presmerovani na reklamni weby pri kliknuti na odkaz

Zpráva

valentyne187 · #31 Příspěvek od **valentyne187** » 04 led 2016 18:38

tak jsem to konecne spravne spustil (trvalo to par minut, nez vyskocilo to okno (ve spravci uloh bezelo neco jako PEVZ (hodne procent z DISK) a zoek...)

ale kdyz kliknu na run script, vyskoci mi tohle okno (viz obrazek)

dela mi to zase i u prehravace a to jsem tu javu odinstaloval

#32 Příspěvek od **altrok** » 04 led 2016 23:42

Kouknete po logu z cinnosti zoeka. Kdyztak jej vlozte.

Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
nerestartujte ted pocitac jinak prijdete o ucinek rkillu

POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE

Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete antiviry a vsechny real-time ochrany
spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
s licencnimi podminkami souhlaste - Ano
pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna ComboFixu neklikejte
vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

valentyne187 · #33 Příspěvek od **valentyne187** » 05 led 2016 18:38

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/05/2016 06:12:29 PM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/05/2016 06:17:12 PM
Execution time: 0 hours(s), 4 minute(s), and 42 seconds(s)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 16-01-01.01 - Vojtěch . 01. 2016 18:22:47.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3977.2630 [GMT 1:00]
Spuštěný z: c:\users\Vojtých\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\icoAE3.tmp
c:\users\Vojtěch\AppData\Local\MSGBOX.EXE
c:\windows\msdownld.tmp
c:\windows\PFRO.log
c:\windows\SysWow64\SET4596.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-05 do 2016-01-05 )))))))))))))))))))))))))))))))
.
.
2016-01-05 17:32 . 2016-01-05 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-03 10:08 . 2016-01-03 10:08 -------- d-----w- c:\users\Vojtěch\AppData\Local\CrashDumps
2016-01-03 10:06 . 2016-01-03 10:06 -------- d-----w- C:\zoek_backup
2016-01-02 18:15 . 2016-01-02 18:21 -------- d-----w- C:\FRST
2015-12-30 13:50 . 2015-12-31 10:36 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-30 13:50 . 2015-12-30 13:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-12-30 13:50 . 2015-12-30 13:50 -------- d-----w- c:\programdata\Malwarebytes
2015-12-30 13:50 . 2015-10-05 08:50 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-12-30 13:50 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-30 13:50 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-29 09:53 . 2015-12-29 09:53 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-12-29 09:53 . 2015-12-29 10:37 -------- d-----w- c:\programdata\RogueKiller
2015-12-28 10:25 . 2015-12-28 10:47 -------- d-----w- C:\rsit
2015-12-28 10:25 . 2015-12-28 10:47 -------- d-----w- c:\program files\trend micro
2015-12-22 16:28 . 2015-12-22 16:28 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-12-22 16:24 . 2015-12-22 16:26 -------- d-----w- c:\program files\Adobe
2015-12-22 16:21 . 2015-12-22 16:21 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2015-12-22 16:18 . 2015-12-22 16:26 -------- d-----w- c:\program files\Common Files\Adobe
2015-12-22 15:16 . 2015-12-31 17:57 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2015-12-21 14:12 . 2015-12-21 14:55 -------- d-----w- c:\users\Vojtěch\AppData\Local\FlashDevelop
2015-12-21 14:11 . 2015-12-21 14:12 -------- d-----w- c:\program files (x86)\FlashDevelop
2015-12-10 17:56 . 2015-10-22 19:01 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2015-12-10 17:56 . 2015-10-22 19:01 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2015-12-10 17:56 . 2015-10-22 19:01 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2015-12-10 17:56 . 2015-10-22 19:01 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2015-12-10 17:56 . 2015-10-22 19:00 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2015-12-10 17:56 . 2015-10-24 05:28 601088 ----a-w- c:\windows\SysWow64\Windows.Globalization.dll
2015-12-10 17:56 . 2015-10-24 05:24 951808 ----a-w- c:\windows\system32\Windows.Globalization.dll
2015-12-10 17:56 . 2015-10-24 05:24 3280384 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-12-10 17:55 . 2015-11-07 12:45 97280 ----a-w- c:\windows\system32\mshtmled.dll
2015-12-10 17:53 . 2015-10-31 08:14 2038784 ----a-w- c:\windows\SysWow64\authui.dll
2015-12-10 17:53 . 2015-10-31 07:33 2308096 ----a-w- c:\windows\system32\authui.dll
2015-12-10 17:53 . 2015-11-05 09:55 147968 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-12-10 17:52 . 2015-11-07 12:46 1341952 ----a-w- c:\windows\system32\user32.dll
2015-12-10 17:52 . 2015-11-07 12:44 1280000 ----a-w- c:\windows\system32\FntCache.dll
2015-12-10 17:52 . 2015-11-07 12:44 1840640 ----a-w- c:\windows\system32\DWrite.dll
2015-12-10 17:52 . 2015-11-07 05:53 1126912 ----a-w- c:\windows\SysWow64\user32.dll
2015-12-10 17:52 . 2015-11-07 05:46 1426944 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2015-12-10 17:52 . 2015-11-07 09:32 1412608 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-12-10 17:52 . 2015-11-07 07:52 4063232 ----a-w- c:\windows\system32\win32k.sys
2015-12-10 17:52 . 2015-11-07 05:52 1680384 ----a-w- c:\windows\system32\GdiPlus.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-26 08:54 . 2015-11-12 12:11 176096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-26 08:54 . 2015-07-20 16:54 826328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-12-10 17:57 . 2013-10-04 23:01 140158008 ----a-w- c:\windows\system32\MRT.exe
2015-11-01 16:00 . 2015-01-12 18:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-10-27 14:46 . 2015-11-11 17:52 320000 ----a-w- c:\windows\SysWow64\schannel.dll
2015-10-27 14:46 . 2015-11-11 17:52 73728 ----a-w- c:\windows\SysWow64\ncryptsslp.dll
2015-10-27 14:46 . 2015-11-11 17:52 89088 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-10-27 14:45 . 2015-11-11 17:52 2362368 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-27 13:55 . 2015-11-11 17:52 416256 ----a-w- c:\windows\system32\schannel.dll
2015-10-27 13:54 . 2015-11-11 17:52 130560 ----a-w- c:\windows\system32\ncrypt.dll
2015-10-27 13:54 . 2015-11-11 17:52 89088 ----a-w- c:\windows\system32\ncryptsslp.dll
2015-10-27 13:53 . 2015-11-11 17:52 276992 ----a-w- c:\windows\apppatch\apppatch64\AcGenral.dll
2015-10-16 18:39 . 2015-10-16 18:39 608 --sha-w- c:\windows\system32\winzvprt5.sys
2015-10-13 13:16 . 2015-11-11 17:51 576512 ----a-w- c:\windows\system32\drivers\afd.sys
2015-10-13 13:16 . 2015-11-11 17:51 129024 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-10-11 06:45 . 2015-11-11 17:52 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2015-10-11 06:45 . 2015-11-11 17:52 723968 ----a-w- c:\windows\system32\BFE.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"Boxoft Tools"="c:\programdata\Boxtools\Boxofttoolbox.exe" [2010-12-15 514048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-05-04 56568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 371976]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2013-10-16 337184]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-26 5515496]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2013-07-18 683656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 GDOCService;gDoc PDF Service;c:\program files (x86)\Global Graphics\gDocPDFServer\MWFSrv.exe;c:\program files (x86)\Global Graphics\gDocPDFServer\MWFSrv.exe [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys;c:\windows\SYSNATIVE\drivers\hpfx64fax.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 clwvd;CyberLink Webcam Sharing Manager;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys;c:\windows\SYSNATIVE\drivers\jmcr.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SensorsServiceDriver;Služba Reflektor UMDF pro knihovnu SensorsServiceDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\System32\drivers\WUDFRd.sys;c:\windows\SYSNATIVE\drivers\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-17 16:24 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-16 11:55]
.
2015-12-31 c:\windows\Tasks\HPCeeScheduleForVojtěch.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-24 20:55 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-23 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-23 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-23 441152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-12 1664000]
"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-22 3700736]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
IE: Stáhnout FDM - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Stáhnout video FDM - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané FDM - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Stáhnout vše FDM - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
AddRemove-NHL Hockey 97 - g:\UNINSTW.EXE
AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe
AddRemove-VirtuaGirl 2 - c:\program files (x86)\Vg\UNWISE.EXE
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2016-01-05 18:36:35
ComboFix-quarantined-files.txt 2016-01-05 17:36
.
Před spuštěním: 43 311 517 696 bytes free
Po spuštění: 43 251 003 392 bytes free
.
- - End Of File - - A9D5547E638922FB6C2911DBC102F708
A78C646DB8D284B9C54ED366B2CA860E

