VIRY.CZ

Hodte mi tento soubor C:\Windows\Minidump\060516-32261-01.dmp treba na leteckou postu a sem dejte odkaz na stazeni.

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

DMP soubor: http://leteckaposta.cz/325288520

OTL.Txt a Extras.Txt jsou v příloze.

Proc jste nedal logy sem?

Vypnete antivir, at nebrani programu v praci.

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2593731983-1712290180-166656690-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-2593731983-1712290180-166656690-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
O4 - HKU\.DEFAULT..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun File not found
O4 - HKU\S-1-5-18..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[11 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[50 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\1daca4ef028cd022ccb60b3f5c9362d2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\1daca4ef028cd022ccb60b3f5c9362d2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\34b6a7e7a4cbfae4b9c5dbb9281e58ec\*.tmp files -> C:\Windows\SoftwareDistribution\Download\34b6a7e7a4cbfae4b9c5dbb9281e58ec\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\46dc1a26053496707fa056b1412285c2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\46dc1a26053496707fa056b1412285c2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\645f53ee09813c6f2ea6772757a01161\*.tmp files -> C:\Windows\SoftwareDistribution\Download\645f53ee09813c6f2ea6772757a01161\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\ec8eaff2e668cb818bce43ec011788c1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\ec8eaff2e668cb818bce43ec011788c1\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\SysWOW64\*.tmp files -> C:\Windows\SysWOW64\*.tmp -> ]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Nechtělo jse mi to rozdělovat do 5 příspěvků tak jsem to dal jako přílohu.

OTL:
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 313840 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Raubiri
->Temp folder emptied: 43190949 bytes
->Temporary Internet Files folder emptied: 285281855 bytes
->Java cache emptied: 1054513 bytes
->FireFox cache emptied: 378509136 bytes
->Flash cache emptied: 315737 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 284160 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1196805 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 697470 bytes

Total Files Cleaned = 678,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Raubiri
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-2593731983-1712290180-166656690-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2593731983-1712290180-166656690-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\KSS deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\KSS not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {444785F1-DE89-4295-863A-D46C3A781394}
C:\Windows\Downloaded Program Files\UnityWebPlayer.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{444785F1-DE89-4295-863A-D46C3A781394}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{444785F1-DE89-4295-863A-D46C3A781394}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21.tmp\aspnet_merge.exe deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3DD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP72F0.tmp\System.IdentityModel.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP72F0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP83EE.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8A95.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8B42.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E13.tmp\System.ServiceModel.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E13.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA48A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5782.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP72A0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP931A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9FF7.tmp\Microsoft.SqlServer.ServiceBrokerEnum.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9FF7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC38D.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD8F1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE446.tmp\PresentationFontCache.exe deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE446.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEF04.tmp folder deleted successfully.
C:\Windows\Installer\MSI1252.tmp- folder deleted successfully.
C:\Windows\Installer\MSI324F.tmp- folder deleted successfully.
C:\Windows\Installer\MSI328.tmp- folder deleted successfully.
C:\Windows\Installer\MSI35D3.tmp- folder deleted successfully.
C:\Windows\Installer\MSI38E5.tmp- folder deleted successfully.
C:\Windows\Installer\MSI3D0D.tmp- folder deleted successfully.
C:\Windows\Installer\MSI427F.tmp- folder deleted successfully.
C:\Windows\Installer\MSI455A.tmp- folder deleted successfully.
C:\Windows\Installer\MSI4E4A.tmp- folder deleted successfully.
C:\Windows\Installer\MSI55AB.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5B77.tmp-\HD-LibraryHandler.dll deleted successfully.
C:\Windows\Installer\MSI5B77.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSI5B77.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5EA1.tmp- folder deleted successfully.
C:\Windows\Installer\MSI63FF.tmp- folder deleted successfully.
C:\Windows\Installer\MSI6A93.tmp- folder deleted successfully.
C:\Windows\Installer\MSI6C0B.tmp- folder deleted successfully.
C:\Windows\Installer\MSI6D65.tmp-\HD-SystemDeviceInfo.dll deleted successfully.
C:\Windows\Installer\MSI6D65.tmp- folder deleted successfully.
C:\Windows\Installer\MSI787B.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7C95.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7F04.tmp- folder deleted successfully.
C:\Windows\Installer\MSI83E1.tmp- folder deleted successfully.
C:\Windows\Installer\MSI83F3.tmp- folder deleted successfully.
C:\Windows\Installer\MSI84F0.tmp- folder deleted successfully.
C:\Windows\Installer\MSI85B6.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8AB5.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8DF.tmp- folder deleted successfully.
C:\Windows\Installer\MSI98D5.tmp-\HD-LibraryHandler.dll deleted successfully.
C:\Windows\Installer\MSI98D5.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA145.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA716.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAE3A.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB39A.tmp-\HD-LibraryHandler.dll deleted successfully.
C:\Windows\Installer\MSIB39A.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB684.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB82D.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB82A.tmp- folder deleted successfully.
C:\Windows\Installer\MSIBF5E.tmp- folder deleted successfully.
C:\Windows\Installer\MSIBFB1.tmp-\HD-LibraryHandler.dll deleted successfully.
C:\Windows\Installer\MSIBFB1.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSIBFB1.tmp- folder deleted successfully.
C:\Windows\Installer\MSIC3CE.tmp- folder deleted successfully.
C:\Windows\Installer\MSICA18.tmp- folder deleted successfully.
C:\Windows\Installer\MSICCCD.tmp- folder deleted successfully.
C:\Windows\Installer\MSID3E5.tmp- folder deleted successfully.
C:\Windows\Installer\MSID5CC.tmp- folder deleted successfully.
C:\Windows\Installer\MSIE322.tmp- folder deleted successfully.
C:\Windows\Installer\MSIE96A.tmp- folder deleted successfully.
C:\Windows\Installer\MSIEBD7.tmp deleted successfully.
C:\Windows\Installer\MSIEC3C.tmp- folder deleted successfully.
C:\Windows\Installer\MSIED59.tmp-\HD-SystemDeviceInfo.dll deleted successfully.
C:\Windows\Installer\MSIED59.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF204.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF6D5.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF89.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF8D9.tmp- folder deleted successfully.
C:\Windows\Installer\MSIFB97.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\1daca4ef028cd022ccb60b3f5c9362d2\BIT71B5.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\34b6a7e7a4cbfae4b9c5dbb9281e58ec\BITA1F7.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\46dc1a26053496707fa056b1412285c2\BIT6B8F.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\645f53ee09813c6f2ea6772757a01161\BIT34C6.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\ec8eaff2e668cb818bce43ec011788c1\BITAF6A.tmp deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06082016_135215

