobe
2015-06-10 18:49 - 2009-07-14 17:18 - 01323946 _____ C:\Windows\system32\perfh005.dat
2015-06-10 18:49 - 2009-07-14 17:18 - 00362960 _____ C:\Windows\system32\perfc005.dat
2015-06-10 18:49 - 2009-07-14 07:13 - 00006256 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 18:41 - 2014-12-14 19:48 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 18:41 - 2014-07-04 19:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 18:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 23:31 - 2015-01-27 11:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-09 23:30 - 2014-01-03 13:27 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 23:27 - 2014-01-03 13:27 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-03 17:18 - 2009-07-14 07:08 - 00032526 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-01-07 13:47 - 2014-01-07 13:47 - 0000017 _____ () C:\Users\Zdeněk\AppData\Local\resmon.resmoncfg
2011-07-12 15:02 - 2011-07-12 15:02 - 0232496 ____R () C:\ProgramData\DeviceManager.xml.rc4
2014-01-03 10:38 - 2014-01-03 10:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-24 16:17

==================== End of log ============================

#22 Příspěvek od **vyosek** » 26 čer 2015 18:52

Jeste poprosim o log Addition.txt

goffy1985 · #23 Příspěvek od **goffy1985** » 26 čer 2015 18:57

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Zdeněk at 2015-06-26 19:43:01
Running from C:\Users\Zdeněk\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1053365669-2197649965-748403606-500 - Administrator - Disabled)
Guest (S-1-5-21-1053365669-2197649965-748403606-501 - Limited - Disabled)
Zdeněk (S-1-5-21-1053365669-2197649965-748403606-1000 - Administrator - Enabled) => C:\Users\Zdeněk

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Aktualizace NVIDIA 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Assassins Creed Unity (HKLM-x32\...\Assassins Creed Unity_is1) (Version: - )
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battlefield 4 Update 1 (HKLM-x32\...\QmF0dGxlZmllbGQ0_is1) (Version: 1 - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.0 - Electronic Arts)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Malwarebytes Anti-Malware verze 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.7700 - Marvell)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 16.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 16.0 (x86 cs)) (Version: 16.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Viber (HKU\S-1-5-21-1053365669-2197649965-748403606-1000\...\Viber) (Version: 5.0.0.2821 - Viber Media Inc)
Vodafone Mobile Broadband Lite (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.302.33178 - Vodafone)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

25-06-2015 21:15:47 ComboFix created restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-06-26 19:17 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4FD49EDC-5A2F-4B90-A5D8-D6B397690D57} - System32\Tasks\{996FA91A-6FAB-40CA-B3BC-0BE594D81E14} => Iexplore.exe http://ui.skype.com/ui/0/7.0.0.102/cs/a ... rogressBar
Task: {69F4F6E8-3E29-4446-987A-342815851AC3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {A7AE5B3E-3633-4C62-A914-EA8A3405DDCC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {A8D3096D-6956-4A82-9EA6-E9C1F66B4A1D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-03] (Microsoft Corporation)
Task: {D32E50C7-D4FB-45D6-9FCF-A18D72757F3D} - System32\Tasks\{7D95FC7A-0A3A-4D73-B175-408BC6168D1D} => pcalua.exe -a C:\Users\Zdeněk\AppData\Roaming\omniboxes\UninstallManager.exe -c -ptid=obw
Task: {DB3BFCD1-0736-431B-AF3A-6400811A2FFD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E68F9D87-7B48-4A2D-A890-1CBEC909ABC9} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
Task: {E6A373C8-138C-4B59-8DDB-25B2C71BDEC1} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EA19C50F-D4C1-4655-9B00-4BFB6ED9EB8A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2011-03-20 18:33 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-06-23 19:40 - 2015-06-23 19:40 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Zdeněk\AppData\Roaming\XnView\\xnview_wallpaper_20150105.bmp
DNS Servers: 94.74.192.252 - 94.74.192.244