#34 Příspěvek od **altrok** » 06 led 2016 03:10

Pokud jeste nemate, presunte ComboFix do korenoveho adresare disku (umisteni ted bude C:\ComboFix.exe).

Otevrete Poznamkovy blok (Start -> Spustit -> notepad)

zkopirujte do nej skript nize a ulozte rovnez do korenoveho adresare disku jako CFScript (Typ souboru: Textovy dokument)

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

valentyne187 · #35 Příspěvek od **valentyne187** » 06 led 2016 08:49

ComboFix 16-01-01.01 - Vojtěch . 01. 2016 7:41.2.4 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3977.2728 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-06 do 2016-01-06 )))))))))))))))))))))))))))))))
.
.
2016-01-06 06:52 . 2016-01-06 06:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-03 10:08 . 2016-01-03 10:08 -------- d-----w- c:\users\Vojtěch\AppData\Local\CrashDumps
2016-01-03 10:06 . 2016-01-03 10:06 -------- d-----w- C:\zoek_backup
2016-01-02 18:15 . 2016-01-02 18:21 -------- d-----w- C:\FRST
2015-12-30 13:50 . 2015-12-31 10:36 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-30 13:50 . 2015-12-30 13:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-12-30 13:50 . 2015-12-30 13:50 -------- d-----w- c:\programdata\Malwarebytes
2015-12-30 13:50 . 2015-10-05 08:50 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-12-30 13:50 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-30 13:50 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-29 09:53 . 2015-12-29 09:53 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-12-29 09:53 . 2015-12-29 10:37 -------- d-----w- c:\programdata\RogueKiller
2015-12-28 10:25 . 2015-12-28 10:47 -------- d-----w- C:\rsit
2015-12-28 10:25 . 2015-12-28 10:47 -------- d-----w- c:\program files\trend micro
2015-12-22 16:28 . 2015-12-22 16:28 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-12-22 16:24 . 2015-12-22 16:26 -------- d-----w- c:\program files\Adobe
2015-12-22 16:21 . 2015-12-22 16:21 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2015-12-22 16:18 . 2015-12-22 16:26 -------- d-----w- c:\program files\Common Files\Adobe
2015-12-22 15:16 . 2015-12-31 17:57 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2015-12-21 14:12 . 2015-12-21 14:55 -------- d-----w- c:\users\Vojtěch\AppData\Local\FlashDevelop
2015-12-21 14:11 . 2015-12-21 14:12 -------- d-----w- c:\program files (x86)\FlashDevelop
2015-12-10 17:56 . 2015-10-22 19:01 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2015-12-10 17:56 . 2015-10-22 19:01 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2015-12-10 17:56 . 2015-10-22 19:01 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2015-12-10 17:56 . 2015-10-22 19:01 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2015-12-10 17:56 . 2015-10-22 19:00 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2015-12-10 17:56 . 2015-10-24 05:28 601088 ----a-w- c:\windows\SysWow64\Windows.Globalization.dll
2015-12-10 17:56 . 2015-10-24 05:24 951808 ----a-w- c:\windows\system32\Windows.Globalization.dll
2015-12-10 17:56 . 2015-10-24 05:24 3280384 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-12-10 17:55 . 2015-11-07 12:45 97280 ----a-w- c:\windows\system32\mshtmled.dll
2015-12-10 17:53 . 2015-10-31 08:14 2038784 ----a-w- c:\windows\SysWow64\authui.dll
2015-12-10 17:53 . 2015-10-31 07:33 2308096 ----a-w- c:\windows\system32\authui.dll
2015-12-10 17:53 . 2015-11-05 09:55 147968 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-12-10 17:52 . 2015-11-07 12:46 1341952 ----a-w- c:\windows\system32\user32.dll
2015-12-10 17:52 . 2015-11-07 12:44 1280000 ----a-w- c:\windows\system32\FntCache.dll
2015-12-10 17:52 . 2015-11-07 12:44 1840640 ----a-w- c:\windows\system32\DWrite.dll
2015-12-10 17:52 . 2015-11-07 05:53 1126912 ----a-w- c:\windows\SysWow64\user32.dll
2015-12-10 17:52 . 2015-11-07 05:46 1426944 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2015-12-10 17:52 . 2015-11-07 09:32 1412608 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-12-10 17:52 . 2015-11-07 07:52 4063232 ----a-w- c:\windows\system32\win32k.sys
2015-12-10 17:52 . 2015-11-07 05:52 1680384 ----a-w- c:\windows\system32\GdiPlus.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-26 08:54 . 2015-11-12 12:11 176096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-26 08:54 . 2015-07-20 16:54 826328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-12-10 17:57 . 2013-10-04 23:01 140158008 ----a-w- c:\windows\system32\MRT.exe
2015-11-01 16:00 . 2015-01-12 18:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-10-27 14:46 . 2015-11-11 17:52 320000 ----a-w- c:\windows\SysWow64\schannel.dll
2015-10-27 14:46 . 2015-11-11 17:52 73728 ----a-w- c:\windows\SysWow64\ncryptsslp.dll
2015-10-27 14:46 . 2015-11-11 17:52 89088 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-10-27 14:45 . 2015-11-11 17:52 2362368 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-27 13:55 . 2015-11-11 17:52 416256 ----a-w- c:\windows\system32\schannel.dll
2015-10-27 13:54 . 2015-11-11 17:52 130560 ----a-w- c:\windows\system32\ncrypt.dll
2015-10-27 13:54 . 2015-11-11 17:52 89088 ----a-w- c:\windows\system32\ncryptsslp.dll
2015-10-27 13:53 . 2015-11-11 17:52 276992 ----a-w- c:\windows\apppatch\apppatch64\AcGenral.dll
2015-10-16 18:39 . 2015-10-16 18:39 608 --sha-w- c:\windows\system32\winzvprt5.sys
2015-10-13 13:16 . 2015-11-11 17:51 576512 ----a-w- c:\windows\system32\drivers\afd.sys
2015-10-13 13:16 . 2015-11-11 17:51 129024 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-10-11 06:45 . 2015-11-11 17:52 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2015-10-11 06:45 . 2015-11-11 17:52 723968 ----a-w- c:\windows\system32\BFE.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"Boxoft Tools"="c:\programdata\Boxtools\Boxofttoolbox.exe" [2010-12-15 514048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-05-04 56568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 371976]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2013-10-16 337184]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-26 5515496]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2013-07-18 683656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 GDOCService;gDoc PDF Service;c:\program files (x86)\Global Graphics\gDocPDFServer\MWFSrv.exe;c:\program files (x86)\Global Graphics\gDocPDFServer\MWFSrv.exe [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys;c:\windows\SYSNATIVE\drivers\hpfx64fax.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys;c:\windows\SYSNATIVE\drivers\jmcr.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 clwvd;CyberLink Webcam Sharing Manager;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SensorsServiceDriver;Služba Reflektor UMDF pro knihovnu SensorsServiceDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\System32\drivers\WUDFRd.sys;c:\windows\SYSNATIVE\drivers\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-17 16:24 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-16 11:55]
.
2015-12-31 c:\windows\Tasks\HPCeeScheduleForVojtěch.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-24 20:55 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-23 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-23 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-23 441152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-12 1664000]
"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-22 3700736]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
IE: Stáhnout FDM - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Stáhnout video FDM - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané FDM - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Stáhnout vše FDM - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
AddRemove-NHL Hockey 97 - g:\UNINSTW.EXE
AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe
AddRemove-VirtuaGirl 2 - c:\program files (x86)\Vg\UNWISE.EXE
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Celkový čas: 2016-01-06 08:24:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-06 07:24
ComboFix2.txt 2016-01-05 17:36
.
Před spuštěním: 41 995 640 832 bytes free
Po spuštění: 41 965 207 552 bytes free
.
- - End Of File - - 3574F018101E47E5E5094DA30EC66216
A78C646DB8D284B9C54ED366B2CA860E