Files\Folders moved on Reboot...
C:\Users\Raubiri\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Raubiri\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3108.log moved successfully.
C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt moved successfully.
C:\Windows\temp\officec2rclient.exe_c2ruidll(201606081339061088).log moved successfully.
File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(20160608133808600).log not found!
C:\Windows\temp\PC-KLUCI-20160608-1338.log moved successfully.
C:\Windows\temp\PC-KLUCI-20160608-1339.log moved successfully.
C:\Windows\temp\PC-KLUCI-20160608-1339a.log moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

stepano píše:Nechtělo jse mi to rozdělovat do 5 příspěvků tak jsem to dal jako přílohu.

Jenze tady je to prehlednejsi a lip se to pak lusti. Vy to jen kopirujete, ale ja to musim cist

Nastala nejaka zmena?

Márty84 píše:Jenze tady je to prehlednejsi a lip se to pak lusti. Vy to jen kopirujete, ale ja to musim cist

Tak to se omlouvám

Márty84 píše:Nastala nejaka zmena?

Počítač mi stále zobrazuje BSOD a samovolně minimalizuje okna.

Poslete mi zase na leteckou postu nove dump soubory, at vim, jestli to dela porad stejny vinik, nebo je jich vic.

http://leteckaposta.cz/261700985

V tomhle pripade to zas byla jina pricina, nez minule.