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Viber => "C:\Users\Zdeněk\AppData\Local\Viber\Viber.exe" StartMinimized
MSCONFIG\startupreg: Windows Drivers => "C:\Users\Zdeněk\AppData\Roaming\WinUpdate\c\windrv.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{681ADF04-29A3-45F6-9B7A-7364AE172BCF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{924B1C49-6EB9-46E5-B3F5-CB3E75AED488}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{AF9CCBC2-BE3B-40CA-88F8-0EE114CC2404}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F8DECA11-A16B-43C8-B2AC-AF7E3945E845}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D9EA6B8B-A708-4806-9861-17096ABAF0A9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{ECAC7FB1-1B7F-4DAA-AD2A-FBAC7DB48C46}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F7CF2498-6C6C-4DE6-BB8D-DF699D747DC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{622FD3A3-81CF-48BB-91CE-5FF8F4870C48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C314D8A1-C9F0-4A35-AA57-822A401FBF0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{327E9517-33EE-4252-9385-83DFCE5E96DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EE280FB0-498E-45B6-B4C6-3DB90C20DBA6}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{375B1C43-78F2-4F12-9100-DC2E00C89F01}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{B87A053D-5423-4589-9319-4055FE5FADC6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{E80870BA-12EE-4DDD-B803-C22A419C6C5C}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [UDP Query User{D66380D4-91F9-4857-BA80-0B7ED3BDD364}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [{786CAAE7-F57A-4E63-B19D-9F1C50FBC0F5}] => (Allow) D:\games\Battlefield 4\bf4_x86.exe
FirewallRules: [{E30E453E-3073-4E12-8A89-2BDF795F141B}] => (Allow) D:\games\Battlefield 4\bf4_x86.exe
FirewallRules: [{2AA18864-BC11-4781-AB91-C0D46988F660}] => (Allow) D:\games\Battlefield 4\bf4.exe
FirewallRules: [{AA208D53-CC72-4E64-A24E-C63DD61655A2}] => (Allow) D:\games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{119BE890-35F3-4ECD-BFEF-8CD8F9A00E1B}D:\grand theft auto v\gta5.exe] => (Block) D:\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{B77A1CB1-3B44-4EC8-9CB2-C558E40D3AF2}D:\grand theft auto v\gta5.exe] => (Block) D:\grand theft auto v\gta5.exe
FirewallRules: [{330A0CD6-FB61-4708-9FCD-111D1BD856A2}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{B0110138-D0FB-4AD0-A577-44A6BA4B1F7E}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{BAAE826C-076D-4A15-A2CC-47B06E1AC1FB}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{568CC4BC-7E1F-4664-9AB9-D68FC91150FB}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{70537617-C67A-4979-9255-8A784227B8CD}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{AB608FB0-3E5A-4C2D-9C07-C87EE2D3E8E1}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{8EABD510-3653-4738-A696-FFCF6BE23DFB}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{B550A1FE-447A-4B45-BF47-66A5DAF6FCC6}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{8CA91AD5-8045-453A-B718-52F3C3EC5FBD}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{A380DB7F-2A4A-4EA9-BECA-B8C029A07676}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{EDE05D67-53A9-4070-A117-9BBB5677D987}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{42DBC299-472C-418F-B237-2EF079BB326C}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{DC5439E2-C14C-4347-BCF1-41A70702FCC0}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{5D74D858-E509-4606-BED7-C9E9738D3D69}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{366F7583-ABCE-4309-9723-39FC6253A488}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{FBD7F840-F468-48BD-82C8-79C954F9A4F2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{FA72D2DE-7665-45FD-84A9-D222C01AAD48}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{B806EA84-0EAB-434B-A3C7-E458490E6AAF}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{37DE72AB-A564-43D2-9155-82CB39F3AD05}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{A27B98DF-67BA-4408-BAF7-73DEF7B357FF}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{A6CAA5DB-602B-40F4-B0AD-63B06A27FA68}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{6CC8E45F-EC0D-4BF1-9B36-DCFAF6A11351}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{24362AAC-8CF1-4606-8CB5-418F7C656C71}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{75A75731-D83F-4C38-8085-D581F892E8F1}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{79A86601-469C-48E5-AD01-68202EF510FA}] => (Allow) C:\program files (x86)\common files\baidu\bddownload\108\bddownloader.exe