#36 Příspěvek od **altrok** » 06 led 2016 15:48

Preblem pretrvava?

Dejte prosim nove logy FRST.txt a Addition.txt

valentyne187 · #37 Příspěvek od **valentyne187** » 09 led 2016 12:35

problem je pryc, skvela prace, tisicere diky

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Vojtěch (administrator) on NH4E7QW (09-01-2016 12:30:41)
Running from C:\Users\Vojtěch\Desktop
Loaded Profiles: Vojtěch (Available Profiles: Vojtěch)
Platform: Windows 8 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] => C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285832 2013-05-04] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-26] (Avast Software s.r.o.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-866173097-1738320259-1985661619-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-866173097-1738320259-1985661619-1002\...\Run: [Boxoft Tools] => C:\ProgramData\Boxtools\Boxofttoolbox.exe [514048 2010-12-15] ()
HKU\S-1-5-21-866173097-1738320259-1985661619-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000
HKU\S-1-5-21-866173097-1738320259-1985661619-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\Snow3.scr [352256 2009-06-29] (Thomas Olesch)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-31]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A4F71677-C072-4D8A-96CA-BDC340144CF4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6DD668F-0FE8-4988-9F15-2792B0BCA99F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-866173097-1738320259-1985661619-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-866173097-1738320259-1985661619-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2014-09-23] (FreeDownloadManager.ORG)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-04] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2012-10-26] (DigitalPersona, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Vojtěch\AppData\Roaming\mozilla\plugins\npPxPlay.dll [2014-03-18] ( )
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-12-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]