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix:
ComboFix 16-06-01.01 - Raubiri 13.06.2016 15:27:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3799.2508 [GMT 2:00]
Spuštěný z: c:\users\Raubiri\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\ntuser.pol
c:\users\Raubiri\AppData\Local\assembly\tmp
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\_ctypes.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\_elementtree.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\_hashlib.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\_multiprocessing.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\_psutil_windows.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\_socket.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\_ssl.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\_yappi.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\common.time34.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\hashobjs_ext.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\pyexpat.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\pysqlite2._sqlite.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\python27.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\pythoncom27.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\PyWinTypes27.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\select.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\thumbnails_ext.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\unicodedata.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\usb_ext.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32api.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32com.shell.shell.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32crypt.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32event.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32file.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32gui.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32inet.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32pdh.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32pipe.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32process.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32profile.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32security.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\win32ts.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\windows._lib_cacheinvalidation.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wx._animate.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wx._controls_.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wx._core_.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wx._gdi_.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wx._html2.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wx._misc_.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wx._windows_.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wx._wizard.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wxbase30u_net_vc90.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wxbase30u_vc90.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wxmsw30u_adv_vc90.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wxmsw30u_core_vc90.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wxmsw30u_html_vc90.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI37242\wxmsw30u_webview_vc90.dll
c:\users\Raubiri\AppData\Roaming\Stella
c:\users\Raubiri\AppData\Roaming\Stella\stella.ini
c:\users\Raubiri\AppData\Roaming\Stella\stella.pro
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-05-13 do 2016-06-13 )))))))))))))))))))))))))))))))
.
.
2016-06-13 13:44 . 2016-06-13 13:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-06-12 20:02 . 2016-06-13 10:21 -------- d-----w- c:\users\Raubiri\AppData\Roaming\vlc
2016-06-12 19:47 . 2016-06-12 19:47 -------- d-----w- c:\program files (x86)\VideoLAN
2016-06-12 19:44 . 2016-06-12 20:01 -------- d-----w- c:\users\Raubiri\AppData\Roaming\livestreamer
2016-06-12 19:44 . 2016-06-12 20:01 -------- d-----w- c:\program files (x86)\Livestreamer
2016-06-12 09:18 . 2016-06-12 09:27 -------- d-----w- C:\xampp
2016-06-09 14:16 . 2016-04-23 05:00 417792 ----a-w- c:\windows\system32\html.iec
2016-06-09 14:14 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-06-09 14:14 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-06-09 12:35 . 2016-06-09 12:36 -------- d-----w- c:\program files (x86)\AirDroid
2016-06-08 17:15 . 2016-06-08 17:15 -------- d-----w- c:\users\Raubiri\AppData\Roaming\Brackets
2016-06-08 17:12 . 2016-06-08 17:12 -------- d-----w- c:\program files (x86)\Brackets
2016-06-08 16:47 . 2016-06-12 19:19 -------- d-----w- c:\windows\Ubisoft
2016-06-08 16:42 . 2016-06-10 16:59 -------- d-----w- c:\program files (x86)\Ubi Soft
2016-06-08 16:34 . 2016-06-08 16:34 -------- d-----w- c:\program files (x86)\iTunes
2016-06-08 16:34 . 2016-06-08 16:34 -------- d-----w- c:\program files\iPod
2016-06-08 11:52 . 2016-06-08 11:52 -------- d-----w- C:\_OTL
2016-06-07 12:18 . 2016-06-07 12:18 512 ----a-w- C:\PhysicalMBR.bin
2016-06-06 14:45 . 2016-06-06 14:46 -------- d-----w- c:\program files (x86)\WinSCP
2016-06-05 18:28 . 2016-06-05 18:28 -------- d-----w- c:\users\Raubiri\AppData\Local\Secunia PSI
2016-06-05 18:28 . 2016-06-06 12:23 -------- d-----w- c:\program files (x86)\Secunia
2016-06-04 08:46 . 2016-06-04 08:46 -------- d-----w- c:\program files (x86)\HD Tune
2016-06-02 12:05 . 2016-06-02 12:21 -------- d-----w- c:\program files\Defraggler
2016-06-02 12:04 . 2016-06-02 12:04 -------- d-----w- c:\program files\CCleaner
2016-06-01 15:18 . 2016-06-01 15:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-06-01 15:16 . 2016-06-01 15:16 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-06-01 15:15 . 2016-06-01 15:15 -------- d-----w- c:\program files\Java
2016-05-31 15:52 . 2016-05-31 15:52 -------- d-----w- c:\program files (x86)\Phenomedia AG
2016-05-31 15:46 . 2016-05-31 15:46 -------- d-----w- C:\Phenomedia AG
2016-05-31 15:45 . 2001-09-05 03:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2016-05-31 15:44 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2016-05-31 15:44 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2016-05-31 15:44 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2016-05-31 15:44 . 2001-09-05 03:24 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2016-05-28 18:23 . 2016-06-12 12:29 -------- d-----w- c:\program files (x86)\TeamViewer
2016-05-28 17:42 . 2016-05-28 17:42 -------- d-----w- c:\program files\trend micro
2016-05-28 14:15 . 2016-05-28 14:15 -------- d-----r- c:\program files (x86)\Skype
2016-05-28 14:15 . 2016-05-28 14:15 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-05-28 08:32 . 2016-05-26 00:13 6186272 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