FirewallRules: [{9E54D22D-2103-4AEE-BA83-B4C07A664597}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{E784FC88-CBE4-4831-8752-2CE35F21B2C7}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{045DB0FC-C3BB-4716-94DD-9C0D24A52FDD}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCmgrInstallGuide.exe
FirewallRules: [{D01DA222-C138-4C0A-91C7-0CE95CF3AE8B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTray.exe
FirewallRules: [{E524C530-A8C4-4C50-B5F4-F3226C92401E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCMgr.exe
FirewallRules: [{B019CF84-E516-48B6-AEFC-F149EFBBA97E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe
FirewallRules: [{02885048-8884-4685-8A2D-22EAAB95B1D1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMDL.exe
FirewallRules: [{26BDC5D8-3EF9-4DDD-8AF8-5EB839336752}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\bugreport.exe
FirewallRules: [{929BFFDA-2A30-4EB4-86BD-F69E0DAB15FA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCFileOpen.exe
FirewallRules: [{A76D8E34-DD79-4010-8B7D-52D381BE60D2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCLeakScan.exe
FirewallRules: [{DE873A74-F5C4-4780-8E2E-896BDC22553C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPConfig.exe
FirewallRules: [{CAC85640-C3AB-4497-8642-F2C5A9137CB3}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCSoftMgr.exe
FirewallRules: [{9CB278F9-78AA-4C39-B8A3-B677F2203950}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{E43EBCAE-639C-4A5B-8E0D-BCD30806D846}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCBTU.exe
FirewallRules: [{05C53B45-B2AC-464E-913E-2AE501BEDCB2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCClinic.exe
FirewallRules: [{98DA7CC1-F89C-4CBE-9CD6-733DEFEF6C7A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCLaunch.exe
FirewallRules: [{CCB0D8CD-2512-4266-AC07-BD8EBB4CDEA1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{411FCD53-F76D-404C-8639-111CEFC219F1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCSoftGame.exe
FirewallRules: [{4E2E316D-3705-4E81-8173-046A8922E005}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCSysOptimize.exe
FirewallRules: [{8D9B1B97-B588-4D31-BC17-53F0BC3AF350}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCUpdateAVLib.exe
FirewallRules: [{3DFDF3D2-983E-436F-9F03-43FF389EFF4B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQRepair.exe
FirewallRules: [{51EBC7D8-08BD-4B13-96D3-39A9E78ACA93}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\Uninst.exe
FirewallRules: [{4ECE43D9-069E-433D-91F3-CBD5B21E9E7C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCPatch.exe
FirewallRules: [{0758465B-A15E-43CE-B843-CF002B26D59B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TpkUpdate.exe
FirewallRules: [{28E80CE1-425A-4047-9F0F-BD6C72C69D2F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMRouterMgr.exe
FirewallRules: [{0EFC362A-D5D8-4937-99B4-BD7A0651597A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMAccountProtection.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2015 07:20:01 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/26/2015 06:49:55 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/26/2015 06:32:52 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/26/2015 05:56:52 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/26/2015 03:09:57 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/26/2015 00:53:53 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/26/2015 00:13:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Watch_Dogs.exe, verze: 0.1.0.1, časové razítko: 0x537507a1
Název chybujícího modulu: Disrupt_b64.dll, verze: 0.0.0.0, časové razítko: 0x5375077c
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000001d61dd5
ID chybujícího procesu: 0xa54
Čas spuštění chybující aplikace: 0xWatch_Dogs.exe0
Cesta k chybující aplikaci: Watch_Dogs.exe1
Cesta k chybujícímu modulu: Watch_Dogs.exe2
ID zprávy: Watch_Dogs.exe3