Chrome:
=======
CHR Profile: C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [488824 2012-10-26] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
S3 GDOCService; C:\Program Files (x86)\Global Graphics\gDocPDFServer\MWFSrv.exe [77824 2010-08-27] (Global Graphics) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2014-02-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2014-02-04] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2015-03-22] () [File not signed]
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-10-10] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2014-11-21] ()
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [181312 2014-03-18] () [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [651776 2009-08-31] (Nokia) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-12-21] ()
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-12-21] ()
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1864328 2012-10-04] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-04-02] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [30848 2015-12-29] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-09 12:17 - 2016-01-09 12:19 - 00001078 _____ C:\Windows\system32dbgraw.bmp
2016-01-07 22:34 - 2016-01-08 00:06 - 1664147037 _____ C:\Users\Vojtěch\Downloads\Dánská-dívka_The-Danish-Girl_2015_titulky.CZ.mkv
2016-01-06 08:24 - 2016-01-06 08:24 - 00019339 _____ C:\ComboFix.txt
2016-01-06 07:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-05 18:50 - 2016-01-05 18:50 - 00004096 _____ C:\Windows\d3dx.dat
2016-01-05 18:19 - 2016-01-06 08:24 - 00000000 ____D C:\Qoobox
2016-01-05 18:19 - 2016-01-05 18:33 - 00000000 ____D C:\Windows\erdnt
2016-01-05 18:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-05 18:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-05 18:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-05 18:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-05 18:19 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2016-01-05 18:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-05 18:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-05 18:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-05 18:12 - 2016-01-05 18:17 - 00002302 _____ C:\Users\Vojtěch\Desktop\Rkill.txt
2016-01-05 18:11 - 2016-01-05 18:11 - 00001029 _____ C:\Users\Vojtěch\Desktop\postup.txt
2016-01-05 18:06 - 2016-01-05 18:06 - 05643309 ____R (Swearware) C:\ComboFix.exe
2016-01-05 18:05 - 2016-01-05 18:05 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Vojtěch\Desktop\rkill.exe
2016-01-04 18:54 - 2016-01-06 19:06 - 00000000 ____D C:\Users\Vojtěch\Downloads\Orphan (2009)
2016-01-04 18:54 - 2016-01-04 18:54 - 00015699 _____ C:\Users\Vojtěch\Downloads\orphan-2009-720p.torrent
2016-01-04 18:09 - 2016-01-04 18:09 - 00000091 _____ C:\Users\Vojtěch\Desktop\scriptprozoek.txt
2016-01-03 11:08 - 2016-01-03 11:08 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\CrashDumps
2016-01-03 11:06 - 2016-01-03 11:06 - 01309184 _____ C:\Users\Vojtěch\Desktop\zoek.exe
2016-01-03 11:06 - 2016-01-03 11:06 - 00000000 ____D C:\zoek_backup
2016-01-02 19:22 - 2016-01-02 19:22 - 00023175 _____ C:\Users\Vojtěch\Desktop\frst+add.zip
2016-01-02 19:19 - 2016-01-02 19:21 - 00048570 _____ C:\Users\Vojtěch\Desktop\Addition.txt
2016-01-02 19:18 - 2016-01-09 12:30 - 00018567 _____ C:\Users\Vojtěch\Desktop\FRST.txt
2016-01-02 19:16 - 2016-01-02 19:16 - 00011783 _____ C:\Users\Vojtěch\Desktop\Fixlog.txt
2016-01-02 19:15 - 2016-01-09 12:30 - 00000000 ____D C:\FRST
2016-01-02 19:14 - 2016-01-02 19:14 - 02370560 _____ (Farbar) C:\Users\Vojtěch\Desktop\FRST64.exe
2016-01-02 17:51 - 2016-01-02 17:51 - 00002634 _____ C:\Users\Vojtěch\Desktop\ESETlog.txt
2016-01-02 13:35 - 2016-01-02 13:35 - 02870984 _____ (ESET) C:\Users\Vojtěch\Desktop\esetsmartinstaller_csy.exe
2016-01-02 00:29 - 2016-01-02 00:34 - 87562580 _____ C:\Users\Vojtěch\Downloads\Gus-Hansen---Every-Hand-Revealed.pdf
2016-01-01 22:31 - 2016-01-06 19:06 - 00000000 ____D C:\Users\Vojtěch\Downloads\The Dreamers - NC-17 Uncut [GeneGeter.com]
2016-01-01 22:08 - 2016-01-01 22:08 - 00028709 _____ C:\Users\Vojtěch\Downloads\[kat.cr]the.dreamers.nc.17.uncut.genegeter.com.torrent
2015-12-30 21:11 - 2015-12-30 21:11 - 00005092 _____ C:\Users\Vojtěch\Desktop\malw.txt
2015-12-30 14:50 - 2015-12-31 18:59 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-30 14:50 - 2015-12-31 11:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-30 14:50 - 2015-12-30 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-30 14:50 - 2015-12-30 14:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-30 14:50 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-30 14:50 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-30 14:50 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-30 14:49 - 2015-12-30 14:49 - 22908888 _____ (Malwarebytes ) C:\Users\Vojtěch\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-29 11:31 - 2015-12-29 11:31 - 00003792 _____ C:\Users\Vojtěch\Desktop\rogueexport.txt
2015-12-29 10:53 - 2015-12-29 11:37 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-29 10:53 - 2015-12-29 10:53 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-29 10:49 - 2015-12-29 10:50 - 20835400 _____ C:\Users\Vojtěch\Desktop\RogueKiller.exe
2015-12-28 11:25 - 2015-12-28 11:47 - 00000000 ____D C:\rsit
2015-12-28 11:25 - 2015-12-28 11:47 - 00000000 ____D C:\Program Files\trend micro
2015-12-22 17:35 - 2015-12-22 17:35 - 00000000 ____D C:\Users\Vojtěch\AppData\LocalLow\Adobe