2016-05-28 08:31 . 2016-05-25 23:08 1776336 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll
2016-05-27 16:25 . 2016-05-27 16:25 -------- d-----w- c:\program files (x86)\WinDirStat
2016-05-25 01:29 . 2016-05-25 01:29 363056 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-05-25 01:29 . 2016-05-25 01:29 200240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-05-25 01:29 . 2016-05-25 01:29 15920 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-09 21:27 . 2013-03-05 10:44 139319312 ----a-w- c:\windows\system32\MRT.exe
2016-06-01 14:48 . 2015-11-06 17:59 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-26 20:28 . 2016-06-13 10:42 11895896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1415C38A-711D-4449-A78E-0F821530B368}\mpengine.dll
2016-05-26 20:28 . 2016-06-12 09:28 11895896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-05-26 08:08 . 2016-04-19 16:44 2700064 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-05-12 17:16 . 2013-06-21 17:44 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-12 17:16 . 2013-06-21 17:44 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-09 10:10 . 2016-05-24 15:20 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4EB71A07-6665-46FA-90D2-DDC9317ABF4D}\gapaengine.dll
2016-05-09 10:10 . 2016-05-03 08:06 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-05-04 08:38 . 2016-05-04 08:37 40960 ----a-r- c:\users\Raubiri\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2016-05-04 08:38 . 2016-05-04 08:37 40960 ----a-r- c:\users\Raubiri\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2016-04-27 17:17 . 2015-11-06 17:58 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-22 07:57 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-14 15:17 . 2016-04-29 10:22 66752 ----a-w- c:\windows\system32\drivers\vmx86.sys
2016-04-14 15:17 . 2016-04-29 10:21 934080 ----a-w- c:\windows\system32\vnetlib64.dll
2016-04-14 15:17 . 2016-04-29 10:22 392896 ----a-w- c:\windows\SysWow64\vmnat.exe
2016-04-14 15:17 . 2016-04-29 10:22 358080 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2016-04-14 14:53 . 2016-04-29 10:22 26816 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2016-04-14 14:53 . 2016-04-14 14:53 49856 ----a-w- c:\windows\system32\vnetinst.dll
2016-04-14 14:53 . 2016-04-14 14:53 81088 ----a-w- c:\windows\system32\vmnetbridge.dll
2016-04-14 14:53 . 2016-04-14 14:53 48832 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2016-04-14 14:53 . 2016-04-14 14:53 28864 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2016-04-14 14:53 . 2016-04-14 14:53 27328 ----a-w- c:\windows\system32\drivers\vmnet.sys
2016-04-09 06:58 . 2016-06-09 14:16 344064 ----a-w- c:\windows\system32\schannel.dll
2016-04-09 06:58 . 2016-06-09 14:16 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-04-09 06:54 . 2016-06-09 14:16 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-04-09 06:54 . 2016-06-09 14:16 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-04-09 06:54 . 2016-06-09 14:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-06 15:33 . 2015-10-10 13:27 413504 ----a-w- c:\programdata\Microsoft\Blend\14.0\1033\ResourceCache.dll
2016-04-04 18:14 . 2016-04-13 12:50 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-13 12:50 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-13 12:50 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-03-24 17:21 . 2016-03-24 17:21 21572120 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2016-03-23 14:02 . 2016-04-13 12:50 215040 ----a-w- c:\windows\system32\aepic.dll
2016-03-22 21:22 . 2016-03-22 21:22 222888 ----a-w- c:\windows\SysWow64\VSPerf140.dll
2016-03-22 21:22 . 2016-03-22 21:22 1823936 ----a-w- c:\windows\SysWow64\VsGraphicsHelper.dll
2016-03-22 20:22 . 2016-03-22 20:22 274600 ----a-w- c:\windows\system32\VSPerf140.dll
2016-03-22 14:20 . 2016-03-22 14:20 34720 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2016-03-19 10:25 . 2015-10-03 18:00 66719 ----a-w- c:\users\Raubiri\Network_Meter_Data.js
2016-03-17 22:56 . 2016-04-13 12:50 2084864 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-13 12:50 1414144 ----a-w- c:\windows\SysWow64\ole32.dll
2016-03-17 20:54 . 2016-03-17 20:54 89416 ----a-w- c:\windows\system32\vcruntime140.dll
2016-03-17 20:54 . 2016-03-17 20:54 783176 ----a-w- c:\windows\system32\concrt140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 76096 ----a-w- c:\windows\system32\mfc140fra.dll
2016-03-17 20:54 . 2016-03-17 20:54 76096 ----a-w- c:\windows\system32\mfc140deu.dll
2016-03-17 20:54 . 2016-03-17 20:54 75072 ----a-w- c:\windows\system32\mfc140esn.dll
2016-03-17 20:54 . 2016-03-17 20:54 74048 ----a-w- c:\windows\system32\mfc140ita.dll
2016-03-17 20:54 . 2016-03-17 20:54 72000 ----a-w- c:\windows\system32\mfc140rus.dll
2016-03-17 20:54 . 2016-03-17 20:54 66368 ----a-w- c:\windows\system32\mfc140enu.dll
2016-03-17 20:54 . 2016-03-17 20:54 639808 ----a-w- c:\windows\system32\msvcp140.dll
2016-03-17 20:54 . 2016-03-17 20:54 5645112 ----a-w- c:\windows\system32\mfc140u.dll
2016-03-17 20:54 . 2016-03-17 20:54 5616944 ----a-w- c:\windows\system32\mfc140.dll
2016-03-17 20:54 . 2016-03-17 20:54 55616 ----a-w- c:\windows\system32\mfc140jpn.dll
2016-03-17 20:54 . 2016-03-17 20:54 54592 ----a-w- c:\windows\system32\mfc140kor.dll
2016-03-17 20:54 . 2016-03-17 20:54 545600 ----a-w- c:\windows\system32\vcamp140.dll
2016-03-17 20:54 . 2016-03-17 20:54 47424 ----a-w- c:\windows\system32\mfc140cht.dll
2016-03-17 20:54 . 2016-03-17 20:54 47424 ----a-w- c:\windows\system32\mfc140chs.dll
2016-03-17 20:54 . 2016-03-17 20:54 394568 ----a-w- c:\windows\system32\vccorlib140.dll
2016-03-17 20:54 . 2016-03-17 20:54 334656 ----a-w- c:\windows\system32\concrt140.dll
2016-03-17 20:54 . 2016-03-17 20:54 215872 ----a-w- c:\windows\system32\vcomp140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 185144 ----a-w- c:\windows\system32\vcomp140.dll
2016-03-17 20:54 . 2016-03-17 20:54 1376576 ----a-w- c:\windows\system32\vcamp140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 136000 ----a-w- c:\windows\system32\mfcm140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 135504 ----a-w- c:\windows\system32\vcruntime140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 134976 ----a-w- c:\windows\system32\mfcm140ud.dll
2016-03-17 20:54 . 2016-03-17 20:54 10961728 ----a-w- c:\windows\system32\mfc140ud.dll
2016-03-17 20:54 . 2016-03-17 20:54 10890040 ----a-w- c:\windows\system32\mfc140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 105792 ----a-w- c:\windows\system32\mfcm140u.dll
2016-03-17 20:54 . 2016-03-17 20:54 105784 ----a-w- c:\windows\system32\mfcm140.dll