Error: (06/26/2015 10:15:38 AM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/25/2015 09:33:49 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/25/2015 09:12:41 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

System errors:
=============
Error: (06/26/2015 07:17:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Stereoscopic 3D Driver Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/26/2015 06:48:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (06/26/2015 06:48:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (06/26/2015 06:46:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (06/26/2015 06:46:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (06/26/2015 06:46:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (06/26/2015 06:46:30 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (06/26/2015 06:46:30 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (06/26/2015 06:43:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (06/26/2015 06:37:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-06-26 18:46:30.862
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-26 18:46:30.816
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-26 18:46:30.753
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-26 18:46:30.691
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-26 18:37:50.789
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-26 18:37:50.742
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-26 18:37:50.680
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-26 18:37:50.617
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-25 21:29:38.542
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-25 21:29:38.480
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 23%
Total physical RAM: 8191.05 MB
Available physical RAM: 6273.26 MB
Total Pagefile: 16380.32 MB
Available Pagefile: 14101.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:246.17 GB) (Free:61.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:350 GB) (Free:38.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 168B168A)
Partition 1: (Active) - (Size=246.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=350 GB) - (Type=05)

==================== End of log ============================

#24 Příspěvek od **vyosek** » 26 čer 2015 19:06

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... J90S205295
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... M%3DIESR02
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF Plugin HKU\S-1-5-21-1053365669-2197649965-748403606-1000: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]

2015-06-26 19:17 - 2015-06-26 19:17 - 00000000 ____D C:\_OTM
2015-06-26 19:16 - 2015-06-26 19:16 - 00522240 _____ (OldTimer Tools) C:\Users\Zdeněk\Desktop\OTM.exe
2015-06-26 18:54 - 2015-06-26 18:54 - 00032132 _____ C:\ComboFix.txt
2015-06-24 16:10 - 2015-06-25 14:18 - 00000000 ____D C:\Users\Zden靕\AppData\Roaming\Baidu
2015-06-24 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-24 15:19 - 2015-06-26 18:49 - 00005014 _____ C:\Windows\PFRO.log
2015-06-24 13:08 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-24 13:08 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-24 13:04 - 2015-06-26 18:55 - 00000000 ____D C:\Qoobox
2015-06-24 13:03 - 2015-06-26 18:48 - 00000000 ____D C:\Windows\erdnt
2015-06-24 13:02 - 2015-06-24 13:03 - 05630176 ____R (Swearware) C:\ComboFix.exe
2015-06-24 12:36 - 2015-06-24 12:13 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-24 12:14 - 2015-06-24 12:39 - 00007234 _____ C:\cpf.log
2015-06-24 12:13 - 2015-06-24 12:32 - 00000000 ____D C:\zoek_backup
2015-06-24 12:12 - 2015-06-24 12:13 - 01308672 _____ C:\Users\Zdeněk\Desktop\zoek.exe
2015-06-23 21:42 - 2015-06-23 21:48 - 00000000 ____D C:\AdwCleaner
2015-06-23 21:41 - 2015-06-23 21:41 - 02244096 _____ C:\Users\Zdeněk\Desktop\adwcleaner_4.207.exe
2015-06-23 20:43 - 2015-06-23 20:43 - 00000000 ____D C:\rsit
2015-06-23 20:43 - 2015-06-23 20:43 - 00000000 ____D C:\Program Files\trend micro
2015-06-23 20:42 - 2015-06-23 20:42 - 01222144 _____ C:\Users\Zdeněk\Desktop\RSITx64.exe
015-06-22 20:00 - 2015-06-22 19:59 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00000000 ____D C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-22 19:56 - 2015-04-08 09:17 - 00056136 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00202576 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00196936 _____ (Baidu) C:\Windows\system32\Drivers\bd0002.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00152392 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00103240 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00067400 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys
2015-06-22 19:54 - 2015-06-22 19:54 - 00000150 __RSH C:\rising.ini
2015-06-22 19:54 - 2015-06-22 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System
2015-06-22 19:54 - 2015-03-11 07:00 - 00071056 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-06-22 19:54 - 2015-02-11 07:00 - 00121072 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-06-22 19:54 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-06-22 19:47 - 2015-06-22 19:47 - 00018549 _____ C:\Windows\DirectX.log
2015-06-22 09:10 - 2015-06-26 19:19 - 00004368 _____ C:\Windows\setupact.log
2015-06-22 09:10 - 2015-06-22 09:10 - 00000000 _____ C:\Windows\setuperr.log
2015-06-26 18:48 - 2009-07-14 04:34 - 79429632 _____ C:\Windows\system32\config\software.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 22020096 _____ C:\Windows\system32\config\system.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 00331776 _____ C:\Windows\system32\config\default.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 00028672 _____ C:\Windows\system32\config\sam.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\security.bak
2015-06-25 21:32 - 2009-07-14 04:34 - 58839040 _____ C:\Windows\system32\config\components.bak