2015-12-22 17:28 - 2015-12-22 17:28 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-22 17:24 - 2015-12-22 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-12-22 17:24 - 2015-12-22 17:26 - 00000000 ____D C:\Program Files\Adobe
2015-12-22 17:21 - 2015-12-31 18:59 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-12-22 17:21 - 2015-12-22 17:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-22 17:21 - 2015-12-22 17:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-12-22 17:21 - 2015-12-22 17:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-12-22 17:18 - 2015-12-22 17:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-22 15:01 - 2015-12-22 17:28 - 00000000 ____D C:\ProgramData\Adobe
2015-12-21 15:12 - 2015-12-31 18:59 - 00001955 _____ C:\Users\Public\Desktop\FlashDevelop.lnk
2015-12-21 15:12 - 2015-12-22 15:20 - 00000090 _____ C:\Users\Vojtěch\mm.cfg
2015-12-21 15:12 - 2015-12-21 15:55 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\FlashDevelop
2015-12-21 15:12 - 2015-12-21 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashDevelop
2015-12-21 15:11 - 2015-12-21 15:12 - 00000000 ____D C:\Program Files (x86)\FlashDevelop
2015-12-16 21:00 - 2015-12-16 23:00 - 00000001 _____ C:\Windows\SysWOW64\en.html
2015-12-16 12:31 - 2015-12-16 12:31 - 00284456 _____ C:\Windows\Minidump\121615-32875-01.dmp
2015-12-15 22:37 - 2015-12-20 19:00 - 00000000 ____D C:\Users\Vojtěch\Downloads\Drive (2011)
2015-12-14 11:50 - 2015-12-14 11:52 - 00284512 _____ C:\Windows\Minidump\121415-30515-01.dmp
2015-12-14 10:42 - 2015-12-14 10:43 - 00284424 _____ C:\Windows\Minidump\121415-37593-01.dmp
2015-12-14 09:38 - 2015-12-14 09:40 - 00285968 _____ C:\Windows\Minidump\121415-77906-01.dmp
2015-12-14 09:38 - 2015-12-14 09:38 - 00401272 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 19:03 - 2015-11-16 17:17 - 06970712 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-10 19:03 - 2015-11-16 17:10 - 01821192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-10 19:03 - 2015-11-16 15:55 - 01410000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-10 19:03 - 2015-11-16 15:42 - 00171864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-12-10 19:03 - 2015-11-16 15:29 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-12-10 19:03 - 2015-11-16 15:29 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-12-10 19:03 - 2015-11-16 15:29 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-12-10 19:03 - 2015-11-16 15:29 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-12-10 19:03 - 2015-11-16 15:29 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-12-10 19:03 - 2015-11-16 15:28 - 01223168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-10 19:03 - 2015-11-16 15:28 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-12-10 19:03 - 2015-11-16 15:28 - 00384512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-10 19:03 - 2015-11-16 15:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-12-10 19:03 - 2015-11-16 15:27 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-10 19:03 - 2015-11-16 15:26 - 01637376 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-10 19:03 - 2015-11-16 15:26 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-12-10 19:03 - 2015-11-16 15:26 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-12-10 19:03 - 2015-11-16 15:26 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-12-10 19:03 - 2015-11-16 15:26 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-12-10 19:03 - 2015-11-16 15:26 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-10 19:03 - 2015-11-16 15:26 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-12-10 19:03 - 2015-11-16 15:26 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-12-10 19:03 - 2015-11-16 15:26 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-12-10 19:03 - 2015-11-16 15:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-12-10 19:03 - 2015-11-16 15:26 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-12-10 19:03 - 2015-11-16 15:26 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-12-10 18:56 - 2015-10-24 06:28 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-10 18:56 - 2015-10-24 06:24 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-10 18:56 - 2015-10-22 20:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-10 18:56 - 2015-10-22 20:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-10 18:56 - 2015-10-22 20:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-10 18:56 - 2015-10-22 20:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-10 18:56 - 2015-10-22 20:00 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-10 18:56 - 2015-10-22 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-10 18:56 - 2015-10-22 14:43 - 00478280 _____ C:\Windows\SysWOW64\locale.nls
2015-12-10 18:56 - 2015-10-22 14:42 - 00478280 _____ C:\Windows\system32\locale.nls
2015-12-10 18:55 - 2015-11-07 13:45 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-10 18:54 - 2015-11-07 13:46 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-10 18:54 - 2015-11-07 13:46 - 01408512 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-10 18:54 - 2015-11-07 13:46 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-12-10 18:54 - 2015-11-07 13:46 - 00592384 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-10 18:54 - 2015-11-07 13:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-12-10 18:54 - 2015-11-07 13:45 - 19349504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-10 18:54 - 2015-11-07 13:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-10 18:54 - 2015-11-07 13:44 - 15423488 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-10 18:54 - 2015-11-07 13:44 - 03806208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-10 18:54 - 2015-11-07 13:44 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-10 18:54 - 2015-11-07 13:44 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-10 18:54 - 2015-11-07 13:44 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-10 18:54 - 2015-11-07 13:44 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-10 18:54 - 2015-11-07 13:44 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-10 18:54 - 2015-11-07 13:44 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-10 18:54 - 2015-11-07 10:34 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-10 18:54 - 2015-11-07 10:34 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-10 18:54 - 2015-11-07 10:34 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-10 18:54 - 2015-11-07 10:34 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-12-10 18:54 - 2015-11-07 10:33 - 14269440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-10 18:54 - 2015-11-07 10:33 - 13723136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-10 18:54 - 2015-11-07 10:33 - 02793984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-10 18:54 - 2015-11-07 10:33 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-10 18:54 - 2015-11-07 10:33 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-10 18:54 - 2015-11-07 10:33 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-10 18:54 - 2015-11-07 10:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-10 18:54 - 2015-11-07 10:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-10 18:54 - 2015-11-07 10:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-10 18:54 - 2015-11-07 10:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-10 18:54 - 2015-11-07 06:29 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-12-10 18:54 - 2015-09-18 14:32 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-10 18:53 - 2015-11-05 10:55 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-10 18:53 - 2015-10-31 09:14 - 02038784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-10 18:53 - 2015-10-31 08:33 - 02308096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-10 18:52 - 2015-11-07 13:46 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-10 18:52 - 2015-11-07 13:44 - 01840640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-10 18:52 - 2015-11-07 13:44 - 01280000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-10 18:52 - 2015-11-07 10:32 - 01412608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-10 18:52 - 2015-11-07 08:52 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-10 18:52 - 2015-11-07 06:53 - 01126912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-10 18:52 - 2015-11-07 06:52 - 01680384 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-10 18:52 - 2015-11-07 06:46 - 01426944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-09 12:19 - 2012-07-26 06:37 - 00000000 ____D C:\Windows
2016-01-09 00:55 - 2015-01-13 19:55 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-09 00:34 - 2014-11-21 23:02 - 00000000 ___HD C:\$Windows.~BT
2016-01-08 23:37 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2016-01-08 23:36 - 2013-12-10 14:57 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2016-01-07 21:04 - 2013-12-15 13:56 - 00000000 ____D C:\Program Files (x86)\NHL 95
2016-01-07 17:41 - 2012-09-26 09:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini
2016-01-07 17:38 - 2013-12-10 14:57 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2016-01-07 16:11 - 2012-11-22 04:49 - 00000000 ____D C:\ProgramData\PDFC
2016-01-07 12:16 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\Inf
2016-01-06 19:42 - 2015-02-21 21:35 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\PokerStars.EU
2016-01-06 19:42 - 2015-02-21 21:31 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-01-06 19:08 - 2015-10-03 20:54 - 00000000 ____D C:\Users\Vojtěch\Downloads\Hotell.2013.SWEDiSH.DvDRip.x264.AC3-SWAXXON
2016-01-06 19:06 - 2013-10-05 22:29 - 05489664 ___SH C:\Users\Vojtěch\Downloads\Thumbs.db
2016-01-06 15:26 - 2013-10-15 21:35 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-06 08:17 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2016-01-06 07:54 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-06 07:36 - 2013-11-09 18:53 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\LogMeIn Hamachi
2016-01-05 18:50 - 2014-05-20 14:20 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\ElevatedDiagnostics
2016-01-05 12:03 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2016-01-04 20:42 - 2013-11-07 20:21 - 00000000 ____D C:\Users\Vojtěch\Downloads\05_obrazky
2016-01-04 19:00 - 2013-10-19 21:12 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\uTorrent
2016-01-04 18:34 - 2013-11-04 09:26 - 00464384 ___SH C:\Users\Vojtěch\Desktop\Thumbs.db
2016-01-04 18:26 - 2013-11-07 20:17 - 00000000 ____D C:\Users\Vojtěch\Downloads\01_filmy
2016-01-04 18:20 - 2013-11-07 20:20 - 00000000 ____D C:\Users\Vojtěch\Downloads\02_hudba
2016-01-04 18:11 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-31 19:57 - 2013-10-03 22:41 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-866173097-1738320259-1985661619-1002
2015-12-31 18:59 - 2015-11-17 13:32 - 00002725 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-31 18:59 - 2015-09-21 22:01 - 00001806 _____ C:\Users\Public\Desktop\CasinoAction.lnk
2015-12-31 18:59 - 2014-10-10 17:52 - 00001705 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamePark klient 2.lnk
2015-12-31 18:59 - 2014-07-15 16:02 - 00001636 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk
2015-12-31 18:59 - 2013-12-15 13:56 - 00001059 _____ C:\Users\Public\Desktop\NHL 95.lnk
2015-12-31 18:59 - 2013-11-09 17:53 - 00002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2015-12-31 18:59 - 2013-10-26 15:25 - 00001271 _____ C:\Users\Public\Desktop\Football Manager 2011.lnk
2015-12-31 18:59 - 2013-10-15 21:35 - 00000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-31 18:59 - 2012-11-22 04:53 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2015-12-31 18:58 - 2015-11-18 10:41 - 00002007 _____ C:\Users\Vojtěch\Desktop\gDoc PDF Server.lnk
2015-12-31 18:58 - 2015-11-10 22:15 - 00002065 _____ C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\888poker.lnk
2015-12-31 18:58 - 2015-11-06 18:24 - 00002041 _____ C:\Users\Vojtěch\Desktop\888poker.lnk
2015-12-31 18:58 - 2015-10-20 06:47 - 00001181 _____ C:\Users\Vojtěch\Desktop\REVIZEprofi 2051.lnk
2015-12-31 18:58 - 2015-09-21 22:01 - 00001818 _____ C:\ProgramData\Microsoft\Windows\Start Menu\CasinoAction.lnk
2015-12-31 18:58 - 2015-02-21 21:35 - 00001994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk
2015-12-31 18:58 - 2014-12-18 18:18 - 00001818 _____ C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\NetBet Poker.lnk
2015-12-31 18:58 - 2014-12-15 19:57 - 00001400 _____ C:\Users\Vojtěch\Desktop\S.T.A.L.K.E.R. - Call of Pripyat.lnk
2015-12-31 18:58 - 2014-06-18 18:37 - 00001824 _____ C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\Europa Casino.lnk
2015-12-31 18:58 - 2014-06-18 18:16 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Superior Casino.lnk
2015-12-31 18:58 - 2014-01-26 13:59 - 00001890 _____ C:\Users\Vojtěch\Desktop\Pro Evolution Soccer 6.lnk
2015-12-31 18:58 - 2013-12-21 12:43 - 00002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk
2015-12-31 18:58 - 2013-11-21 13:03 - 00001667 _____ C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2015-12-31 18:58 - 2013-11-01 01:20 - 00002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-12-31 18:58 - 2013-10-04 21:19 - 00001221 _____ C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-12-31 18:58 - 2013-10-03 22:32 - 00001031 _____ C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-31 18:55 - 2014-05-07 18:57 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForVojtěch.job
2015-12-31 18:55 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\Branding
2015-12-31 18:49 - 2015-09-13 11:15 - 00000000 ___RD C:\Users\Vojtěch\Desktop\gorbitch
2015-12-31 18:49 - 2013-10-19 21:12 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2015-12-31 15:45 - 2015-11-06 18:24 - 00000000 ____D C:\Users\Vojtěch\Documents\888poker
2015-12-31 13:44 - 2014-11-24 09:52 - 00000000 ____D C:\Users\Vojtěch\Downloads\13_POKER
2015-12-31 11:28 - 2013-11-07 20:30 - 00000000 ____D C:\Users\Vojtěch\Downloads\09_texty
2015-12-30 16:17 - 2013-11-07 20:22 - 00000000 ____D C:\Users\Vojtěch\Downloads\06_instalacky_a_aplikace
2015-12-30 12:42 - 2012-07-26 08:59 - 00000000 ____D C:\Windows\CbsTemp
2015-12-29 14:04 - 2014-05-07 18:57 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForVojtěch
2015-12-29 14:04 - 2013-10-03 22:32 - 00000000 ____D C:\Users\Vojtěch
2015-12-29 12:55 - 2013-10-16 18:35 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-29 00:21 - 2015-12-03 21:38 - 00000000 ____D C:\FlashInstaller
2015-12-27 23:29 - 2015-01-12 12:12 - 00000570 _____ C:\DelFix.txt
2015-12-27 20:27 - 2012-11-22 05:19 - 00756994 _____ C:\Windows\system32\perfh005.dat
2015-12-27 20:27 - 2012-11-22 05:19 - 00163422 _____ C:\Windows\system32\perfc005.dat
2015-12-27 20:27 - 2012-07-26 08:28 - 01854972 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-27 12:45 - 2013-11-07 20:20 - 00000000 ____D C:\Users\Vojtěch\Downloads\03_serialy
2015-12-26 15:23 - 2014-01-05 23:02 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\vlc
2015-12-26 09:54 - 2015-11-12 13:11 - 00176096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-26 09:54 - 2015-07-20 17:54 - 00826328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-23 01:40 - 2013-10-16 18:34 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\Adobe
2015-12-23 01:36 - 2014-08-26 18:38 - 00000000 ____D C:\Users\Vojtěch\Desktop\Tor Browser
2015-12-23 01:36 - 2013-10-07 18:49 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amnesia
2015-12-23 01:36 - 2013-10-04 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-22 17:35 - 2013-10-03 22:32 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\Adobe
2015-12-19 16:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2015-12-16 12:31 - 2014-02-10 18:28 - 00000000 ____D C:\Windows\Minidump
2015-12-13 21:34 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-13 20:51 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2015-12-12 13:33 - 2014-12-22 17:31 - 00003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1381869317
2015-12-10 19:03 - 2013-10-05 00:01 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 18:57 - 2013-10-05 00:01 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-05-26 16:20 - 2015-05-26 16:20 - 0000040 _____ () C:\Users\Vojtěch\AppData\Roaming\cdr.ini
2015-11-19 13:19 - 2015-11-19 13:19 - 0000000 _____ () C:\Users\Vojtěch\AppData\Local\{A365E46F-AAE6-4A5E-A4F0-FEF0DDD7E94B}
2015-10-16 19:24 - 2015-10-16 19:46 - 0000387 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-30 12:41

==================== End of FRST.txt ============================

#38 Příspěvek od **altrok** » 10 led 2016 03:02

Nemate zac

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

valentyne187 · #39 Příspěvek od **valentyne187** » 11 led 2016 17:54

nevite prosim jeste, co zpusobuje tu neplechu viz obrazek?

notebook se obcas takhle zblazni a sotva s nim jde neco delat

#40 Příspěvek od **altrok** » 11 led 2016 23:24

Nenapada me zpusob, jak detekovat, co zpusobuje vytizeni disku. Muzou to byt aktualizace, ale strilim od boku (navic na screenu je subsystem System). Tady bych Vas odkazal na technickou podporu Microsoftu.

VIRY.CZ

presmerovani na reklamni weby pri kliknuti na odkaz

Re: presmerovani na reklamni weby pri kliknuti na odkaz

Re: presmerovani na reklamni weby pri kliknuti na odkaz

Re: presmerovani na reklamni weby pri kliknuti na odkaz

Re: presmerovani na reklamni weby pri kliknuti na odkaz

Re: presmerovani na reklamni weby pri kliknuti na odkaz

Re: presmerovani na reklamni weby pri kliknuti na odkaz

Re: presmerovani na reklamni weby pri kliknuti na odkaz

Re: presmerovani na reklamni weby pri kliknuti na odkaz

Re: presmerovani na reklamni weby pri kliknuti na odkaz

Re: presmerovani na reklamni weby pri kliknuti na odkaz