2016-03-17 20:54 . 2016-03-17 20:54 1022280 ----a-w- c:\windows\system32\vccorlib140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 1004864 ----a-w- c:\windows\system32\msvcp140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 95040 ----a-w- c:\windows\SysWow64\mfcm140u.dll
2016-03-17 20:48 . 2016-03-17 20:48 95032 ----a-w- c:\windows\SysWow64\mfcm140.dll
2016-03-17 20:48 . 2016-03-17 20:48 85840 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2016-03-17 20:48 . 2016-03-17 20:48 8309048 ----a-w- c:\windows\SysWow64\mfc140ud.dll
2016-03-17 20:48 . 2016-03-17 20:48 8237880 ----a-w- c:\windows\SysWow64\mfc140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 779600 ----a-w- c:\windows\SysWow64\vccorlib140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 75584 ----a-w- c:\windows\SysWow64\mfc140fra.dll
2016-03-17 20:48 . 2016-03-17 20:48 75584 ----a-w- c:\windows\SysWow64\mfc140deu.dll
2016-03-17 20:48 . 2016-03-17 20:48 752448 ----a-w- c:\windows\SysWow64\msvcp140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 74560 ----a-w- c:\windows\SysWow64\mfc140esn.dll
2016-03-17 20:48 . 2016-03-17 20:48 73536 ----a-w- c:\windows\SysWow64\mfc140ita.dll
2016-03-17 20:48 . 2016-03-17 20:48 71488 ----a-w- c:\windows\SysWow64\mfc140rus.dll
2016-03-17 20:48 . 2016-03-17 20:48 65856 ----a-w- c:\windows\SysWow64\mfc140enu.dll
2016-03-17 20:48 . 2016-03-17 20:48 592712 ----a-w- c:\windows\SysWow64\concrt140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 55104 ----a-w- c:\windows\SysWow64\mfc140jpn.dll
2016-03-17 20:48 . 2016-03-17 20:48 54080 ----a-w- c:\windows\SysWow64\mfc140kor.dll
2016-03-17 20:48 . 2016-03-17 20:48 46912 ----a-w- c:\windows\SysWow64\mfc140cht.dll
2016-03-17 20:48 . 2016-03-17 20:48 46912 ----a-w- c:\windows\SysWow64\mfc140chs.dll
2016-03-17 20:48 . 2016-03-17 20:48 4437304 ----a-w- c:\windows\SysWow64\mfc140u.dll
2016-03-17 20:48 . 2016-03-17 20:48 443712 ----a-w- c:\windows\SysWow64\msvcp140.dll
2016-03-17 20:48 . 2016-03-17 20:48 4372784 ----a-w- c:\windows\SysWow64\mfc140.dll
2016-03-17 20:48 . 2016-03-17 20:48 400704 ----a-w- c:\windows\SysWow64\vcamp140.dll
2016-03-17 20:48 . 2016-03-17 20:48 271176 ----a-w- c:\windows\SysWow64\vccorlib140.dll
2016-03-17 20:48 . 2016-03-17 20:48 244544 ----a-w- c:\windows\SysWow64\concrt140.dll
2016-03-17 20:48 . 2016-03-17 20:48 188224 ----a-w- c:\windows\SysWow64\vcomp140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 163128 ----a-w- c:\windows\SysWow64\vcomp140.dll
2016-03-17 20:48 . 2016-03-17 20:48 121152 ----a-w- c:\windows\SysWow64\mfcm140ud.dll
2016-03-17 20:48 . 2016-03-17 20:48 121152 ----a-w- c:\windows\SysWow64\mfcm140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 115024 ----a-w- c:\windows\SysWow64\vcruntime140d.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-25 19:13 1587912 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-25 19:13 1587912 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-25 19:13 1587912 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-25 19:13 1587912 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-25 19:13 1587912 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-05-17 23496872]
"f.lux"="c:\users\Raubiri\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"Spotify Web Helper"="c:\users\Raubiri\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2016-04-29 1525360]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-06-09 2917456]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 18\Program32\ZPSTRAY.EXE" [2016-03-24 680528]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-06-01 8722136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeathTaker"="c:\program files (x86)\Genius\DeathTaker\mousehid.exe" [2013-04-03 303616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-05-20 596504]
.
c:\users\Raubiri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Poslat do aplikace OneNote.lnk - c:\program files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2016-4-19 169160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-6-21 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_conn_usb_driver;SAMSUNG Mobile USB Connectivity Device Driver;c:\windows\system32\Drivers\ss_conn_usb_driver.sys;c:\windows\SYSNATIVE\Drivers\ss_conn_usb_driver.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/06/22 11:46];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k60x64.sys [x]
S3 KbFilter_Kb_FlexDef3x;HID Keyboard(FlexDef3x) Driver Service;c:\windows\system32\DRIVERS\KbFilter_FlexDef3x.sys;c:\windows\SYSNATIVE\DRIVERS\KbFilter_FlexDef3x.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-09 11:52 1245848 ----a-w- c:\program files (x86)\Google\Chrome\Application\51.0.2704.84\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-05-03 14:41 287416 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-21 17:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-05-17 11:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-05-17 11:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-05-17 11:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-25 19:13 1641672 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-25 19:13 1641672 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-25 19:13 1641672 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-25 19:13 1641672 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-25 19:13 1641672 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-05-26 09:13 2099496 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-05-26 09:13 2099496 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-05-26 09:13 2099496 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 1340192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-06-01 176952]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.alawarhry.cz/?pid=16609
mLocal Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
FF - ProfilePath - c:\users\Raubiri\AppData\Roaming\Mozilla\Firefox\Profiles\ul7ft6u8.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
AddRemove-UnityWebPlayer - c:\users\Raubiri\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2593731983-1712290180-166656690-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,32,6b,ec,73,73,88,6c,51,bd,34,70,4f,6b,cb,a0,71,e6,2e,96,01,
32,79,7f,fd,f1,49,e2,63,a0,66,d7,92,eb,8a,3e,48,6c,a9,8b,5f,d1,2a,7e,95,88,\
"rkeysecu"=hex:f8,2e,ea,11,38,db,d8,a2,af,36,cc,fc,43,db,fc,4a
.
[HKEY_USERS\S-1-5-21-2593731983-1712290180-166656690-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="3"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe
c:\program files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Celkový čas: 2016-06-13 15:56:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-06-13 13:56
.
Před spuštěním: Volných bajtů: 30 257 782 784
Po spuštění: Volných bajtů: 30 169 300 992
.
- - End Of File - - 2731047DCEA33F88E5511E3BDB95F207
A36C5E4F47E84449FF07ED3517B43A31