Task: {4FD49EDC-5A2F-4B90-A5D8-D6B397690D57} - System32\Tasks\{996FA91A-6FAB-40CA-B3BC-0BE594D81E14} => Iexplore.exe http://ui.skype.com/ui/0/7.0.0.102/cs/a ... rogressBar
Task: {69F4F6E8-3E29-4446-987A-342815851AC3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {D32E50C7-D4FB-45D6-9FCF-A18D72757F3D} - System32\Tasks\{7D95FC7A-0A3A-4D73-B175-408BC6168D1D} => pcalua.exe -a C:\Users\Zdeněk\AppData\Roaming\omniboxes\UninstallManager.exe -c -ptid=obw
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

FirewallRules: [{BAAE826C-076D-4A15-A2CC-47B06E1AC1FB}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{568CC4BC-7E1F-4664-9AB9-D68FC91150FB}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{70537617-C67A-4979-9255-8A784227B8CD}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{AB608FB0-3E5A-4C2D-9C07-C87EE2D3E8E1}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{8EABD510-3653-4738-A696-FFCF6BE23DFB}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{B550A1FE-447A-4B45-BF47-66A5DAF6FCC6}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{8CA91AD5-8045-453A-B718-52F3C3EC5FBD}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{A380DB7F-2A4A-4EA9-BECA-B8C029A07676}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{EDE05D67-53A9-4070-A117-9BBB5677D987}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{42DBC299-472C-418F-B237-2EF079BB326C}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{DC5439E2-C14C-4347-BCF1-41A70702FCC0}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{5D74D858-E509-4606-BED7-C9E9738D3D69}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{366F7583-ABCE-4309-9723-39FC6253A488}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{FBD7F840-F468-48BD-82C8-79C954F9A4F2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{FA72D2DE-7665-45FD-84A9-D222C01AAD48}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{B806EA84-0EAB-434B-A3C7-E458490E6AAF}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{37DE72AB-A564-43D2-9155-82CB39F3AD05}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{A27B98DF-67BA-4408-BAF7-73DEF7B357FF}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{A6CAA5DB-602B-40F4-B0AD-63B06A27FA68}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{6CC8E45F-EC0D-4BF1-9B36-DCFAF6A11351}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{24362AAC-8CF1-4606-8CB5-418F7C656C71}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{75A75731-D83F-4C38-8085-D581F892E8F1}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{79A86601-469C-48E5-AD01-68202EF510FA}] => (Allow) C:\program files (x86)\common files\baidu\bddownload\108\bddownloader.exe
FirewallRules: [{9E54D22D-2103-4AEE-BA83-B4C07A664597}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{E784FC88-CBE4-4831-8752-2CE35F21B2C7}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{045DB0FC-C3BB-4716-94DD-9C0D24A52FDD}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCmgrInstallGuide.exe
FirewallRules: [{D01DA222-C138-4C0A-91C7-0CE95CF3AE8B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTray.exe
FirewallRules: [{E524C530-A8C4-4C50-B5F4-F3226C92401E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCMgr.exe
FirewallRules: [{B019CF84-E516-48B6-AEFC-F149EFBBA97E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe
FirewallRules: [{02885048-8884-4685-8A2D-22EAAB95B1D1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMDL.exe
FirewallRules: [{26BDC5D8-3EF9-4DDD-8AF8-5EB839336752}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\bugreport.exe
FirewallRules: [{929BFFDA-2A30-4EB4-86BD-F69E0DAB15FA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCFileOpen.exe
FirewallRules: [{A76D8E34-DD79-4010-8B7D-52D381BE60D2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCLeakScan.exe
FirewallRules: [{DE873A74-F5C4-4780-8E2E-896BDC22553C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPConfig.exe
FirewallRules: [{CAC85640-C3AB-4497-8642-F2C5A9137CB3}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCSoftMgr.exe
FirewallRules: [{9CB278F9-78AA-4C39-B8A3-B677F2203950}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{E43EBCAE-639C-4A5B-8E0D-BCD30806D846}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCBTU.exe
FirewallRules: [{05C53B45-B2AC-464E-913E-2AE501BEDCB2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCClinic.exe
FirewallRules: [{98DA7CC1-F89C-4CBE-9CD6-733DEFEF6C7A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCLaunch.exe
FirewallRules: [{CCB0D8CD-2512-4266-AC07-BD8EBB4CDEA1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{411FCD53-F76D-404C-8639-111CEFC219F1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCSoftGame.exe
FirewallRules: [{4E2E316D-3705-4E81-8173-046A8922E005}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCSysOptimize.exe
FirewallRules: [{8D9B1B97-B588-4D31-BC17-53F0BC3AF350}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCUpdateAVLib.exe
FirewallRules: [{3DFDF3D2-983E-436F-9F03-43FF389EFF4B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQRepair.exe
FirewallRules: [{51EBC7D8-08BD-4B13-96D3-39A9E78ACA93}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\Uninst.exe
FirewallRules: [{4ECE43D9-069E-433D-91F3-CBD5B21E9E7C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCPatch.exe
FirewallRules: [{0758465B-A15E-43CE-B843-CF002B26D59B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TpkUpdate.exe
FirewallRules: [{28E80CE1-425A-4047-9F0F-BD6C72C69D2F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMRouterMgr.exe
FirewallRules: [{0EFC362A-D5D8-4937-99B4-BD7A0651597A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMAccountProtection.exe

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

goffy1985 · #25 Příspěvek od **goffy1985** » 26 čer 2015 19:24

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Zdeněk at 2015-06-26 20:21:37 Run:1
Running from C:\Users\Zdeněk\Desktop
Loaded Profiles: Zdeněk (Available Profiles: Zdeněk)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... J90S205295
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... M%3DIESR02
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF Plugin HKU\S-1-5-21-1053365669-2197649965-748403606-1000: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]

2015-06-26 19:17 - 2015-06-26 19:17 - 00000000 ____D C:\_OTM
2015-06-26 19:16 - 2015-06-26 19:16 - 00522240 _____ (OldTimer Tools) C:\Users\Zdeněk\Desktop\OTM.exe
2015-06-26 18:54 - 2015-06-26 18:54 - 00032132 _____ C:\ComboFix.txt
2015-06-24 16:10 - 2015-06-25 14:18 - 00000000 ____D C:\Users\Zden?\AppData\Roaming\Baidu
2015-06-24 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-24 15:19 - 2015-06-26 18:49 - 00005014 _____ C:\Windows\PFRO.log
2015-06-24 13:08 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-24 13:08 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-24 13:08 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-24 13:04 - 2015-06-26 18:55 - 00000000 ____D C:\Qoobox
2015-06-24 13:03 - 2015-06-26 18:48 - 00000000 ____D C:\Windows\erdnt
2015-06-24 13:02 - 2015-06-24 13:03 - 05630176 ____R (Swearware) C:\ComboFix.exe
2015-06-24 12:36 - 2015-06-24 12:13 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-24 12:14 - 2015-06-24 12:39 - 00007234 _____ C:\cpf.log
2015-06-24 12:13 - 2015-06-24 12:32 - 00000000 ____D C:\zoek_backup
2015-06-24 12:12 - 2015-06-24 12:13 - 01308672 _____ C:\Users\Zdeněk\Desktop\zoek.exe
2015-06-23 21:42 - 2015-06-23 21:48 - 00000000 ____D C:\AdwCleaner
2015-06-23 21:41 - 2015-06-23 21:41 - 02244096 _____ C:\Users\Zdeněk\Desktop\adwcleaner_4.207.exe
2015-06-23 20:43 - 2015-06-23 20:43 - 00000000 ____D C:\rsit
2015-06-23 20:43 - 2015-06-23 20:43 - 00000000 ____D C:\Program Files\trend micro
2015-06-23 20:42 - 2015-06-23 20:42 - 01222144 _____ C:\Users\Zdeněk\Desktop\RSITx64.exe
015-06-22 20:00 - 2015-06-22 19:59 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00087864 _____ (????) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00038200 _____ (????) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-22 19:59 - 2015-06-22 19:59 - 00000000 ____D C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????
2015-06-22 19:56 - 2015-04-08 09:17 - 00056136 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00202576 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00196936 _____ (Baidu) C:\Windows\system32\Drivers\bd0002.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00152392 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00103240 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
2015-06-22 19:55 - 2015-04-08 09:17 - 00067400 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys
2015-06-22 19:54 - 2015-06-22 19:54 - 00000150 __RSH C:\rising.ini
2015-06-22 19:54 - 2015-06-22 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System
2015-06-22 19:54 - 2015-03-11 07:00 - 00071056 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-06-22 19:54 - 2015-02-11 07:00 - 00121072 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-06-22 19:54 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-06-22 19:47 - 2015-06-22 19:47 - 00018549 _____ C:\Windows\DirectX.log
2015-06-22 09:10 - 2015-06-26 19:19 - 00004368 _____ C:\Windows\setupact.log
2015-06-22 09:10 - 2015-06-22 09:10 - 00000000 _____ C:\Windows\setuperr.log
2015-06-26 18:48 - 2009-07-14 04:34 - 79429632 _____ C:\Windows\system32\config\software.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 22020096 _____ C:\Windows\system32\config\system.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 00331776 _____ C:\Windows\system32\config\default.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 00028672 _____ C:\Windows\system32\config\sam.bak
2015-06-26 18:48 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\security.bak
2015-06-25 21:32 - 2009-07-14 04:34 - 58839040 _____ C:\Windows\system32\config\components.bak

Task: {4FD49EDC-5A2F-4B90-A5D8-D6B397690D57} - System32\Tasks\{996FA91A-6FAB-40CA-B3BC-0BE594D81E14} => Iexplore.exe http://ui.skype.com/ui/0/7.0.0.102/cs/a ... rogressBar
Task: {69F4F6E8-3E29-4446-987A-342815851AC3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {D32E50C7-D4FB-45D6-9FCF-A18D72757F3D} - System32\Tasks\{7D95FC7A-0A3A-4D73-B175-408BC6168D1D} => pcalua.exe -a C:\Users\Zdeněk\AppData\Roaming\omniboxes\UninstallManager.exe -c -ptid=obw
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

FirewallRules: [{BAAE826C-076D-4A15-A2CC-47B06E1AC1FB}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{568CC4BC-7E1F-4664-9AB9-D68FC91150FB}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{70537617-C67A-4979-9255-8A784227B8CD}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{AB608FB0-3E5A-4C2D-9C07-C87EE2D3E8E1}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{8EABD510-3653-4738-A696-FFCF6BE23DFB}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{B550A1FE-447A-4B45-BF47-66A5DAF6FCC6}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{8CA91AD5-8045-453A-B718-52F3C3EC5FBD}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{A380DB7F-2A4A-4EA9-BECA-B8C029A07676}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{EDE05D67-53A9-4070-A117-9BBB5677D987}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{42DBC299-472C-418F-B237-2EF079BB326C}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{DC5439E2-C14C-4347-BCF1-41A70702FCC0}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{5D74D858-E509-4606-BED7-C9E9738D3D69}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{366F7583-ABCE-4309-9723-39FC6253A488}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{FBD7F840-F468-48BD-82C8-79C954F9A4F2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{FA72D2DE-7665-45FD-84A9-D222C01AAD48}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{B806EA84-0EAB-434B-A3C7-E458490E6AAF}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{37DE72AB-A564-43D2-9155-82CB39F3AD05}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{A27B98DF-67BA-4408-BAF7-73DEF7B357FF}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{A6CAA5DB-602B-40F4-B0AD-63B06A27FA68}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{6CC8E45F-EC0D-4BF1-9B36-DCFAF6A11351}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{24362AAC-8CF1-4606-8CB5-418F7C656C71}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{75A75731-D83F-4C38-8085-D581F892E8F1}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{79A86601-469C-48E5-AD01-68202EF510FA}] => (Allow) C:\program files (x86)\common files\baidu\bddownload\108\bddownloader.exe
FirewallRules: [{9E54D22D-2103-4AEE-BA83-B4C07A664597}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{E784FC88-CBE4-4831-8752-2CE35F21B2C7}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{045DB0FC-C3BB-4716-94DD-9C0D24A52FDD}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCmgrInstallGuide.exe
FirewallRules: [{D01DA222-C138-4C0A-91C7-0CE95CF3AE8B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTray.exe
FirewallRules: [{E524C530-A8C4-4C50-B5F4-F3226C92401E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCMgr.exe
FirewallRules: [{B019CF84-E516-48B6-AEFC-F149EFBBA97E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe
FirewallRules: [{02885048-8884-4685-8A2D-22EAAB95B1D1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMDL.exe
FirewallRules: [{26BDC5D8-3EF9-4DDD-8AF8-5EB839336752}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\bugreport.exe
FirewallRules: [{929BFFDA-2A30-4EB4-86BD-F69E0DAB15FA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCFileOpen.exe
FirewallRules: [{A76D8E34-DD79-4010-8B7D-52D381BE60D2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCLeakScan.exe
FirewallRules: [{DE873A74-F5C4-4780-8E2E-896BDC22553C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPConfig.exe
FirewallRules: [{CAC85640-C3AB-4497-8642-F2C5A9137CB3}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCSoftMgr.exe
FirewallRules: [{9CB278F9-78AA-4C39-B8A3-B677F2203950}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{E43EBCAE-639C-4A5B-8E0D-BCD30806D846}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCBTU.exe
FirewallRules: [{05C53B45-B2AC-464E-913E-2AE501BEDCB2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCClinic.exe
FirewallRules: [{98DA7CC1-F89C-4CBE-9CD6-733DEFEF6C7A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCLaunch.exe
FirewallRules: [{CCB0D8CD-2512-4266-AC07-BD8EBB4CDEA1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{411FCD53-F76D-404C-8639-111CEFC219F1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCSoftGame.exe
FirewallRules: [{4E2E316D-3705-4E81-8173-046A8922E005}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCSysOptimize.exe
FirewallRules: [{8D9B1B97-B588-4D31-BC17-53F0BC3AF350}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCUpdateAVLib.exe
FirewallRules: [{3DFDF3D2-983E-436F-9F03-43FF389EFF4B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQRepair.exe
FirewallRules: [{51EBC7D8-08BD-4B13-96D3-39A9E78ACA93}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\Uninst.exe
FirewallRules: [{4ECE43D9-069E-433D-91F3-CBD5B21E9E7C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCPatch.exe
FirewallRules: [{0758465B-A15E-43CE-B843-CF002B26D59B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TpkUpdate.exe
FirewallRules: [{28E80CE1-425A-4047-9F0F-BD6C72C69D2F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMRouterMgr.exe
FirewallRules: [{0EFC362A-D5D8-4937-99B4-BD7A0651597A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMAccountProtection.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1053365669-2197649965-748403606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Software\Microsoft\Internet Explorer\Main\\First Home Page => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@rising.com.cn/nprising" => key removed successfully
"HKU\S-1-5-21-1053365669-2197649965-748403606-1000\Software\MozillaPlugins\@rising.com.cn/nprising" => key removed successfully
C:\Program Files (x86)\Rising\RAV\nprising.dll not found.
catchme => Service removed successfully
LVPr2M64 => Service removed successfully
C:\_OTM => moved successfully.
C:\Users\Zdeněk\Desktop\OTM.exe => moved successfully.
C:\ComboFix.txt => moved successfully.
"C:\Users\Zden?\AppData\Roaming\Baidu" => File/Folder not found.
C:\Windows\NIRCMD.exe => moved successfully.
C:\Windows\PFRO.log => moved successfully.
C:\Windows\PEV.exe => moved successfully.
C:\Windows\MBR.exe => moved successfully.
C:\Windows\SWREG.exe => moved successfully.
C:\Windows\SWSC.exe => moved successfully.
C:\Windows\sed.exe => moved successfully.
C:\Windows\grep.exe => moved successfully.
C:\Windows\zip.exe => moved successfully.
C:\Qoobox => moved successfully.
C:\Windows\erdnt => moved successfully.
C:\ComboFix.exe => moved successfully.
C:\Windows\zoek-delete.exe => moved successfully.
C:\cpf.log => moved successfully.
C:\zoek_backup => moved successfully.
C:\Users\Zdeněk\Desktop\zoek.exe => moved successfully.
C:\AdwCleaner => moved successfully.
C:\Users\Zdeněk\Desktop\adwcleaner_4.207.exe => moved successfully.
C:\rsit => moved successfully.
C:\Program Files\trend micro => moved successfully.
C:\Users\Zdeněk\Desktop\RSITx64.exe => moved successfully.
015-06-22 20:00 - 2015-06-22 19:59 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys => Error: No automatic fix found for this entry.
C:\Windows\system32\Drivers\TAOKernel64.sys => moved successfully.
C:\Windows\system32\Drivers\TFsFltX64.sys => moved successfully.
C:\Windows\system32\Drivers\TSSKX64.sys => moved successfully.

"C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder move:

Could not move "C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder => Scheduled to move on reboot.

C:\Windows\system32\Drivers\BDMWrench_x64.sys => moved successfully.
C:\Windows\system32\Drivers\bd0001.sys => moved successfully.
C:\Windows\system32\Drivers\bd0002.sys => moved successfully.
C:\Windows\system32\Drivers\BDArKit.sys => moved successfully.
C:\Windows\system32\Drivers\BDDefense.sys => moved successfully.
C:\Windows\system32\Drivers\bd0003.sys => moved successfully.
C:\rising.ini => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System => moved successfully.
C:\Windows\system32\Drivers\rsutils.sys => moved successfully.
C:\Windows\system32\Drivers\sysmon.sys => moved successfully.
C:\Windows\system32\Drivers\rsndisp.sys => moved successfully.
C:\Windows\DirectX.log => moved successfully.
C:\Windows\setupact.log => moved successfully.
C:\Windows\setuperr.log => moved successfully.
C:\Windows\system32\config\software.bak => moved successfully.
C:\Windows\system32\config\system.bak => moved successfully.
C:\Windows\system32\config\default.bak => moved successfully.
C:\Windows\system32\config\sam.bak => moved successfully.
C:\Windows\system32\config\security.bak => moved successfully.
C:\Windows\system32\config\components.bak => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FD49EDC-5A2F-4B90-A5D8-D6B397690D57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FD49EDC-5A2F-4B90-A5D8-D6B397690D57}" => key removed successfully
C:\Windows\System32\Tasks\{996FA91A-6FAB-40CA-B3BC-0BE594D81E14} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{996FA91A-6FAB-40CA-B3BC-0BE594D81E14}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69F4F6E8-3E29-4446-987A-342815851AC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69F4F6E8-3E29-4446-987A-342815851AC3}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D32E50C7-D4FB-45D6-9FCF-A18D72757F3D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D32E50C7-D4FB-45D6-9FCF-A18D72757F3D}" => key removed successfully
C:\Windows\System32\Tasks\{7D95FC7A-0A3A-4D73-B175-408BC6168D1D} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D95FC7A-0A3A-4D73-B175-408BC6168D1D}" => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAAE826C-076D-4A15-A2CC-47B06E1AC1FB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{568CC4BC-7E1F-4664-9AB9-D68FC91150FB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70537617-C67A-4979-9255-8A784227B8CD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB608FB0-3E5A-4C2D-9C07-C87EE2D3E8E1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8EABD510-3653-4738-A696-FFCF6BE23DFB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B550A1FE-447A-4B45-BF47-66A5DAF6FCC6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8CA91AD5-8045-453A-B718-52F3C3EC5FBD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A380DB7F-2A4A-4EA9-BECA-B8C029A07676} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDE05D67-53A9-4070-A117-9BBB5677D987} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42DBC299-472C-418F-B237-2EF079BB326C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC5439E2-C14C-4347-BCF1-41A70702FCC0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D74D858-E509-4606-BED7-C9E9738D3D69} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{366F7583-ABCE-4309-9723-39FC6253A488} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBD7F840-F468-48BD-82C8-79C954F9A4F2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA72D2DE-7665-45FD-84A9-D222C01AAD48} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B806EA84-0EAB-434B-A3C7-E458490E6AAF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37DE72AB-A564-43D2-9155-82CB39F3AD05} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A27B98DF-67BA-4408-BAF7-73DEF7B357FF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6CAA5DB-602B-40F4-B0AD-63B06A27FA68} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CC8E45F-EC0D-4BF1-9B36-DCFAF6A11351} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24362AAC-8CF1-4606-8CB5-418F7C656C71} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75A75731-D83F-4C38-8085-D581F892E8F1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79A86601-469C-48E5-AD01-68202EF510FA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E54D22D-2103-4AEE-BA83-B4C07A664597} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E784FC88-CBE4-4831-8752-2CE35F21B2C7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{045DB0FC-C3BB-4716-94DD-9C0D24A52FDD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D01DA222-C138-4C0A-91C7-0CE95CF3AE8B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E524C530-A8C4-4C50-B5F4-F3226C92401E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B019CF84-E516-48B6-AEFC-F149EFBBA97E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02885048-8884-4685-8A2D-22EAAB95B1D1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26BDC5D8-3EF9-4DDD-8AF8-5EB839336752} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{929BFFDA-2A30-4EB4-86BD-F69E0DAB15FA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A76D8E34-DD79-4010-8B7D-52D381BE60D2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE873A74-F5C4-4780-8E2E-896BDC22553C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CAC85640-C3AB-4497-8642-F2C5A9137CB3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9CB278F9-78AA-4C39-B8A3-B677F2203950} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E43EBCAE-639C-4A5B-8E0D-BCD30806D846} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05C53B45-B2AC-464E-913E-2AE501BEDCB2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98DA7CC1-F89C-4CBE-9CD6-733DEFEF6C7A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCB0D8CD-2512-4266-AC07-BD8EBB4CDEA1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{411FCD53-F76D-404C-8639-111CEFC219F1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E2E316D-3705-4E81-8173-046A8922E005} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D9B1B97-B588-4D31-BC17-53F0BC3AF350} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DFDF3D2-983E-436F-9F03-43FF389EFF4B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51EBC7D8-08BD-4B13-96D3-39A9E78ACA93} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4ECE43D9-069E-433D-91F3-CBD5B21E9E7C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0758465B-A15E-43CE-B843-CF002B26D59B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28E80CE1-425A-4047-9F0F-BD6C72C69D2F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0EFC362A-D5D8-4937-99B4-BD7A0651597A} => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 86.7 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-26 20:23:52)<=

"C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" => Could not move

==== End of Fixlog 20:23:52 ====

#26 Příspěvek od **vyosek** » 26 čer 2015 19:33

Jak se chova PC??

goffy1985 · #27 Příspěvek od **goffy1985** » 26 čer 2015 19:46

no určitě lépe, už mi nevyskakují žádní čičmoni apod. blbosti

a hlavně mě desně štvala ta potvora ve firefoxu, která mi znemožňovala změnit úvodní stránku! to jsem byl vzteklý

takže máme hotovo?

#28 Příspěvek od **vyosek** » 26 čer 2015 19:48

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

Stahnete a spustte
Ponechte zatrzitkou pouze u volby Remove disinfection tools
Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

goffy1985 · #29 Příspěvek od **goffy1985** » 26 čer 2015 19:49

provedeno

super, jste tu faakt frajeři a smekám

děkuji mnohokrát

#30 Příspěvek od **vyosek** » 28 čer 2015 15:34

Nemate zac, rad jsem pomohl

Zase nekdy

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!