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"=-
"Steam"=-
"Zoner Photo Studio Autoupdate"=-
"CCleaner Monitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Regnull::
[HKEY_USERS\S-1-5-21-2593731983-1712290180-166656690-1000\Software\SecuROM\License information*]
[HKEY_USERS\S-1-5-21-2593731983-1712290180-166656690-1000\Control Panel\Desktop*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 16-06-01.01 - Raubiri 14.06.2016 14:35:45.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3799.2396 [GMT 2:00]
Spuštěný z: c:\users\Raubiri\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Raubiri\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\_ctypes.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\_elementtree.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\_hashlib.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\_multiprocessing.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\_psutil_windows.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\_socket.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\_ssl.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\_yappi.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\common.time34.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\hashobjs_ext.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\pyexpat.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\pysqlite2._sqlite.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\python27.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\pythoncom27.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\PyWinTypes27.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\select.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\thumbnails_ext.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\unicodedata.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\usb_ext.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32api.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32com.shell.shell.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32crypt.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32event.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32file.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32gui.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32inet.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32pdh.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32pipe.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32process.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32profile.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32security.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\win32ts.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\windows._lib_cacheinvalidation.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wx._animate.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wx._controls_.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wx._core_.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wx._gdi_.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wx._html2.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wx._misc_.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wx._windows_.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wx._wizard.pyd
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wxbase30u_net_vc90.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wxbase30u_vc90.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wxmsw30u_adv_vc90.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wxmsw30u_core_vc90.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wxmsw30u_html_vc90.dll
c:\users\Raubiri\AppData\Local\Temp\_MEI26962\wxmsw30u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-05-14 do 2016-06-14 )))))))))))))))))))))))))))))))
.
.
2016-06-14 12:50 . 2016-06-14 12:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-06-12 20:02 . 2016-06-13 18:02 -------- d-----w- c:\users\Raubiri\AppData\Roaming\vlc
2016-06-12 19:47 . 2016-06-12 19:47 -------- d-----w- c:\program files (x86)\VideoLAN
2016-06-12 19:44 . 2016-06-12 20:01 -------- d-----w- c:\users\Raubiri\AppData\Roaming\livestreamer
2016-06-12 19:44 . 2016-06-12 20:01 -------- d-----w- c:\program files (x86)\Livestreamer
2016-06-12 09:18 . 2016-06-12 09:27 -------- d-----w- C:\xampp
2016-06-09 14:16 . 2016-04-23 05:00 417792 ----a-w- c:\windows\system32\html.iec
2016-06-09 14:14 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-06-09 14:14 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-06-09 12:35 . 2016-06-09 12:36 -------- d-----w- c:\program files (x86)\AirDroid
2016-06-08 17:15 . 2016-06-08 17:15 -------- d-----w- c:\users\Raubiri\AppData\Roaming\Brackets
2016-06-08 17:12 . 2016-06-08 17:12 -------- d-----w- c:\program files (x86)\Brackets
2016-06-08 16:47 . 2016-06-12 19:19 -------- d-----w- c:\windows\Ubisoft
2016-06-08 16:42 . 2016-06-10 16:59 -------- d-----w- c:\program files (x86)\Ubi Soft
2016-06-08 16:34 . 2016-06-08 16:34 -------- d-----w- c:\program files (x86)\iTunes
2016-06-08 16:34 . 2016-06-08 16:34 -------- d-----w- c:\program files\iPod
2016-06-08 11:52 . 2016-06-08 11:52 -------- d-----w- C:\_OTL
2016-06-07 12:18 . 2016-06-07 12:18 512 ----a-w- C:\PhysicalMBR.bin
2016-06-06 14:45 . 2016-06-06 14:46 -------- d-----w- c:\program files (x86)\WinSCP
2016-06-05 18:28 . 2016-06-05 18:28 -------- d-----w- c:\users\Raubiri\AppData\Local\Secunia PSI
2016-06-05 18:28 . 2016-06-06 12:23 -------- d-----w- c:\program files (x86)\Secunia
2016-06-04 08:46 . 2016-06-04 08:46 -------- d-----w- c:\program files (x86)\HD Tune
2016-06-02 12:05 . 2016-06-02 12:21 -------- d-----w- c:\program files\Defraggler
2016-06-02 12:04 . 2016-06-02 12:04 -------- d-----w- c:\program files\CCleaner
2016-06-01 15:18 . 2016-06-01 15:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-06-01 15:16 . 2016-06-01 15:16 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-06-01 15:15 . 2016-06-01 15:15 -------- d-----w- c:\program files\Java
2016-05-31 15:52 . 2016-05-31 15:52 -------- d-----w- c:\program files (x86)\Phenomedia AG
2016-05-31 15:46 . 2016-05-31 15:46 -------- d-----w- C:\Phenomedia AG
2016-05-31 15:45 . 2001-09-05 03:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2016-05-31 15:44 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2016-05-31 15:44 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2016-05-31 15:44 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2016-05-31 15:44 . 2001-09-05 03:24 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2016-05-28 18:23 . 2016-06-12 12:29 -------- d-----w- c:\program files (x86)\TeamViewer
2016-05-28 17:42 . 2016-05-28 17:42 -------- d-----w- c:\program files\trend micro
2016-05-28 14:15 . 2016-05-28 14:15 -------- d-----r- c:\program files (x86)\Skype
2016-05-28 14:15 . 2016-05-28 14:15 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-05-28 08:32 . 2016-05-26 00:13 6186272 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
2016-05-28 08:31 . 2016-05-25 23:08 1776336 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll
2016-05-27 16:25 . 2016-05-27 16:25 -------- d-----w- c:\program files (x86)\WinDirStat
2016-05-25 01:29 . 2016-05-25 01:29 363056 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-05-25 01:29 . 2016-05-25 01:29 200240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-05-25 01:29 . 2016-05-25 01:29 15920 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-09 21:27 . 2013-03-05 10:44 139319312 ----a-w- c:\windows\system32\MRT.exe
2016-06-01 14:48 . 2015-11-06 17:59 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-26 20:28 . 2016-06-14 12:14 11895896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50FB9529-6B6D-4EF3-9FF6-17651F14403D}\mpengine.dll
2016-05-26 20:28 . 2016-06-13 17:30 11895896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-05-26 08:08 . 2016-04-19 16:44 2700064 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-05-12 17:16 . 2013-06-21 17:44 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-12 17:16 . 2013-06-21 17:44 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-09 10:10 . 2016-05-24 15:20 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4EB71A07-6665-46FA-90D2-DDC9317ABF4D}\gapaengine.dll
2016-05-09 10:10 . 2016-05-03 08:06 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-05-04 08:38 . 2016-05-04 08:37 40960 ----a-r- c:\users\Raubiri\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2016-05-04 08:38 . 2016-05-04 08:37 40960 ----a-r- c:\users\Raubiri\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2016-04-27 17:17 . 2015-11-06 17:58 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-22 07:57 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-14 15:17 . 2016-04-29 10:22 66752 ----a-w- c:\windows\system32\drivers\vmx86.sys
2016-04-14 15:17 . 2016-04-29 10:21 934080 ----a-w- c:\windows\system32\vnetlib64.dll
2016-04-14 15:17 . 2016-04-29 10:22 392896 ----a-w- c:\windows\SysWow64\vmnat.exe
2016-04-14 15:17 . 2016-04-29 10:22 358080 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2016-04-14 14:53 . 2016-04-29 10:22 26816 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2016-04-14 14:53 . 2016-04-14 14:53 49856 ----a-w- c:\windows\system32\vnetinst.dll
2016-04-14 14:53 . 2016-04-14 14:53 81088 ----a-w- c:\windows\system32\vmnetbridge.dll
2016-04-14 14:53 . 2016-04-14 14:53 48832 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2016-04-14 14:53 . 2016-04-14 14:53 28864 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2016-04-14 14:53 . 2016-04-14 14:53 27328 ----a-w- c:\windows\system32\drivers\vmnet.sys
2016-04-09 06:58 . 2016-06-09 14:16 344064 ----a-w- c:\windows\system32\schannel.dll
2016-04-09 06:58 . 2016-06-09 14:16 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-04-09 06:54 . 2016-06-09 14:16 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-04-09 06:54 . 2016-06-09 14:16 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-04-09 06:54 . 2016-06-09 14:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-06 15:33 . 2015-10-10 13:27 413504 ----a-w- c:\programdata\Microsoft\Blend\14.0\1033\ResourceCache.dll
2016-04-04 18:14 . 2016-04-13 12:50 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-13 12:50 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-13 12:50 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-03-24 17:21 . 2016-03-24 17:21 21572120 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2016-03-23 14:02 . 2016-04-13 12:50 215040 ----a-w- c:\windows\system32\aepic.dll
2016-03-22 21:22 . 2016-03-22 21:22 222888 ----a-w- c:\windows\SysWow64\VSPerf140.dll
2016-03-22 21:22 . 2016-03-22 21:22 1823936 ----a-w- c:\windows\SysWow64\VsGraphicsHelper.dll
2016-03-22 20:22 . 2016-03-22 20:22 274600 ----a-w- c:\windows\system32\VSPerf140.dll
2016-03-22 14:20 . 2016-03-22 14:20 34720 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2016-03-19 10:25 . 2015-10-03 18:00 66719 ----a-w- c:\users\Raubiri\Network_Meter_Data.js
2016-03-17 22:56 . 2016-04-13 12:50 2084864 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-13 12:50 1414144 ----a-w- c:\windows\SysWow64\ole32.dll
2016-03-17 20:54 . 2016-03-17 20:54 89416 ----a-w- c:\windows\system32\vcruntime140.dll
2016-03-17 20:54 . 2016-03-17 20:54 783176 ----a-w- c:\windows\system32\concrt140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 76096 ----a-w- c:\windows\system32\mfc140fra.dll
2016-03-17 20:54 . 2016-03-17 20:54 76096 ----a-w- c:\windows\system32\mfc140deu.dll
2016-03-17 20:54 . 2016-03-17 20:54 75072 ----a-w- c:\windows\system32\mfc140esn.dll
2016-03-17 20:54 . 2016-03-17 20:54 74048 ----a-w- c:\windows\system32\mfc140ita.dll
2016-03-17 20:54 . 2016-03-17 20:54 72000 ----a-w- c:\windows\system32\mfc140rus.dll
2016-03-17 20:54 . 2016-03-17 20:54 66368 ----a-w- c:\windows\system32\mfc140enu.dll
2016-03-17 20:54 . 2016-03-17 20:54 639808 ----a-w- c:\windows\system32\msvcp140.dll
2016-03-17 20:54 . 2016-03-17 20:54 5645112 ----a-w- c:\windows\system32\mfc140u.dll
2016-03-17 20:54 . 2016-03-17 20:54 5616944 ----a-w- c:\windows\system32\mfc140.dll
2016-03-17 20:54 . 2016-03-17 20:54 55616 ----a-w- c:\windows\system32\mfc140jpn.dll
2016-03-17 20:54 . 2016-03-17 20:54 54592 ----a-w- c:\windows\system32\mfc140kor.dll
2016-03-17 20:54 . 2016-03-17 20:54 545600 ----a-w- c:\windows\system32\vcamp140.dll
2016-03-17 20:54 . 2016-03-17 20:54 47424 ----a-w- c:\windows\system32\mfc140cht.dll
2016-03-17 20:54 . 2016-03-17 20:54 47424 ----a-w- c:\windows\system32\mfc140chs.dll
2016-03-17 20:54 . 2016-03-17 20:54 394568 ----a-w- c:\windows\system32\vccorlib140.dll
2016-03-17 20:54 . 2016-03-17 20:54 334656 ----a-w- c:\windows\system32\concrt140.dll
2016-03-17 20:54 . 2016-03-17 20:54 215872 ----a-w- c:\windows\system32\vcomp140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 185144 ----a-w- c:\windows\system32\vcomp140.dll
2016-03-17 20:54 . 2016-03-17 20:54 1376576 ----a-w- c:\windows\system32\vcamp140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 136000 ----a-w- c:\windows\system32\mfcm140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 135504 ----a-w- c:\windows\system32\vcruntime140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 134976 ----a-w- c:\windows\system32\mfcm140ud.dll
2016-03-17 20:54 . 2016-03-17 20:54 10961728 ----a-w- c:\windows\system32\mfc140ud.dll
2016-03-17 20:54 . 2016-03-17 20:54 10890040 ----a-w- c:\windows\system32\mfc140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 105792 ----a-w- c:\windows\system32\mfcm140u.dll
2016-03-17 20:54 . 2016-03-17 20:54 105784 ----a-w- c:\windows\system32\mfcm140.dll
2016-03-17 20:54 . 2016-03-17 20:54 1022280 ----a-w- c:\windows\system32\vccorlib140d.dll
2016-03-17 20:54 . 2016-03-17 20:54 1004864 ----a-w- c:\windows\system32\msvcp140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 95040 ----a-w- c:\windows\SysWow64\mfcm140u.dll
2016-03-17 20:48 . 2016-03-17 20:48 95032 ----a-w- c:\windows\SysWow64\mfcm140.dll
2016-03-17 20:48 . 2016-03-17 20:48 85840 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2016-03-17 20:48 . 2016-03-17 20:48 8309048 ----a-w- c:\windows\SysWow64\mfc140ud.dll
2016-03-17 20:48 . 2016-03-17 20:48 8237880 ----a-w- c:\windows\SysWow64\mfc140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 779600 ----a-w- c:\windows\SysWow64\vccorlib140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 75584 ----a-w- c:\windows\SysWow64\mfc140fra.dll
2016-03-17 20:48 . 2016-03-17 20:48 75584 ----a-w- c:\windows\SysWow64\mfc140deu.dll
2016-03-17 20:48 . 2016-03-17 20:48 752448 ----a-w- c:\windows\SysWow64\msvcp140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 74560 ----a-w- c:\windows\SysWow64\mfc140esn.dll
2016-03-17 20:48 . 2016-03-17 20:48 73536 ----a-w- c:\windows\SysWow64\mfc140ita.dll
2016-03-17 20:48 . 2016-03-17 20:48 71488 ----a-w- c:\windows\SysWow64\mfc140rus.dll
2016-03-17 20:48 . 2016-03-17 20:48 65856 ----a-w- c:\windows\SysWow64\mfc140enu.dll
2016-03-17 20:48 . 2016-03-17 20:48 592712 ----a-w- c:\windows\SysWow64\concrt140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 55104 ----a-w- c:\windows\SysWow64\mfc140jpn.dll
2016-03-17 20:48 . 2016-03-17 20:48 54080 ----a-w- c:\windows\SysWow64\mfc140kor.dll
2016-03-17 20:48 . 2016-03-17 20:48 46912 ----a-w- c:\windows\SysWow64\mfc140cht.dll
2016-03-17 20:48 . 2016-03-17 20:48 46912 ----a-w- c:\windows\SysWow64\mfc140chs.dll
2016-03-17 20:48 . 2016-03-17 20:48 4437304 ----a-w- c:\windows\SysWow64\mfc140u.dll
2016-03-17 20:48 . 2016-03-17 20:48 443712 ----a-w- c:\windows\SysWow64\msvcp140.dll
2016-03-17 20:48 . 2016-03-17 20:48 4372784 ----a-w- c:\windows\SysWow64\mfc140.dll
2016-03-17 20:48 . 2016-03-17 20:48 400704 ----a-w- c:\windows\SysWow64\vcamp140.dll
2016-03-17 20:48 . 2016-03-17 20:48 271176 ----a-w- c:\windows\SysWow64\vccorlib140.dll
2016-03-17 20:48 . 2016-03-17 20:48 244544 ----a-w- c:\windows\SysWow64\concrt140.dll
2016-03-17 20:48 . 2016-03-17 20:48 188224 ----a-w- c:\windows\SysWow64\vcomp140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 163128 ----a-w- c:\windows\SysWow64\vcomp140.dll
2016-03-17 20:48 . 2016-03-17 20:48 121152 ----a-w- c:\windows\SysWow64\mfcm140ud.dll
2016-03-17 20:48 . 2016-03-17 20:48 121152 ----a-w- c:\windows\SysWow64\mfcm140d.dll
2016-03-17 20:48 . 2016-03-17 20:48 115024 ----a-w- c:\windows\SysWow64\vcruntime140d.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-25 19:13 1587912 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-25 19:13 1587912 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-25 19:13 1587912 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-25 19:13 1587912 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-25 19:13 1587912 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-05-17 23496872]
"f.lux"="c:\users\Raubiri\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeathTaker"="c:\program files (x86)\Genius\DeathTaker\mousehid.exe" [2013-04-03 303616]
.
c:\users\Raubiri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Poslat do aplikace OneNote.lnk - c:\program files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2016-4-19 169160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-6-21 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_conn_usb_driver;SAMSUNG Mobile USB Connectivity Device Driver;c:\windows\system32\Drivers\ss_conn_usb_driver.sys;c:\windows\SYSNATIVE\Drivers\ss_conn_usb_driver.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/06/22 11:46];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k60x64.sys [x]
S3 KbFilter_Kb_FlexDef3x;HID Keyboard(FlexDef3x) Driver Service;c:\windows\system32\DRIVERS\KbFilter_FlexDef3x.sys;c:\windows\SYSNATIVE\DRIVERS\KbFilter_FlexDef3x.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-09 11:52 1245848 ----a-w- c:\program files (x86)\Google\Chrome\Application\51.0.2704.84\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-05-03 14:41 287416 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-21 17:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-05-17 11:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-05-17 11:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-05-17 11:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-25 19:13 1641672 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-25 19:13 1641672 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-25 19:13 1641672 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-25 19:13 1641672 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-25 19:13 1641672 ----a-w- c:\users\Raubiri\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-05-26 09:13 2099496 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-05-26 09:13 2099496 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-05-26 09:13 2099496 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 1340192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-06-01 176952]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.alawarhry.cz/?pid=16609
mLocal Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
FF - ProfilePath - c:\users\Raubiri\AppData\Roaming\Mozilla\Firefox\Profiles\ul7ft6u8.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2593731983-1712290180-166656690-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="3"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
c:\program files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe
c:\program files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Celkový čas: 2016-06-14 15:02:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-06-14 13:02
ComboFix2.txt 2016-06-13 13:56
.
Před spuštěním: Volných bajtů: 29 550 632 960
Po spuštění: Volných bajtů: 29 488 422 912
.
- - End Of File - - 9F682512F84A404386260E04F5002C7D
A36C5E4F47E84449FF07ED3517B43A31

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Nastala nejaka zmena?

Defragmentace proběhla v pořádku bez BSOD. Ale stále se mi automaticky minimalizují okna.

Delfix:

# DelFix v1.013 - Logfile created 14/06/2016 at 22:00:08
# Updated 17/04/2016 by Xplode
# Username : Raubiri - PC-KLUCI
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Raubiri\Desktop\Extras.Txt
Deleted : C:\Users\Raubiri\Desktop\OTL.Txt
Deleted : C:\Users\Raubiri\Desktop\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\Swearware

########## - EOF - ##########

Havet tam nikde nevidim, takze problem musi byt jinde.

Jak casto se to deje? Minimalizuji se vsechna okna, nebo jen urcita? Vyzkousejte, jestli se to deje i v nouzovem rezimu.

VIRY.CZ

Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka