VIRY.CZ

Zdravím,

prosím moc o kontrolu, za poslední 2 dny se mi povedlo tam natahat nějaké ťamany, nechápu jak...

děkuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by Zdeněk at 2015-06-23 20:43:05
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 100 GB (40%) free of 252 GB
Total RAM: 8191 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:43:10, on 23.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Rising\App.exe
C:\Program Files (x86)\Rising\RSD\popwndexe.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
C:\Program Files (x86)\MiuiTab\cmdshell.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\qmdl.exe
C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
C:\Program Files (x86)\MiuiTab\HPNotify.exe
C:\Program Files\trend micro\Zdeněk.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... J90S205295
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... J90S205295
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... J90S205295
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... J90S205295
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... M%3DIESR02
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: BDHOOK - {15DEE173-1BE9-4424-81E0-58A87076E9B1} - C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\websafe\WebMonBHO.dll
O2 - BHO: LuckyTab Class - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - C:\Program Files (x86)\MiuiTab\SupTab.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [App] C:\Program Files (x86)\Rising\App.exe
O4 - HKLM\..\Run: [RSDTRAY] "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
O4 - HKLM\..\Run: [baidusdTray] "C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe" -stmd=3
O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTRAY.EXE" /regrun /qqrepair
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{01919392-71EE-4495-9FEE-D3BA839FCCED}: NameServer = 217.77.165.81 217.77.161.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E2608BF-D6A0-4680-BFC0-6AD30A8BC216}: NameServer = 217.77.165.81 217.77.161.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{01919392-71EE-4495-9FEE-D3BA839FCCED}: NameServer = 217.77.165.81 217.77.161.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{01919392-71EE-4495-9FEE-D3BA839FCCED}: NameServer = 217.77.165.81 217.77.161.131
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BaiduHips - ????????(??)???? - C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
O23 - Service: BDKVRTP Service (BDKVRTP) - ????????(??)???? - C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IHProtect Service - XTab system - C:\Program Files (x86)\MiuiTab\ProtectService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QQPCMgr RTP Service (QQPCRTP) - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
O23 - Service: Rav Service (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RAV\ravmond.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TAOFrame - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TAOFrame.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - DTools LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13014 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe"
"C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe" -r
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCRtp.exe" -r
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
"C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe"
"C:\Program Files (x86)\Rising\RAV\ravmond.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
"C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe"
C:\Windows\system32\nvvsvc.exe -session -first
WLIDSvcM.exe 3368
"taskhost.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 08b56eb7-25ca-4b87-b34b-bf5da80a7b20 1
\??\C:\Windows\system32\conhost.exe "117876425714365875562327904583327844121684617097-138957545410809510621265339646
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-1353051897535979516-541635934-1299829330-2031919157-19417989971174557487-68574736
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a9b02003-e324-4b4e-9757-d5c4eff99e3a -SystemEventPortName:HostProcess-3889870a-716f-4562-93a2-eca0215790b5 -IoCancelEventPortName:HostProcess-8fc3d491-3ea2-401a-98be-c894ddf688e9 -NonStateChangingEventPortName:HostProcess-6e19ae2d-1401-4173-915b-dceb411eefff -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:cef60527-245e-4bc7-98a1-3991ebb43de1 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe" -stmd=5
"C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUProxy64.exe"
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTray.exe" /elevated /regrun
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Rising\App.exe"
"C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "http://www.mystartsearch.com/?type=hp&t ... J90S205295"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3164.2186adf0.248970869 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3164 "\\.\pipe\gecko-crash-server-pipe.3164" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe" --proxy-stub-channel=Flash6896.63ECAF38.4968 --host-broker-channel=Flash6896.63ECAF38.22384 --host-pid=6896 --host-npapi-version=28 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe" --channel=3688.003DF41C.341561126 --proxy-stub-channel=Flash6896.63ECAF38.4968 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll" --host-npapi-version=28 --type=renderer
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service
"C:\Program Files (x86)\MiuiTab\ProtectService.exe"
"C:\Program Files (x86)\MiuiTab\cmdshell.exe"
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\qmdl.exe"
"C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" -Embedding
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
HPNotify.exe -run
taskeng.exe {EDF53CDA-6C36-4557-AC81-558C2ABFD0C7}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Zdeněk\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\CAKDCHWC.job - C:\Users\Zden�k\AppData\Roaming\CAKDCHWC.exe /infocmdline=XcBPR+taXqH7Cn5AL6teOKWf/KFyfw0HYJei724GkcO/0Ty7WJR/72Gef5yduXpsHAq5C/g9BukUaZJ1WymsbEoDAntscqd/I85YR8JLR+D0Brm+0xnOcQCNHWop5YvjSJ08K3iiQTSbJv6f/7FVDbTqUlO6pdKNpN7l25bHlt1aqzlg+yj9wXyY8B0vUezx/gZfg2ymbv3jzONo1GhhWhXmBdhO/dIiLtIJqXfioV6qjS7R7xZHmma7S22dkCASGlfVrqS6D1/3v+lUE4bmNTY1IhalQXqssJQndE8WW2xSSSz/P/TuKmDpYGY84OXmZu6jcCo58HIYSZTLVpxJpb6qpfW2jLmML526YkqNsIRAHVppCCyEu5KZDUiyiEInDAnjSd/oZFOL7nkhS7u1eHcgdOA2Suqo6CcPd8xzirRjaV7tZZLxkVJtfn7cA97Hz2S/0+s5cxhTXm62a1gJ4j1guvcgmtFt7y+SVhy4rJkWLQ8ApaihaDZiyBVXx/tUsZkLutK+wRg09MBTdV6esMVJAnVrHQ18v7KwLAnjHLQ6qygpZwcc4FRKmt288xLM80NNLghoNjL7A5LleUPNwEK91s0rHvKmd83SdnKb64/+DklNpVBvfiP1S7ufH9ZR3T06y0c1dfgiSyZsKto8dEXbr5D/fQu+D2xz3adWKyg=
C:\Windows\tasks\GIIGFOH.job - C:\Users\Zden�k\AppData\Roaming\GIIGFOH.exe /infocmdline=UaX4rbyvqDaq7eJ6oVr5q3koSas41GX5ftm8yXsUKkFJf7aNo81IneWba2bDLbTBFc1ZgttON0AaLMmLHhBLgHLfBOetANIf/KJqWbuXP1XlalxZKwRMJI7cJQelodjCJZOPynP28TYaw40XPX3gqtMnvKxfx0PRrCw7mfdriQKi/6WnA0CNBX1ybWo5L+jrbQP2dDznObHix2HUrovt0ZQZzM/f2DBt8unw1auayiqQ1PVlg8KgnsAs63EbnPfOGr+lPmg5seqr+Adutn+PDi0j01s5npeMmp7Ggp3dwVksKj9Ra+JGdqwgikN2UAECRrGvt7bBpray9ZJixJ49Y5ANilnyxM9FnLcBCFehYYi07n0QJ74QxfSR5RznO3jER9YeVZTj5YvitTePztFhkWqMpZSbU3v6OA9/b+Dr5jv7QhmNwYeNOS3EwiGYqnGWlKCT88B9XmKJp4VJVdmzI3QwN6NNsYz1FdaLWx2+LAreZGXLKUGuXKLg5WS6BbOpqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=
C:\Windows\tasks\JDDB.job - C:\Users\Zden�k\AppData\Roaming\JDDB.exe /infocmdline=k/+vBzteeJAJciUoSDdns9AJfEQ0JuMM0TDMNnhpZvuRRGdUGWg1BipUFUojGALhXxuMQF+55jGpolydh3npgnvGeYq7pHFexdeoGmXQ6LH2BrbH4Ou0s4z7fG3IF8lbc2KMwr3nnnZ3fS80p8OoWlv8PzNDIUQe+zjCi+uR6os/m18ZQtDr/USOPHJiRvKdmDwqWjWa69iVcRJvrFY0JtV591MeBD0LSwIBFFHYqoUjbNYbKx8lSyfGwsFuXaSur2WkSW3pn9gIBf/vGBir/VVzrifZIJBX9Q5J5EpfERzo4zZBoii18vcM9245OrjhFm+munCxo7VPhb+2ztqYeX/xv1BDxR9oTTu8rmPLghJIAGTQXw+WdKM3J1JEAt+4TuiX78k2qV40UGcgWwm6EYyJksazLfMbIN/OaTJGQTgH4i0hQOtgV1tPbwZt6+D1cmn6IGYoJL3Q8awGYGprIpG5rgJ2OKJy5yCyh67fjmqsTLyAME2qCulpnSqX8Koz
C:\Windows\tasks\LDJTXVOV.job - C:\Users\Zden�k\AppData\Roaming\LDJTXVOV.exe /infocmdline=NghHkbnQfvM85Q1Ued7AS9NIMVyOAlGmNGXL/+pUkg9pnqvQaCxZ5ViL5b3/4p6C9nVU1i2fhHHNq17JbW5Uesg/C2ZF6fx7w038j7NErseyr34R1iRjSHqXPaRyu1HG7avF4Gw3V6j1tm+0X2KWdaRJjTnI3EHfgdFnqw6FrpNaqzlg+yj9wXyY8B0vUezx/gZfg2ymbv3jzONo1GhhWhXmBdhO/dIiLtIJqXfioV6qjS7R7xZHmma7S22dkCASGlfVrqS6D1/3v+lUE4bmNTY1IhalQXqssJQndE8WW2xSSSz/P/TuKmDpYGY84OXmZu6jcCo58HIYSZTLVpxJpZugVAlqDvbArsRNWmZuE+hOhqqURrKG2b1/Z3zluLXbYlrp9DGBMO1jhuJhTJjyRE3AudxsncBWERFikQgw51QqzlYEpS/RBA0FPDyYgZBBbN2QF6FtYq3urMv1+9w2lAogMlvalf897MvBh5EnTepIjIDfDo9+OflaM6H+REFNsZkLutK+wRg09MBTdV6esMVJAnVrHQ18v7KwLAnjHLQ6qygpZwcc4FRKmt288xLM80NNLghoNjL7A5LleUPNwEK91s0rHvKmd83SdnKb64/+DklNpVBvfiP1S7ufH9ZR3T06y0c1dfgiSyZsKto8dEXbr5D/fQu+D2xz3adWKyg=
C:\Windows\tasks\PUOOP.job - C:\Users\Zden�k\AppData\Roaming\PUOOP.exe /infocmdline=LluwhYpYcjU4BRKdzR8ZLJrzU2lZ0HJ5gqARrkZ5qMASJdm4SlGm02V0uf/MJuur8/lUnErV5n3+k5qy554fSeK+w8J+AAMiWM0eHza8Ztgr9nJVuJFzQmgg6+bCx0l/pLhcyv7lrduj96S2ju0JFU6GLL0TrulZjknaHByYDyqJKY+seMMK7k6y5v8f9MVwiImFOd9pGzarR2YUiMd2sLwB5epsM9LbdiCtdZzIiKn9uyHNUQ2Gma1NNshLDCn88CrOZI9A6JFRThyI/2bgYxAEAlJk1CxQAKIPFV8WTiizpNnOzN9SC6oEUqN4tEJKaX/Kwf69xLkqpNHwu+OxHQfCir5N2ZCH8CviLeq7a/KDy0PxiXuFsnsW+wRmRXBNyHIo9ON9fVrG7f/Td4xvOeSj1D9G7cnueYl5i/bVmp8owK9Jl1Eh4RdbU543Wg+oF4+Z2bTluoAIGn16d+hG8xAStSu5zI1fViDRUDUStOxBve4O9Dse+OC2hwwoPOMp
C:\Windows\tasks\YQFS.job - C:\Users\Zden�k\AppData\Roaming\YQFS.exe /infocmdline=fCf5mD0l4dF3XGP+4YJZ8LH4lVSfh6qo0EBeWWohiq0n6/N8QfYqDZQCXuvxzMhTBtZGsq5ghiuKksWd+EepBWOcPxLXcnqUcVtyKJd535rU4Msu/69dQTrUwySG6i0f00gLBiA2KZ+OBXbLPIN9A1awaO3pzSg3TE+lHjiniX4/m18ZQtDr/USOPHJiRvKdmDwqWjWa69iVcRJvrFY0JtV591MeBD0LSwIBFFHYqoUjbNYbKx8lSyfGwsFuXaSur2WkSW3pn9gIBf/vGBir/VVzrifZIJBX9Q5J5EpfERzo4zZBoii18vcM9245OrjhFm+munCxo7VPhb+2ztqYeWVrbaNxXdsvClSARt19pVnZ9iuqTBYiSGqll4ZMNl8EOHOZkDxetzNgl3F/lhNLNHvB7CLWnH0i2tj0TgEOMXV5eWn/dA2I5q8lx5z9i5JnbXDkksJvNOLpUcYysL+T4ZZrkWzU4qDoSKXUskA1nH3U4tktyMYfvKwpxg2JwTW7

=========Mozilla firefox=========

ProfilePath - C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default

prefs.js - "browser.startup.homepage" - "http://www.mystartsearch.com/?type=hp&t ... J90S205295"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.194 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Description"=Baidusd detect NPAPI plugin
"Path"=C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr]
"Description"=QQPCMgr Detector
"Path"=C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\npQMExtensionsMozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@rising.com.cn/nprising]
"Description"=
"Path"=C:\Program Files (x86)\Rising\RAV\nprising.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.194 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
电脑管家网页防火墙 - C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TSWebMon64.dat [2015-06-22 414560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
WebMonBHO - C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\websafe\WebMonBHO.dll [2015-04-08 375176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
LuckyTab Class - C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-16 544952]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-25 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2000-01-01 7541976]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]
"baidusdTray"=C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe [2015-04-08 2474952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [2011-07-14 279552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-04-30 2199840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll [2014-04-30 1225920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30 334896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viber]
C:\Users\Zdeněk\AppData\Local\Viber\Viber.exe [2015-02-03 776400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Drivers]
C:\Users\Zdeněk\AppData\Roaming\WinUpdate\c\windrv.exe [2014-06-03 6656]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30 334896]
"App"=C:\Program Files (x86)\Rising\App.exe [2015-06-22 172032]
"RSDTRAY"=C:\Program Files (x86)\Rising\RSD\popwndexe.exe [2012-09-25 126808]
"baidusdTray"=C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe [2015-04-08 2474952]
" QQPCTray"=C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTRAY.EXE [2015-06-22 355296]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\QQPCRTP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-06-23 20:43:05 ----D---- C:\rsit
2015-06-23 20:43:05 ----D---- C:\Program Files\trend micro
2015-06-23 20:32:39 ----D---- C:\ProgramData\IHProtectUpDate
2015-06-23 20:32:33 ----D---- C:\Program Files (x86)\MiuiTab
2015-06-23 20:32:24 ----D---- C:\ProgramData\WindowsMangerProtect
2015-06-23 20:32:21 ----A---- C:\Windows\prleth.sys
2015-06-23 20:32:21 ----A---- C:\Windows\hgfs.sys
2015-06-23 18:32:54 ----A---- C:\Windows\SYSWOW64\drivers\TS888x64.sys
2015-06-22 20:14:49 ----D---- C:\ProgramData\TXQMPC
2015-06-22 20:00:04 ----D---- C:\Program Files\Common Files\Tencent
2015-06-22 20:00:03 ----A---- C:\Windows\system32\drivers\TAOAccelerator64.sys
2015-06-22 19:59:56 ----A---- C:\Windows\system32\drivers\TSSKX64.sys
2015-06-22 19:59:47 ----A---- C:\Windows\system32\drivers\TAOKernel64.sys
2015-06-22 19:59:34 ----A---- C:\Windows\system32\drivers\TFsFltX64.sys
2015-06-22 19:58:36 ----D---- C:\Program Files (x86)\Tencent
2015-06-22 19:57:59 ----D---- C:\Users\Zdeněk\AppData\Roaming\Tencent
2015-06-22 19:57:58 ----D---- C:\ProgramData\Tencent
2015-06-22 19:56:11 ----A---- C:\Windows\system32\drivers\BDMWrench_x64.sys
2015-06-22 19:55:53 ----A---- C:\Windows\system32\drivers\BDDefense.sys
2015-06-22 19:55:53 ----A---- C:\Windows\system32\drivers\BDArKit.sys
2015-06-22 19:55:52 ----A---- C:\Windows\system32\drivers\bd0003.sys
2015-06-22 19:55:49 ----A---- C:\Windows\system32\drivers\bd0002.sys
2015-06-22 19:55:48 ----A---- C:\Windows\system32\drivers\bd0001.sys
2015-06-22 19:55:20 ----D---- C:\Program Files (x86)\Baidu
2015-06-22 19:55:17 ----D---- C:\Users\Zdeněk\AppData\Roaming\Baidu
2015-06-22 19:55:17 ----D---- C:\ProgramData\Baidu
2015-06-22 19:54:35 ----RSH---- C:\rising.ini
2015-06-22 19:54:31 ----N---- C:\Windows\system32\drivers\sysmon.sys
2015-06-22 19:54:31 ----N---- C:\Windows\system32\drivers\rsutils.sys
2015-06-22 19:54:31 ----N---- C:\Windows\system32\drivers\rsndisp.sys
2015-06-22 19:54:25 ----D---- C:\ProgramData\Rising
2015-06-22 19:54:04 ----D---- C:\Program Files (x86)\Rising
2015-06-22 19:30:13 ----D---- C:\Program Files\Ubisoft
2015-06-09 21:33:08 ----A---- C:\Windows\system32\wmp.dll
2015-06-09 21:33:07 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-06-09 21:33:07 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-06-09 21:33:07 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-06-09 21:33:07 ----A---- C:\Windows\system32\spwmp.dll
2015-06-09 21:33:07 ----A---- C:\Windows\system32\dxmasf.dll
2015-06-09 21:33:06 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-06-09 21:33:06 ----A---- C:\Windows\system32\wmploc.DLL
2015-06-09 21:33:04 ----A---- C:\Windows\system32\invagent.dll
2015-06-09 21:33:04 ----A---- C:\Windows\system32\generaltel.dll
2015-06-09 21:33:04 ----A---- C:\Windows\system32\devinv.dll
2015-06-09 21:33:04 ----A---- C:\Windows\system32\appraiser.dll
2015-06-09 21:33:04 ----A---- C:\Windows\system32\aepic.dll
2015-06-09 21:33:04 ----A---- C:\Windows\system32\aeinv.dll
2015-06-09 21:33:04 ----A---- C:\Windows\system32\acmigration.dll
2015-06-09 21:33:03 ----A---- C:\Windows\system32\aepdu.dll
2015-06-09 21:32:59 ----A---- C:\Windows\system32\KernelBase.dll
2015-06-09 21:32:59 ----A---- C:\Windows\system32\kerberos.dll
2015-06-09 21:32:59 ----A---- C:\Windows\system32\diagtrack.dll
2015-06-09 21:32:58 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-06-09 21:32:58 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2015-06-09 21:32:58 ----A---- C:\Windows\system32\lsasrv.dll
2015-06-09 21:32:58 ----A---- C:\Windows\system32\kernel32.dll
2015-06-09 21:32:58 ----A---- C:\Windows\system32\advapi32.dll
2015-06-09 21:32:57 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-06-09 21:32:57 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-06-09 21:32:57 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-06-09 21:32:57 ----A---- C:\Windows\system32\wow64.dll
2015-06-09 21:32:57 ----A---- C:\Windows\system32\winsrv.dll
2015-06-09 21:32:57 ----A---- C:\Windows\system32\tracerpt.exe
2015-06-09 21:32:57 ----A---- C:\Windows\system32\srcore.dll
2015-06-09 21:32:57 ----A---- C:\Windows\system32\rstrui.exe
2015-06-09 21:32:57 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-06-09 21:32:57 ----A---- C:\Windows\system32\ntdll.dll
2015-06-09 21:32:57 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-06-09 21:32:57 ----A---- C:\Windows\system32\conhost.exe
2015-06-09 21:32:56 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-06-09 21:32:56 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-06-09 21:32:56 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-06-09 21:32:56 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-06-09 21:32:56 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-06-09 21:32:56 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-06-09 21:32:56 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-06-09 21:32:56 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-06-09 21:32:56 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-06-09 21:32:56 ----A---- C:\Windows\SYSWOW64\logman.exe
2015-06-09 21:32:56 ----A---- C:\Windows\system32\wdigest.dll
2015-06-09 21:32:56 ----A---- C:\Windows\system32\typeperf.exe
2015-06-09 21:32:56 ----A---- C:\Windows\system32\TSpkg.dll
2015-06-09 21:32:56 ----A---- C:\Windows\system32\tdh.dll
2015-06-09 21:32:56 ----A---- C:\Windows\system32\sspicli.dll
2015-06-09 21:32:56 ----A---- C:\Windows\system32\smss.exe
2015-06-09 21:32:56 ----A---- C:\Windows\system32\schannel.dll
2015-06-09 21:32:56 ----A---- C:\Windows\system32\sechost.dll
2015-06-09 21:32:56 ----A---- C:\Windows\system32\ncrypt.dll
2015-06-09 21:32:56 ----A---- C:\Windows\system32\msv1_0.dll
2015-06-09 21:32:56 ----A---- C:\Windows\system32\lsass.exe
2015-06-09 21:32:56 ----A---- C:\Windows\system32\logman.exe
2015-06-09 21:32:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-06-09 21:32:56 ----A---- C:\Windows\system32\auditpol.exe
2015-06-09 21:32:55 ----A---- C:\Windows\SYSWOW64\typeperf.exe
2015-06-09 21:32:55 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-06-09 21:32:55 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-06-09 21:32:55 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-06-09 21:32:55 ----A---- C:\Windows\SYSWOW64\relog.exe
2015-06-09 21:32:55 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-06-09 21:32:55 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-06-09 21:32:55 ----A---- C:\Windows\SYSWOW64\diskperf.exe
2015-06-09 21:32:55 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-06-09 21:32:55 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-06-09 21:32:55 ----A---- C:\Windows\system32\wow64win.dll
2015-06-09 21:32:55 ----A---- C:\Windows\system32\wow64cpu.dll
2015-06-09 21:32:55 ----A---- C:\Windows\system32\sspisrv.dll
2015-06-09 21:32:55 ----A---- C:\Windows\system32\srclient.dll
2015-06-09 21:32:55 ----A---- C:\Windows\system32\secur32.dll
2015-06-09 21:32:55 ----A---- C:\Windows\system32\relog.exe
2015-06-09 21:32:55 ----A---- C:\Windows\system32\ntvdm64.dll
2015-06-09 21:32:55 ----A---- C:\Windows\system32\diskperf.exe
2015-06-09 21:32:55 ----A---- C:\Windows\system32\csrsrv.dll
2015-06-09 21:32:55 ----A---- C:\Windows\system32\credssp.dll
2015-06-09 21:32:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 21:32:54 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-06-09 21:32:54 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-09 21:32:53 ----A---- C:\Windows\SYSWOW64\user.exe
2015-06-09 21:32:53 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-06-09 21:32:53 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-06-09 21:32:53 ----A---- C:\Windows\system32\apisetschema.dll
2015-06-09 21:32:52 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-06-09 21:32:52 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-06-09 21:32:52 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-06-09 21:32:52 ----A---- C:\Windows\system32\UtcResources.dll
2015-06-09 21:32:52 ----A---- C:\Windows\system32\msobjs.dll
2015-06-09 21:32:52 ----A---- C:\Windows\system32\msaudite.dll
2015-06-09 21:32:52 ----A---- C:\Windows\system32\adtschema.dll
2015-06-09 21:32:47 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2015-06-09 21:32:47 ----A---- C:\Windows\system32\comctl32.dll
2015-06-09 21:32:46 ----A---- C:\Windows\system32\win32k.sys
2015-06-09 21:32:42 ----A---- C:\Windows\system32\drivers\stream.sys
2015-06-09 21:32:40 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-06-09 21:32:40 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-06-09 21:32:40 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-06-09 21:32:40 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-06-09 21:32:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-06-09 21:32:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-06-09 21:32:39 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-06-09 21:32:39 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-06-09 21:32:39 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-06-09 21:32:39 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-06-09 21:32:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-06-09 21:32:39 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-06-09 21:32:39 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-09 21:32:39 ----A---- C:\Windows\system32\iernonce.dll
2015-06-09 21:32:39 ----A---- C:\Windows\system32\ie4uinit.exe
2015-06-09 21:32:38 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-06-09 21:32:38 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-06-09 21:32:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-06-09 21:32:37 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-06-09 21:32:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-06-09 21:32:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-06-09 21:32:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-06-09 21:32:37 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-06-09 21:32:37 ----A---- C:\Windows\system32\urlmon.dll
2015-06-09 21:32:37 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-09 21:32:37 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-06-09 21:32:37 ----A---- C:\Windows\system32\iedkcs32.dll
2015-06-09 21:32:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-06-09 21:32:36 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-06-09 21:32:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-06-09 21:32:36 ----A---- C:\Windows\system32\msfeeds.dll
2015-06-09 21:32:36 ----A---- C:\Windows\system32\dxtrans.dll
2015-06-09 21:32:35 ----A---- C:\Windows\system32\iesetup.dll
2015-06-09 21:32:35 ----A---- C:\Windows\system32\iertutil.dll
2015-06-09 21:32:35 ----A---- C:\Windows\system32\ieapfltr.dll
2015-06-09 21:32:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-06-09 21:32:34 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-06-09 21:32:34 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-06-09 21:32:34 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-06-09 21:32:34 ----A---- C:\Windows\system32\vbscript.dll
2015-06-09 21:32:34 ----A---- C:\Windows\system32\jsproxy.dll
2015-06-09 21:32:34 ----A---- C:\Windows\system32\ieUnatt.exe
2015-06-09 21:32:33 ----A---- C:\Windows\system32\ieui.dll
2015-06-09 21:32:33 ----A---- C:\Windows\system32\ieframe.dll
2015-06-09 21:32:33 ----A---- C:\Windows\system32\dxtmsft.dll
2015-06-09 21:32:32 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-06-09 21:32:32 ----A---- C:\Windows\system32\mshtmled.dll
2015-06-09 21:32:32 ----A---- C:\Windows\system32\jscript9diag.dll
2015-06-09 21:32:32 ----A---- C:\Windows\system32\jscript9.dll
2015-06-09 21:32:32 ----A---- C:\Windows\system32\jscript.dll
2015-06-09 21:32:31 ----A---- C:\Windows\system32\wininet.dll
2015-06-09 21:32:31 ----A---- C:\Windows\system32\msrating.dll
2015-06-09 21:32:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-06-09 21:32:30 ----A---- C:\Windows\system32\mshtml.dll

======List of files/folders modified in the last 1 month======

2015-06-23 20:43:05 ----RD---- C:\Program Files
2015-06-23 20:40:15 ----SHD---- C:\Windows\Installer
2015-06-23 20:40:14 ----SHD---- C:\Config.Msi
2015-06-23 20:40:05 ----SHD---- C:\System Volume Information
2015-06-23 20:38:30 ----RD---- C:\Program Files (x86)
2015-06-23 20:38:29 ----D---- C:\Windows\Temp
2015-06-23 20:32:39 ----HD---- C:\ProgramData
2015-06-23 20:32:39 ----D---- C:\Windows\SysWOW64
2015-06-23 20:32:21 ----D---- C:\Windows
2015-06-23 20:32:11 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-06-23 20:08:27 ----D---- C:\Windows\system32\drivers
2015-06-23 20:07:53 ----D---- C:\ProgramData\NVIDIA
2015-06-23 20:07:44 ----D---- C:\Windows\Migration
2015-06-23 19:40:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-06-23 18:36:26 ----D---- C:\Windows\system32\config
2015-06-23 18:32:54 ----D---- C:\Windows\SYSWOW64\drivers
2015-06-22 20:41:01 ----D---- C:\Windows\system32\Tasks
2015-06-22 20:29:50 ----RD---- C:\Users
2015-06-22 20:09:20 ----D---- C:\Windows\winsxs
2015-06-22 20:00:04 ----D---- C:\Program Files\Common Files
2015-06-22 19:59:50 ----RSD---- C:\Windows\Fonts
2015-06-22 19:59:36 ----D---- C:\Program Files (x86)\Common Files
2015-06-22 19:56:57 ----D---- C:\Windows\Prefetch
2015-06-22 19:47:26 ----D---- C:\Windows\inf
2015-06-22 19:46:29 ----D---- C:\Windows\Logs
2015-06-22 09:34:41 ----D---- C:\Users\Zdeněk\AppData\Roaming\DAEMON Tools Lite
2015-06-21 20:27:39 ----D---- C:\Users\Zdeněk\AppData\Roaming\Media Player Classic
2015-06-21 20:27:37 ----D---- C:\Windows\Minidump
2015-06-21 20:27:37 ----D---- C:\Windows\debug
2015-06-21 20:22:55 ----D---- C:\Program Files (x86)\R.G. Mechanics
2015-06-21 20:22:54 ----D---- C:\ProgramData\Orbit
2015-06-19 16:04:00 ----D---- C:\Windows\rescache
2015-06-16 19:15:45 ----D---- C:\Windows\PLA
2015-06-15 21:36:53 ----D---- C:\ProgramData\APN
2015-06-15 21:24:30 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-10 18:49:40 ----D---- C:\Windows\System32
2015-06-10 18:49:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-06-10 18:41:13 ----SD---- C:\Windows\system32\CompatTel
2015-06-10 18:41:13 ----D---- C:\Windows\system32\appraiser
2015-06-10 18:41:13 ----D---- C:\Program Files\Windows Media Player
2015-06-10 18:41:13 ----D---- C:\Program Files (x86)\Windows Media Player
2015-06-10 18:41:12 ----D---- C:\Windows\AppPatch
2015-06-10 18:41:11 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-06-10 18:41:11 ----D---- C:\Windows\system32\cs-CZ
2015-06-10 18:41:07 ----D---- C:\Windows\SYSWOW64\en-US
2015-06-10 18:41:07 ----D---- C:\Program Files\Internet Explorer
2015-06-10 18:41:06 ----D---- C:\Windows\PolicyDefinitions
2015-06-10 18:41:05 ----D---- C:\Windows\system32\en-US
2015-06-10 18:41:04 ----D---- C:\Program Files (x86)\Internet Explorer
2015-06-09 23:31:15 ----D---- C:\ProgramData\Microsoft Help
2015-06-09 23:30:06 ----D---- C:\Windows\system32\MRT
2015-06-09 23:27:27 ----A---- C:\Windows\system32\MRT.exe
2015-06-09 21:31:12 ----D---- C:\Windows\system32\catroot2
2015-05-25 20:39:36 ----D---- C:\Program Files (x86)\Java
2015-05-25 20:38:58 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2010-10-26 181040]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sysmon;sysmon; C:\Windows\system32\DRIVERS\sysmon.sys [2015-02-11 121072]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 bd0001;bd0001; C:\Windows\system32\DRIVERS\bd0001.sys [2015-04-08 202576]
R1 bd0002;bd0002; C:\Windows\system32\DRIVERS\bd0002.sys [2015-04-08 196936]
R1 bd0003;bd0003; C:\Windows\system32\DRIVERS\bd0003.sys [2015-04-08 67400]
R1 BDMWrench_x64;BDMWrench_x64; C:\Windows\system32\DRIVERS\BDMWrench_x64.sys [2015-04-08 56136]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-01-03 283064]
R1 QMUdisk;tencent QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMUdisk64.sys [2015-06-22 62264]
R1 rsutils;rsutils; C:\Windows\system32\DRIVERS\rsutils.sys [2015-03-11 71056]
R1 TAOKernelDriver;Tencent Auto Optimize Platform.; C:\Windows\System32\Drivers\TAOKernel64.sys [2015-06-22 174392]
R1 TSCPM;TSCPM; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\tscpm64.sys [2015-06-22 42296]
R1 TSDefenseBt;TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TSDefenseBT64.sys [2015-06-22 28472]
R1 TSSysKit;TSSysKit; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TSSysKit64.sys [2015-06-22 87352]
R2 BDArKit;BDArKit; C:\Windows\system32\DRIVERS\BDArKit.sys [2015-04-08 152392]
R2 BDDefense;BDDefense; C:\Windows\system32\drivers\BDDefense.sys [2015-04-08 103240]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
R2 QQSysMonX64;QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQSysMonX64.sys [2015-06-22 129336]
R2 TAOAccelerator;Tencent TAOAccelerator driver.; \??\C:\Windows\system32\Drivers\TAOAccelerator64.sys [2015-06-22 99640]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-07-12 86016]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2000-01-01 3872984]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-04-14 25816]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-05-20 197408]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-04-30 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 TFsFlt;TFsFlt; C:\Windows\system32\Drivers\TFsFltX64.sys [2015-06-22 87864]
R3 TS888x64;TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TS888x64.sys [2015-06-23 28984]
S1 BDFileDefend;BDFileDefend; C:\Windows\system32\DRIVERS\BDFileDefend.sys []
S1 BdSandBox;BdSandBox; C:\Windows\system32\DRIVERS\BdSandBox.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2011-07-12 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-07-12 13952]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-07-12 98816]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2011-07-12 28672]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-07-12 213504]
S3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-04-14 63704]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TSSKX64;TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [2015-06-22 38200]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 BaiduHips;BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [2015-04-08 64008]
R2 BDKVRTP;BDKVRTP Service; C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [2015-04-08 793096]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 IHProtect Service;IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [2015-06-16 125112]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-30 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-04-30 21007192]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 927520]
R2 QQPCRTP;QQPCMgr RTP Service; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe [2015-06-22 297608]
R2 RsMgrSvc;Rsd Service; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [2014-09-02 179992]
R2 RsRavMon;Rav Service; C:\Program Files (x86)\Rising\RAV\ravmond.exe [2014-05-15 277552]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-20 413128]
R2 VmbService;Vodafone Mobile Connect Service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-07-14 9216]
R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [2015-06-23 695976]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23 268976]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-22 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TAOFrame;TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TAOFrame.exe [2015-06-22 293728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-03 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

# AdwCleaner v4.207 - Log vytvořen 23/06/2015 v 21:44:30
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-06-23.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : Zdeněk - ZDENĚKPC
# Spuštěno z : C:\Users\Zdeněk\Desktop\adwcleaner_4.207.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : bd0003
[#] Služba Smazáno : BDArKit
[#] Služba Smazáno : BDMWrench_x64
[#] Služba Smazáno : IHProtect Service
[#] Služba Smazáno : QQPCRTP
[#] Služba Smazáno : WindowsMangerProtect
[#] Služba Smazáno : BDFileDefend
Služba Smazáno : TAOAccelerator
Služba Smazáno : TSDefenseBt
Služba Smazáno : TSSysKit
[#] Služba Smazáno : QMUdisk
Služba Smazáno : TS888x64
[#] Služba Smazáno : QQSysMonX64
[#] Služba Smazáno : TSCPM
[#] Služba Smazáno : TFsFlt
[#] Služba Smazáno : TAOFrame
[#] Služba Smazáno : TAOKernelDriver

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\ProgramData\ParetoLogic
Složka Smazáno : C:\ProgramData\WindowsMangerProtect
Složka Smazáno : C:\ProgramData\IHProtectUpDate
[!] Složka Smazáno : C:\ProgramData\tencent
Složka Smazáno : C:\ProgramData\TXQMPC
Složka Smazáno : C:\ProgramData\8208215867162893194
Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????
Složka Smazáno : C:\Program Files (x86)\XTab
[!] Složka Smazáno : C:\Program Files (x86)\tencent
Složka Smazáno : C:\Program Files (x86)\miuitab
Složka Smazáno : C:\Program Files (x86)\Common Files\tencent
Složka Smazáno : C:\Users\ZDENK~1\AppData\Local\Temp\tencent
Složka Smazáno : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
[!] Složka Smazáno : C:\Program Files\Common Files\tencent
Složka Smazáno : C:\Users\Zdeněk\AppData\Local\globalUpdate
Složka Smazáno : C:\Users\Zdeněk\AppData\Local\Doctor_PC
Složka Smazáno : C:\Users\Zdeněk\AppData\Roaming\DriverCure
Složka Smazáno : C:\Users\Zdeněk\AppData\Roaming\ParetoLogic
[!] Složka Smazáno : C:\Users\Zdeněk\AppData\Roaming\tencent
Složka Smazáno : C:\Users\Zden?\AppData\Roaming\tencent
Soubor Smazáno : C:\Windows\System32\drivers\BDDefense.sys
Soubor Smazáno : C:\Windows\System32\drivers\bd0001.sys
Soubor Smazáno : C:\Windows\System32\drivers\bd0002.sys
Soubor Smazáno : C:\Windows\System32\drivers\bd0003.sys
Soubor Smazáno : C:\Windows\System32\drivers\BDArKit.SYS
Soubor Smazáno : C:\Windows\System32\drivers\BDMWrench_x64.sys
Soubor Smazáno : C:\Users\Zdeněk\AppData\Roaming\CAKDCHWC
Soubor Smazáno : C:\Users\Zdeněk\AppData\Roaming\GIIGFOH
Soubor Smazáno : C:\Users\Zdeněk\AppData\Roaming\JDDB
Soubor Smazáno : C:\Users\Zdeněk\AppData\Roaming\LDJTXVOV
Soubor Smazáno : C:\Users\Zdeněk\AppData\Roaming\PUOOP
Soubor Smazáno : C:\Users\Zdeněk\AppData\Roaming\YQFS
Soubor Smazáno : C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????\????\????.lnk
Soubor Smazáno : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml
Soubor Smazáno : C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default\user.js

***** [ Naplánované úlohy ] *****

Úloha Smazáno : DoctorPC_Popup
Úloha Smazáno : DoctorPC_Start
Úloha Smazáno : amiupdaterExd
Úloha Smazáno : amiupdaterExi
Úloha Smazáno : CAKDCHWC
Úloha Smazáno : GIIGFOH
Úloha Smazáno : JDDB
Úloha Smazáno : LDJTXVOV
Úloha Smazáno : PUOOP
Úloha Smazáno : YQFS

***** [ Zástupci ] *****

Zástupce Vyléčeno : C:\Users\Zdeněk\Desktop\M.lnk
Zástupce Vyléčeno : C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Zástupce Vyléčeno : C:\Users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Zástupce Vyléčeno : C:\Users\Zdeněk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Zástupce Vyléčeno : C:\Users\Zdeněk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\M.lnk

***** [ Registry ] *****

Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Klíč Smazáno : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
Klíč Smazáno : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\BDShellExt.DLL
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Klíč Smazáno : HKLM\SOFTWARE\CLASSES\METNSD
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{00890530-6A9F-4BE2-B1BB-73F01E2BB986}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ED81B593-10C9-4275-BA56-ADD13474769C}
Klíč Smazáno : HKCU\Software\APN PIP
Klíč Smazáno : HKCU\Software\AskPartnerNetwork
Klíč Smazáno : HKCU\Software\GlobalUpdate
Klíč Smazáno : HKCU\Software\HomeTab
Klíč Smazáno : HKCU\Software\ParetoLogic
Klíč Smazáno : HKCU\Software\simplytech
Klíč Smazáno : HKCU\Software\WajIEnhance
Klíč Smazáno : HKCU\Software\TNT2
Klíč Smazáno : HKCU\Software\WajIntEnhance
Klíč Smazáno : HKCU\Software\SearchProtectWS
Klíč Smazáno : HKCU\Software\estdemin
Klíč Smazáno : HKCU\Software\Linkey
Klíč Smazáno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíč Smazáno : HKLM\SOFTWARE\AskPartnerNetwork
Klíč Smazáno : HKLM\SOFTWARE\Conduit
Klíč Smazáno : HKLM\SOFTWARE\GlobalUpdate
Klíč Smazáno : HKLM\SOFTWARE\Iminent
Klíč Smazáno : HKLM\SOFTWARE\ParetoLogic
Klíč Smazáno : HKLM\SOFTWARE\SearchProtect
Klíč Smazáno : HKLM\SOFTWARE\SupDp
Klíč Smazáno : HKLM\SOFTWARE\SupTab
Klíč Smazáno : HKLM\SOFTWARE\supWindowsMangerProtect
Klíč Smazáno : HKLM\SOFTWARE\mystartsearchSoftware
Klíč Smazáno : HKLM\SOFTWARE\IHProtect
Klíč Smazáno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíč Smazáno : HKLM\SOFTWARE\WajIntEnhance
Klíč Smazáno : HKLM\SOFTWARE\SpeedBit
Klíč Smazáno : HKLM\SOFTWARE\AIM Toolbar
Klíč Smazáno : HKLM\SOFTWARE\searchult
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840

Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v16.0 (cs)

[gnisfrvf.default\prefs.js] - Řádek Smazáno : user_pref("browser.newtab.url", "hxxp://www.mystartsearch.com/newtab/?type=nt&t ... J90S205295");
[gnisfrvf.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.selectedEngine", "mystartsearch");
[gnisfrvf.default\prefs.js] - Řádek Smazáno : user_pref("browser.startup.homepage", "hxxp://www.mystartsearch.com/?type=hp&ts=14350 ... J90S205295");
[gnisfrvf.default\prefs.js] - Řádek Smazáno : user_pref("extensions.a12125cc42ae84eb5ad4752d72d8d101bgmailcom65119.65119.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[gnisfrvf.default\prefs.js] - Řádek Smazáno : user_pref("extensions.aEWBNO58637124CLP39222015com63313.63313.internaldb.Resources_meta.value", "%7B%22zoom.js%22%3A%7B%22id%22%3A798518%2C%22ver%22%3A1%2C%22status%22%3A1%2C%22name%22%3A%22zoom.js%22[...]
[gnisfrvf.default\prefs.js] - Řádek Smazáno : user_pref("extensions.aEWBNO58637124CLP39222015com63313.63313.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7[...]

*************************

AdwCleaner[R0].txt - [17103 bytů] - [23/06/2015 21:42:47]
AdwCleaner[S0].txt - [13181 bytů] - [23/06/2015 21:44:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13240 bytů] ##########

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by ZdenŘk on st 24.06.2015 at 12:13:16,76.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ZDENK~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24.6.2015 12:14:49 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\Program Files\Logitech deleted successfully
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\ZDENK~1\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default\prefs.js:

Added to C:\Users\ZDENK~1\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default\prefs.js:

ProfilePath: C:\Users\ZDENK~1\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_24.06.2015_1231_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\R.G. Mechanics not found
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\PROGRA~2\MiniGet deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\ZDENK~1\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default
- Undetermined - %ProfilePath%\extensions\info@youtube-mp3.org.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.hao123.com/?tn=91284697_hao_pg"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.hao123.com/?tn=91284697_hao_pg"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.hao123.com/?tn=91284697_hao_pg"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=29 folders=31 28343951 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== EOF on st 24.06.2015 at 12:39:38,17 ======================

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 15-06-24.01 - Zdeněk 24.06.2015 13:10:49.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6482 [GMT 2:00]
Spuštěný z: c:\users\Zdenýk\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Rising Software Deployment System *Enabled/Updated* {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Rising Software Deployment System *Enabled/Updated* {60A88726-9BAA-8843-60B1-768966A982DA}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
-------\Service_bd0002
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-24 do 2015-06-24 )))))))))))))))))))))))))))))))
.
.
2015-06-24 10:36 . 2015-06-24 10:13 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-24 10:13 . 2015-06-24 10:32 -------- d-----w- C:\zoek_backup
2015-06-23 19:49 . 2015-06-23 19:49 -------- d-----w- c:\programdata\TXQMPC
2015-06-23 19:42 . 2015-06-23 19:48 -------- d-----w- C:\AdwCleaner
2015-06-23 18:43 . 2015-06-23 18:43 -------- d-----w- C:\rsit
2015-06-23 18:43 . 2015-06-23 18:43 -------- d-----w- c:\program files\trend micro
2015-06-23 18:32 . 2015-06-23 18:32 0 ----a-w- c:\windows\prleth.sys
2015-06-23 18:32 . 2015-06-23 18:32 0 ----a-w- c:\windows\hgfs.sys
2015-06-23 16:43 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C54C9995-909B-4DBE-8410-AABBCDB5E13E}\mpengine.dll
2015-06-23 16:32 . 2015-06-23 18:12 28984 ----a-w- c:\windows\SysWow64\drivers\TS888x64.sys
2015-06-22 18:29 . 2015-06-22 18:29 -------- d-----w- c:\users\ZDENK~2
2015-06-22 18:00 . 2015-06-22 17:59 99640 ----a-w- c:\windows\system32\drivers\TAOAccelerator64.sys
2015-06-22 17:59 . 2015-06-22 17:59 -------- d-----w- c:\users\Zden?
2015-06-22 17:59 . 2015-06-22 17:59 38200 ----a-w- c:\windows\system32\drivers\TSSKX64.sys
2015-06-22 17:59 . 2015-06-22 17:59 174392 ----a-w- c:\windows\system32\drivers\TAOKernel64.sys
2015-06-22 17:59 . 2015-06-22 17:59 87864 ----a-w- c:\windows\system32\drivers\TFsFltX64.sys
2015-06-22 17:57 . 2015-06-23 19:50 -------- d-----w- c:\programdata\Tencent
2015-06-22 17:56 . 2015-04-08 07:17 56136 ----a-w- c:\windows\system32\drivers\BDMWrench_x64.sys
2015-06-22 17:55 . 2015-04-08 07:17 152392 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2015-06-22 17:55 . 2015-04-08 07:17 103240 ----a-w- c:\windows\system32\drivers\BDDefense.sys
2015-06-22 17:55 . 2015-04-08 07:17 67400 ----a-w- c:\windows\system32\drivers\bd0003.sys
2015-06-22 17:55 . 2015-04-08 07:17 196936 ----a-w- c:\windows\system32\drivers\bd0002.sys
2015-06-22 17:55 . 2015-04-08 07:17 202576 ----a-w- c:\windows\system32\drivers\bd0001.sys
2015-06-22 17:55 . 2015-06-22 17:56 -------- d-----w- c:\program files (x86)\Common Files\Baidu
2015-06-22 17:55 . 2015-06-22 17:55 -------- d-----w- c:\program files (x86)\Baidu
2015-06-22 17:55 . 2015-06-22 17:55 -------- d-----w- c:\programdata\Baidu
2015-06-22 17:55 . 2015-06-22 17:55 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Baidu
2015-06-22 17:54 . 2015-03-11 05:00 71056 ------w- c:\windows\system32\drivers\rsutils.sys
2015-06-22 17:54 . 2015-02-11 05:00 121072 ------w- c:\windows\system32\drivers\sysmon.sys
2015-06-22 17:54 . 2012-02-29 07:49 11888 ------w- c:\windows\system32\drivers\rsndisp.sys
2015-06-22 17:54 . 2015-06-22 17:54 -------- d-----w- c:\programdata\Rising
2015-06-22 17:54 . 2015-06-22 18:00 -------- d-----w- c:\program files (x86)\Rising
2015-06-22 17:30 . 2015-06-22 17:30 -------- d-----w- c:\program files\Ubisoft
2015-06-21 16:09 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-19 11:00 . 2015-03-26 19:59 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51ED816A-4883-4BD3-9D79-D829404EB168}\gapaengine.dll
2015-06-09 19:32 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-06-01 17:10 . 2015-06-01 17:10 -------- d-----w- c:\users\Zdeněk\AppData\Local\GWX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-23 17:40 . 2014-01-03 08:48 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-23 17:40 . 2014-01-03 08:48 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 16:37 . 2015-02-21 13:32 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-09 21:27 . 2014-01-03 11:27 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:38 . 2014-06-16 17:59 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-25 18:19 . 2015-06-09 19:32 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 19:32 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-09 19:32 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 19:32 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-09 19:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-13 20:30 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 20:30 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 16:52 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-13 16:52 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 02:56 . 2015-05-13 16:52 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 16:54 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 16:54 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 07:37 . 2015-02-21 13:31 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-02-21 13:31 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-01-07 16:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 16:53 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 16:52 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 16:52 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 16:52 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-03-26 19:59 . 2014-02-04 10:35 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"App"="c:\program files (x86)\Rising\App.exe" [2015-06-22 172032]
"RSDTRAY"="c:\program files (x86)\Rising\RSD\popwndexe.exe" [2012-09-25 126808]
"baidusdTray"="c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe" [2015-04-08 2474952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 BdSandBox;BdSandBox;c:\windows\system32\DRIVERS\BdSandBox.sys;c:\windows\SYSNATIVE\DRIVERS\BdSandBox.sys [x]
R1 TSDefenseBt;TSDefenseBt;c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\TsDefenseBT64.sys;c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\TsDefenseBT64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TSSKX64;TSSKX64;c:\windows\system32\drivers\tsskx64.sys;c:\windows\SYSNATIVE\drivers\tsskx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv61xx.sys [x]
S0 sysmon;sysmon;c:\windows\system32\DRIVERS\sysmon.sys;c:\windows\SYSNATIVE\DRIVERS\sysmon.sys [x]
S1 bd0001;bd0001;c:\windows\system32\DRIVERS\bd0001.sys;c:\windows\SYSNATIVE\DRIVERS\bd0001.sys [x]
S1 bd0002;bd0002;c:\windows\system32\DRIVERS\bd0002.sys;c:\windows\SYSNATIVE\DRIVERS\bd0002.sys [x]
S1 bd0003;bd0003;c:\windows\system32\DRIVERS\bd0003.sys;c:\windows\SYSNATIVE\DRIVERS\bd0003.sys [x]
S1 BDMWrench_x64;BDMWrench_x64;c:\windows\system32\DRIVERS\BDMWrench_x64.sys;c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 rsutils;rsutils;c:\windows\system32\DRIVERS\rsutils.sys;c:\windows\SYSNATIVE\DRIVERS\rsutils.sys [x]
S2 BaiduHips;BaiduHips;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [x]
S2 BDArKit;BDArKit;c:\windows\system32\DRIVERS\BDArKit.sys;c:\windows\SYSNATIVE\DRIVERS\BDArKit.sys [x]
S2 BDDefense;BDDefense;c:\windows\system32\drivers\BDDefense.sys;c:\windows\SYSNATIVE\drivers\BDDefense.sys [x]
S2 BDKVRTP;BDKVRTP Service;c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe;c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [x]
S2 RsRavMon;Rav Service;c:\program files (x86)\Rising\RAV\ravmond.exe;c:\program files (x86)\Rising\RAV\ravmond.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VmbService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - BD0001
*NewlyCreated* - BD0002
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2015-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-03 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7541976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"baidusdTray"="c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe" [2015-04-08 2474952]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
TCP: Interfaces\{01919392-71EE-4495-9FEE-D3BA839FCCED}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{4E2608BF-D6A0-4680-BFC0-6AD30A8BC216}: NameServer = 217.77.165.81 217.77.161.131
FF - ProfilePath - c:\users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-QQPCTray - c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTRAY.EXE
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\TSWebMon64.dat
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMGCShellExt64.dll
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-Cities XL 2011 ČEŠTINA - c:\program files (x86)\Focus Home Interactive\Cities XL 2011\Pak\Odinstalovat češtinu.exe
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\10.9.16350.226\\QQPCTRAY.EXE\" /regrun /qqrepair"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
.
**************************************************************************
.
Celkový čas: 2015-06-24 13:31:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-06-24 11:31
.
Před spuštěním: Volných bajtů: 114 443 632 640
Po spuštění: Volných bajtů: 113 890 566 144
.
- - End Of File - - BE7F08731BD2B6BD65194BEDAE4E69D2
A36C5E4F47E84449FF07ED3517B43A31

ještě pořád tam mám ale jakousi čičmo aplikaci

Ono je to odolna mrcha, ale ted uz to odpalime

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\programdata\TXQMPC
c:\programdata\Tencent
c:\program files (x86)\Common Files\Baidu
c:\program files (x86)\Baidu
c:\programdata\Baidu
c:\users\Zdeněk\AppData\Roaming\Baidu
c:\program files (x86)\Tencent

File::
c:\windows\SysWow64\drivers\TS888x64.sys
c:\windows\system32\drivers\TAOAccelerator64.sys
c:\windows\system32\drivers\TSSKX64.sys
c:\windows\system32\drivers\TAOKernel64.sys
c:\windows\system32\drivers\TFsFltX64.sys
c:\windows\system32\drivers\BDMWrench_x64.sys
c:\windows\system32\drivers\BDArKit.sys
c:\windows\system32\drivers\BDDefense.sys
c:\windows\system32\drivers\bd0003.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\bd0001.sys
c:\windows\SYSNATIVE\DRIVERS\BdSandBox.sys
c:\windows\SYSNATIVE\drivers\tsskx64.sys
c:\windows\SYSNATIVE\DRIVERS\bd0001.sys
c:\windows\SYSNATIVE\DRIVERS\bd0002.sys
c:\windows\SYSNATIVE\DRIVERS\bd0003.sys
c:\windows\Tasks\Adobe Flash Player Updater.job

Driver::
BdSandBox
TSDefenseBt
TSSKX64
bd0001
bd0002
bd0003
BaiduHips
BDArKit
BDDefense
BDKVRTP

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"App"=-
"baidusdTray"=-
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QQPCTray"=-

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 15-06-24.01 - Zdeněk 24.06.2015 15:39:14.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6503 [GMT 2:00]
Spuštěný z: c:\users\Zdenýk\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zdenýk\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Rising Software Deployment System *Enabled/Updated* {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Rising Software Deployment System *Enabled/Updated* {60A88726-9BAA-8843-60B1-768966A982DA}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
-------\Service_bd0002
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-24 do 2015-06-24 )))))))))))))))))))))))))))))))
.
.
2015-06-24 10:36 . 2015-06-24 10:13 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-24 10:13 . 2015-06-24 10:32 -------- d-----w- C:\zoek_backup
2015-06-23 19:49 . 2015-06-23 19:49 -------- d-----w- c:\programdata\TXQMPC
2015-06-23 19:42 . 2015-06-23 19:48 -------- d-----w- C:\AdwCleaner
2015-06-23 18:43 . 2015-06-23 18:43 -------- d-----w- C:\rsit
2015-06-23 18:43 . 2015-06-23 18:43 -------- d-----w- c:\program files\trend micro
2015-06-23 18:32 . 2015-06-23 18:32 0 ----a-w- c:\windows\prleth.sys
2015-06-23 18:32 . 2015-06-23 18:32 0 ----a-w- c:\windows\hgfs.sys
2015-06-23 16:43 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C54C9995-909B-4DBE-8410-AABBCDB5E13E}\mpengine.dll
2015-06-23 16:32 . 2015-06-23 18:12 28984 ----a-w- c:\windows\SysWow64\drivers\TS888x64.sys
2015-06-22 18:29 . 2015-06-22 18:29 -------- d-----w- c:\users\ZDENK~2
2015-06-22 18:00 . 2015-06-22 17:59 99640 ----a-w- c:\windows\system32\drivers\TAOAccelerator64.sys
2015-06-22 17:59 . 2015-06-22 17:59 -------- d-----w- c:\users\Zden?
2015-06-22 17:59 . 2015-06-22 17:59 38200 ----a-w- c:\windows\system32\drivers\TSSKX64.sys
2015-06-22 17:59 . 2015-06-22 17:59 174392 ----a-w- c:\windows\system32\drivers\TAOKernel64.sys
2015-06-22 17:59 . 2015-06-22 17:59 87864 ----a-w- c:\windows\system32\drivers\TFsFltX64.sys
2015-06-22 17:57 . 2015-06-23 19:50 -------- d-----w- c:\programdata\Tencent
2015-06-22 17:56 . 2015-04-08 07:17 56136 ----a-w- c:\windows\system32\drivers\BDMWrench_x64.sys
2015-06-22 17:55 . 2015-04-08 07:17 152392 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2015-06-22 17:55 . 2015-04-08 07:17 103240 ----a-w- c:\windows\system32\drivers\BDDefense.sys
2015-06-22 17:55 . 2015-04-08 07:17 67400 ----a-w- c:\windows\system32\drivers\bd0003.sys
2015-06-22 17:55 . 2015-04-08 07:17 196936 ----a-w- c:\windows\system32\drivers\bd0002.sys
2015-06-22 17:55 . 2015-04-08 07:17 202576 ----a-w- c:\windows\system32\drivers\bd0001.sys
2015-06-22 17:55 . 2015-06-22 17:56 -------- d-----w- c:\program files (x86)\Common Files\Baidu
2015-06-22 17:55 . 2015-06-22 17:55 -------- d-----w- c:\program files (x86)\Baidu
2015-06-22 17:55 . 2015-06-22 17:55 -------- d-----w- c:\programdata\Baidu
2015-06-22 17:55 . 2015-06-22 17:55 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Baidu
2015-06-22 17:54 . 2015-03-11 05:00 71056 ------w- c:\windows\system32\drivers\rsutils.sys
2015-06-22 17:54 . 2015-02-11 05:00 121072 ------w- c:\windows\system32\drivers\sysmon.sys
2015-06-22 17:54 . 2012-02-29 07:49 11888 ------w- c:\windows\system32\drivers\rsndisp.sys
2015-06-22 17:54 . 2015-06-22 17:54 -------- d-----w- c:\programdata\Rising
2015-06-22 17:54 . 2015-06-22 18:00 -------- d-----w- c:\program files (x86)\Rising
2015-06-22 17:30 . 2015-06-22 17:30 -------- d-----w- c:\program files\Ubisoft
2015-06-21 16:09 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-19 11:00 . 2015-03-26 19:59 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51ED816A-4883-4BD3-9D79-D829404EB168}\gapaengine.dll
2015-06-09 19:32 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-06-01 17:10 . 2015-06-01 17:10 -------- d-----w- c:\users\Zdeněk\AppData\Local\GWX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-23 17:40 . 2014-01-03 08:48 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-23 17:40 . 2014-01-03 08:48 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 16:37 . 2015-02-21 13:32 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-09 21:27 . 2014-01-03 11:27 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:38 . 2014-06-16 17:59 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-25 18:19 . 2015-06-09 19:32 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 19:32 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-09 19:32 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 19:32 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-09 19:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-13 20:30 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 20:30 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 16:52 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-13 16:52 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 02:56 . 2015-05-13 16:52 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 16:54 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 16:54 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 07:37 . 2015-02-21 13:31 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-02-21 13:31 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-01-07 16:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 16:53 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 16:52 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 16:52 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 16:52 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-03-26 19:59 . 2014-02-04 10:35 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"App"="c:\program files (x86)\Rising\App.exe" [2015-06-22 172032]
"RSDTRAY"="c:\program files (x86)\Rising\RSD\popwndexe.exe" [2012-09-25 126808]
"baidusdTray"="c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe" [2015-04-08 2474952]
"QQPCTray"="c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTRAY.EXE" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 BdSandBox;BdSandBox;c:\windows\system32\DRIVERS\BdSandBox.sys;c:\windows\SYSNATIVE\DRIVERS\BdSandBox.sys [x]
R1 TSDefenseBt;TSDefenseBt;c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\TsDefenseBT64.sys;c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\TsDefenseBT64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TSSKX64;TSSKX64;c:\windows\system32\drivers\tsskx64.sys;c:\windows\SYSNATIVE\drivers\tsskx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv61xx.sys [x]
S0 sysmon;sysmon;c:\windows\system32\DRIVERS\sysmon.sys;c:\windows\SYSNATIVE\DRIVERS\sysmon.sys [x]
S1 bd0001;bd0001;c:\windows\system32\DRIVERS\bd0001.sys;c:\windows\SYSNATIVE\DRIVERS\bd0001.sys [x]
S1 bd0002;bd0002;c:\windows\system32\DRIVERS\bd0002.sys;c:\windows\SYSNATIVE\DRIVERS\bd0002.sys [x]
S1 bd0003;bd0003;c:\windows\system32\DRIVERS\bd0003.sys;c:\windows\SYSNATIVE\DRIVERS\bd0003.sys [x]
S1 BDMWrench_x64;BDMWrench_x64;c:\windows\system32\DRIVERS\BDMWrench_x64.sys;c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 rsutils;rsutils;c:\windows\system32\DRIVERS\rsutils.sys;c:\windows\SYSNATIVE\DRIVERS\rsutils.sys [x]
S2 BaiduHips;BaiduHips;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [x]
S2 BDArKit;BDArKit;c:\windows\system32\DRIVERS\BDArKit.sys;c:\windows\SYSNATIVE\DRIVERS\BDArKit.sys [x]
S2 BDDefense;BDDefense;c:\windows\system32\drivers\BDDefense.sys;c:\windows\SYSNATIVE\drivers\BDDefense.sys [x]
S2 BDKVRTP;BDKVRTP Service;c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe;c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [x]
S2 RsRavMon;Rav Service;c:\program files (x86)\Rising\RAV\ravmond.exe;c:\program files (x86)\Rising\RAV\ravmond.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VmbService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - BD0001
*NewlyCreated* - BD0002
.
Obsah adresáře 'Naplánované úlohy'
.
2015-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-03 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\TSWebMon64.dat [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.QMDeskTopGCIcon]
@="{B7667919-3765-4815-A66D-98A09BE662D6}"
[HKEY_CLASSES_ROOT\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]
c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMGCShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7541976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"baidusdTray"="c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe" [2015-04-08 2474952]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
TCP: Interfaces\{01919392-71EE-4495-9FEE-D3BA839FCCED}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{4E2608BF-D6A0-4680-BFC0-6AD30A8BC216}: NameServer = 217.77.165.81 217.77.161.131
FF - ProfilePath - c:\users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\10.9.16350.226\\QQPCTRAY.EXE\" /regrun /qqrepair"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
.
**************************************************************************
.
Celkový čas: 2015-06-24 16:00:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-06-24 14:00
ComboFix2.txt 2015-06-24 11:31
.
Před spuštěním: Volných bajtů: 113 992 396 800
Po spuštění: Volných bajtů: 113 675 202 560
.
- - End Of File - - A80C5A10A0BEE3B10F8A130C6052CAB7
A36C5E4F47E84449FF07ED3517B43A31

Bohuzel mate diakritiku v nazvu uctu, takze CF neudelal co mel...

Presunte CF i CFScript.txt primo na disk c:\ a aplikujte jej

ComboFix 15-06-24.01 - Zdeněk 25.06.2015 12:02:35.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6415 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zdenýk\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Rising Software Deployment System *Enabled/Updated* {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Rising Software Deployment System *Enabled/Updated* {60A88726-9BAA-8843-60B1-768966A982DA}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
-------\Service_bd0002
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-25 do 2015-06-25 )))))))))))))))))))))))))))))))
.
.
2015-06-25 10:11 . 2015-06-25 10:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-24 17:23 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1925DFE-CE8D-4A01-9BD2-E320A6E8A530}\mpengine.dll
2015-06-24 10:36 . 2015-06-24 10:13 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-24 10:13 . 2015-06-24 10:32 -------- d-----w- C:\zoek_backup
2015-06-23 19:49 . 2015-06-23 19:49 -------- d-----w- c:\programdata\TXQMPC
2015-06-23 19:42 . 2015-06-23 19:48 -------- d-----w- C:\AdwCleaner
2015-06-23 18:43 . 2015-06-23 18:43 -------- d-----w- C:\rsit
2015-06-23 18:43 . 2015-06-23 18:43 -------- d-----w- c:\program files\trend micro
2015-06-23 18:32 . 2015-06-23 18:32 0 ----a-w- c:\windows\prleth.sys
2015-06-23 18:32 . 2015-06-23 18:32 0 ----a-w- c:\windows\hgfs.sys
2015-06-23 16:43 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-23 16:32 . 2015-06-23 18:12 28984 ----a-w- c:\windows\SysWow64\drivers\TS888x64.sys
2015-06-22 18:29 . 2015-06-22 18:29 -------- d-----w- c:\users\ZDENK~2
2015-06-22 18:00 . 2015-06-22 17:59 99640 ----a-w- c:\windows\system32\drivers\TAOAccelerator64.sys
2015-06-22 17:59 . 2015-06-22 17:59 -------- d-----w- c:\users\Zden?
2015-06-22 17:59 . 2015-06-22 17:59 38200 ----a-w- c:\windows\system32\drivers\TSSKX64.sys
2015-06-22 17:59 . 2015-06-22 17:59 174392 ----a-w- c:\windows\system32\drivers\TAOKernel64.sys
2015-06-22 17:59 . 2015-06-22 17:59 87864 ----a-w- c:\windows\system32\drivers\TFsFltX64.sys
2015-06-22 17:57 . 2015-06-23 19:50 -------- d-----w- c:\programdata\Tencent
2015-06-22 17:56 . 2015-04-08 07:17 56136 ----a-w- c:\windows\system32\drivers\BDMWrench_x64.sys
2015-06-22 17:55 . 2015-04-08 07:17 152392 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2015-06-22 17:55 . 2015-04-08 07:17 103240 ----a-w- c:\windows\system32\drivers\BDDefense.sys
2015-06-22 17:55 . 2015-04-08 07:17 67400 ----a-w- c:\windows\system32\drivers\bd0003.sys
2015-06-22 17:55 . 2015-04-08 07:17 196936 ----a-w- c:\windows\system32\drivers\bd0002.sys
2015-06-22 17:55 . 2015-04-08 07:17 202576 ----a-w- c:\windows\system32\drivers\bd0001.sys
2015-06-22 17:55 . 2015-06-22 17:56 -------- d-----w- c:\program files (x86)\Common Files\Baidu
2015-06-22 17:55 . 2015-06-22 17:55 -------- d-----w- c:\program files (x86)\Baidu
2015-06-22 17:55 . 2015-06-24 14:10 -------- d-----w- c:\programdata\Baidu
2015-06-22 17:55 . 2015-06-22 17:55 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Baidu
2015-06-22 17:54 . 2015-03-11 05:00 71056 ------w- c:\windows\system32\drivers\rsutils.sys
2015-06-22 17:54 . 2015-02-11 05:00 121072 ------w- c:\windows\system32\drivers\sysmon.sys
2015-06-22 17:54 . 2012-02-29 07:49 11888 ------w- c:\windows\system32\drivers\rsndisp.sys
2015-06-22 17:54 . 2015-06-22 17:54 -------- d-----w- c:\programdata\Rising
2015-06-22 17:54 . 2015-06-22 18:00 -------- d-----w- c:\program files (x86)\Rising
2015-06-22 17:30 . 2015-06-22 17:30 -------- d-----w- c:\program files\Ubisoft
2015-06-19 11:00 . 2015-03-26 19:59 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51ED816A-4883-4BD3-9D79-D829404EB168}\gapaengine.dll
2015-06-09 19:32 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-06-01 17:10 . 2015-06-01 17:10 -------- d-----w- c:\users\Zdeněk\AppData\Local\GWX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-23 17:40 . 2014-01-03 08:48 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-23 17:40 . 2014-01-03 08:48 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 16:37 . 2015-02-21 13:32 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-09 21:27 . 2014-01-03 11:27 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:38 . 2014-06-16 17:59 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-25 18:19 . 2015-06-09 19:32 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 19:32 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-09 19:32 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 19:32 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-09 19:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-13 20:30 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 20:30 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 16:52 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-13 16:52 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 02:56 . 2015-05-13 16:52 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 16:54 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 16:54 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 07:37 . 2015-02-21 13:31 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-02-21 13:31 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-01-07 16:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 16:53 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 16:52 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 16:52 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 16:52 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"App"="c:\program files (x86)\Rising\App.exe" [2015-06-22 172032]
"RSDTRAY"="c:\program files (x86)\Rising\RSD\popwndexe.exe" [2012-09-25 126808]
"baidusdTray"="c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe" [2015-04-08 2474952]
"QQPCTray"="c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTRAY.EXE" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 BdSandBox;BdSandBox;c:\windows\system32\DRIVERS\BdSandBox.sys;c:\windows\SYSNATIVE\DRIVERS\BdSandBox.sys [x]
R1 TSDefenseBt;TSDefenseBt;c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\TsDefenseBT64.sys;c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\TsDefenseBT64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TSSKX64;TSSKX64;c:\windows\system32\drivers\tsskx64.sys;c:\windows\SYSNATIVE\drivers\tsskx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv61xx.sys [x]
S0 sysmon;sysmon;c:\windows\system32\DRIVERS\sysmon.sys;c:\windows\SYSNATIVE\DRIVERS\sysmon.sys [x]
S1 bd0001;bd0001;c:\windows\system32\DRIVERS\bd0001.sys;c:\windows\SYSNATIVE\DRIVERS\bd0001.sys [x]
S1 bd0002;bd0002;c:\windows\system32\DRIVERS\bd0002.sys;c:\windows\SYSNATIVE\DRIVERS\bd0002.sys [x]
S1 bd0003;bd0003;c:\windows\system32\DRIVERS\bd0003.sys;c:\windows\SYSNATIVE\DRIVERS\bd0003.sys [x]
S1 BDMWrench_x64;BDMWrench_x64;c:\windows\system32\DRIVERS\BDMWrench_x64.sys;c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 rsutils;rsutils;c:\windows\system32\DRIVERS\rsutils.sys;c:\windows\SYSNATIVE\DRIVERS\rsutils.sys [x]
S2 BaiduHips;BaiduHips;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [x]
S2 BDArKit;BDArKit;c:\windows\system32\DRIVERS\BDArKit.sys;c:\windows\SYSNATIVE\DRIVERS\BDArKit.sys [x]
S2 BDDefense;BDDefense;c:\windows\system32\drivers\BDDefense.sys;c:\windows\SYSNATIVE\drivers\BDDefense.sys [x]
S2 BDKVRTP;BDKVRTP Service;c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe;c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [x]
S2 RsRavMon;Rav Service;c:\program files (x86)\Rising\RAV\ravmond.exe;c:\program files (x86)\Rising\RAV\ravmond.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VmbService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - BD0001
*NewlyCreated* - BD0002
.
Obsah adresáře 'Naplánované úlohy'
.
2015-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-03 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\TSWebMon64.dat [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.QMDeskTopGCIcon]
@="{B7667919-3765-4815-A66D-98A09BE662D6}"
[HKEY_CLASSES_ROOT\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]
c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMGCShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7541976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"baidusdTray"="c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe" [2015-04-08 2474952]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
TCP: Interfaces\{01919392-71EE-4495-9FEE-D3BA839FCCED}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{4E2608BF-D6A0-4680-BFC0-6AD30A8BC216}: NameServer = 217.77.165.81 217.77.161.131
FF - ProfilePath - c:\users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\10.9.16350.226\\QQPCTRAY.EXE\" /regrun /qqrepair"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
.
**************************************************************************
.
Celkový čas: 2015-06-25 12:21:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-06-25 10:21
ComboFix2.txt 2015-06-24 14:00
ComboFix3.txt 2015-06-24 11:31
.
Před spuštěním: Volných bajtů: 105 811 234 816
Po spuštění: Volných bajtů: 105 758 650 368
.
- - End Of File - - 598F9FBFB2BB7F4F6871C4F75588AE63
A36C5E4F47E84449FF07ED3517B43A31

vyosek píše:Bohuzel mate diakritiku v nazvu uctu, takze CF neudelal co mel...
Presunte CF i CFScript.txt primo na disk c:\ a aplikujte jej

Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zdenýk\Desktop\CFScript.txt

kurnik, já ten script přetahoval z plochy...takže znovu

Diky kolegovi za vstup

Presne tak, znovu a lepe

ComboFix 15-06-24.01 - Zdeněk 25.06.2015 21:19:25.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.5652 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Rising Software Deployment System *Enabled/Updated* {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Rising Software Deployment System *Enabled/Updated* {60A88726-9BAA-8843-60B1-768966A982DA}
.
FILE ::
"c:\windows\system32\DRIVERS\bd0001.sys"
"c:\windows\system32\DRIVERS\bd0002.sys"
"c:\windows\system32\DRIVERS\bd0003.sys"
"c:\windows\system32\DRIVERS\BdSandBox.sys"
"c:\windows\system32\drivers\tsskx64.sys"
"c:\windows\system32\drivers\bd0001.sys"
"c:\windows\system32\drivers\bd0002.sys"
"c:\windows\system32\drivers\bd0003.sys"
"c:\windows\system32\drivers\BDArKit.sys"
"c:\windows\system32\drivers\BDDefense.sys"
"c:\windows\system32\drivers\BDMWrench_x64.sys"
"c:\windows\system32\drivers\TAOAccelerator64.sys"
"c:\windows\system32\drivers\TAOKernel64.sys"
"c:\windows\system32\drivers\TFsFltX64.sys"
"c:\windows\system32\drivers\TSSKX64.sys"
"c:\windows\SysWow64\drivers\TS888x64.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Baidu
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\ad.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdRepair.exe
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUProxy64.exe
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BAV\BavArchive.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BAV\BavCommon.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BAV\BavEngine.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BAV\BavFrame.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BAV\BavOLE.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BAV\BavScanH.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BAV\BavScanM.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BAV\BavScanV.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BAV\BavUnpack.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BAV\BavUpdate.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BAV\BavUpdate.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDDriverFixer.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDKVDeskBand.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDKVDeskBand64.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDKVDownloadProtect.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDKVDownloadProtect_x64.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDKVMainFrame.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDKVRecomm.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDLogicUtils.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\BDKitUtils.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\BDMAVCached.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\BDMAVEng.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\BDMPerfMon.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\BDMRepBase.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\BDMRepMgr.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\BDUDiskGuard.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\bduf.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\blacksign.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\cache_config.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\ccesign.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\CompatibilityChecker.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\kav_verify.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\KavUpdate.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\monitor_config.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\scan_mgr_config.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\systemfile.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\TrustAndIso.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\virus_type.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\bdmantivirus\wverify.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMAVE.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMCommon.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMDbSqlite.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMDownload.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMEvents.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMFrameWork.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMNet.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMNetPlus.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMPatchAgent.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMReport.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMReportPlus.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMScriptVM.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMSDWrench.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMUpdate.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDMWindowsLib.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDPerflog.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BdSandCtl.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDShellExt.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BDShellExt64.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\DesktopToast.exe
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\DriverManager.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\drivers\BDMWrench_x64.sys
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\explugin\ieBaiduSDDetectPlug.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\FTSysFixer\SysFixerConfig.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\FTSysFixer\SysFixerLuaScript.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\FTSysFixer\SysFixerXMLScript.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\GameNoDisturb.ini
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\GCCallbackBind.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\GCCommunicate.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\GCScriptBind.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsClient.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\ad.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BaiduHips.exe
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BaiduHipsBugRpt.exe
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BaiduHipsBusiness.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BaiduHipsCore.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BaiduHipsIU.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BaiduHipsUpdate.exe
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BaiduPrevUIn.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\bd0001.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\bd0002.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDConfig.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDDriverFixer.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDLogicUtils.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMAVCached.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMAVEng.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMBase.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMDownload.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMFrameWork.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMLog.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMMsg.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMNet.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMPatchAgent.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMReport.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMStringUtils.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMTinyXml.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDMUpdate.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\BDPerflog.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\blacksign.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\cache_config.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\DriverManager.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\drivers\x64\bd0001.sys
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\drivers\x64\bd0002.sys
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\drivers\x64\BDArKit.sys
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\drivers\x64\BDDefense_x64.sys
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\drivers\x86\bd0001.sys
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\drivers\x86\bd0002.sys
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\drivers\x86\BDArKit.sys
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\drivers\x86\BDDefense.sys
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\hips_customer.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\hips_product.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\hips_self_enc.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\InstallCfg.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\NetService.ini
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\patch.7z
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\patch\placeholder_tmp
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\policy.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\systemfile.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\TrustAndIso.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\hipsengine\wverify.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\iexplore.exe.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\KVFixerConfigMgr.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\NetService.ini
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkv\BDKVVirusPlugins.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkv\KVMainframePluginContainerConfig.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkvrtpplugins\FileMon.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkvrtpplugins\fm.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkvrtpplugins\HIPSClient.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkvrtpplugins\PrivacyProtect.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkvrtpplugins\RtpContainerConfig.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkvtrayplugins\UserDetectionPlugin.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\bdkvtrayplugins\VersionCompatibilityPlugin.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\Cooly_PluginConfig.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\coolyplugins\CoolyContainerConfig.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\KVMainframe_PluginConfig.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\KVRtp_PluginConfig.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\KVTray_PluginConfig.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\Repair_PluginConfig.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\repairplugins\baidusdRepair.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\plugins\repairplugins\RepairPluginContainerConfig.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\policy_baidusd.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\PullUpConfig.xml
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\skin_engine.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\av_main_res.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\av_theme_res.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\color_desc.clr
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\common_msg_box_res.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\config_res.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\custom_scan_res.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\download_protect_res.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\file_monitor_tips_res.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\font_desc.f
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\hips_tips_res.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\pullup_weishi_res.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\recover_mgr_res.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\TrayPullUpWS.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\Skins\Default\update_result_res.rdb
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\ToastImage.png
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\ToastLogo.ico
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\websafe\DllInject.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\websafe\putips_wording.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\websafe\user_trusted_list.dat
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\websafe\WebMonBHO.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\websafe\WebMonHook.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\websafe\WebSafe.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\websafe\WebSafePlugin.dll
c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\websafe\white_list.dat
c:\program files (x86)\Common Files\Baidu
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\ad.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsBugRpt.exe
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsBusiness.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsCore.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsIU.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsUpdate.exe
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduPrevUIn.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\bd0001.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\bd0002.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDConfig.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDDriverFixer.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDLogicUtils.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMAVCached.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMAVEng.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMBase.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMDownload.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMFrameWork.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMLog.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMMsg.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMNet.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMPatchAgent.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMReport.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMStringUtils.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMTinyXml.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMUpdate.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDPerflog.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\blacksign.dat
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\cache_config.dat
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\DriverManager.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\drivers\bd0001.sys
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\drivers\bd0002.sys
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\drivers\BDArKit.sys
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\drivers\BDDefense_x64.sys
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\hips_customer.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\hips_product.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\hips_self_enc.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\InstallCfg.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\NetService.ini
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch.7z
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_HipsClient_2.1.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_HipsClient_2.1.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_HipsClient_2.3.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_HipsClient_2.3.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_PreU_2.1.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_PreU_2.3.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduSd_HipsClient_1.8.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduSd_HipsClient_1.8.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduSd_PreU_1.8.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\placeholder_tmp
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\policy.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\smr.dat
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\systemfile.dat
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\TrustAndIso.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\wverify.dat
c:\program files (x86)\Common Files\Baidu\BDDownload\108\7z.dll
c:\program files (x86)\Common Files\Baidu\BDDownload\108\bdcomproxy.dll
c:\program files (x86)\Common Files\Baidu\BDDownload\108\bddownloader.exe
c:\program files (x86)\Common Files\Baidu\BDDownload\108\dl.dll
c:\programdata\Baidu
c:\programdata\Baidu\BaiduHips\CachedDB_1\000047.log
c:\programdata\Baidu\BaiduHips\CachedDB_1\000048.sst
c:\programdata\Baidu\BaiduHips\CachedDB_1\CURRENT
c:\programdata\Baidu\BaiduHips\CachedDB_1\LOCK
c:\programdata\Baidu\BaiduHips\CachedDB_1\LOG
c:\programdata\Baidu\BaiduHips\CachedDB_1\LOG.old
c:\programdata\Baidu\BaiduHips\CachedDB_1\MANIFEST-000045
c:\programdata\Baidu\BaiduHips\Config\810.dat
c:\programdata\Baidu\BaiduHips\FileSignDB\000049.log
c:\programdata\Baidu\BaiduHips\FileSignDB\000050.sst
c:\programdata\Baidu\BaiduHips\FileSignDB\CURRENT
c:\programdata\Baidu\BaiduHips\FileSignDB\LOCK
c:\programdata\Baidu\BaiduHips\FileSignDB\LOG
c:\programdata\Baidu\BaiduHips\FileSignDB\LOG.old
c:\programdata\Baidu\BaiduHips\FileSignDB\MANIFEST-000047
c:\programdata\Baidu\BaiduHips\hipscache.db
c:\programdata\Baidu\BaiduSd\1412553497_rpt.dat
c:\programdata\Baidu\BaiduSd\CachedDB_1\000061.log
c:\programdata\Baidu\BaiduSd\CachedDB_1\000062.sst
c:\programdata\Baidu\BaiduSd\CachedDB_1\CURRENT
c:\programdata\Baidu\BaiduSd\CachedDB_1\LOCK
c:\programdata\Baidu\BaiduSd\CachedDB_1\LOG
c:\programdata\Baidu\BaiduSd\CachedDB_1\LOG.old
c:\programdata\Baidu\BaiduSd\CachedDB_1\MANIFEST-000059
c:\programdata\Baidu\BaiduSd\Config\4402.dat
c:\programdata\Baidu\BaiduSd\Config\804.dat
c:\programdata\Baidu\BaiduSd\Config\806.dat
c:\programdata\Baidu\BaiduSd\Config\809.dat
c:\programdata\Baidu\BaiduSd\Config\810.dat
c:\programdata\Baidu\BaiduSd\Config\810_1.dat
c:\programdata\Baidu\BaiduSd\Config\811.dat
c:\programdata\Baidu\BaiduSd\Config\812.dat
c:\programdata\Baidu\BaiduSd\Config\8500.dat
c:\programdata\Baidu\BaiduSd\Config\860.dat
c:\programdata\Baidu\BaiduSd\Config\8600.dat
c:\programdata\Baidu\BaiduSd\Config\900.dat
c:\programdata\Baidu\BaiduSd\Config\901.dat
c:\programdata\Baidu\BaiduSd\Config\902.dat
c:\programdata\Baidu\BaiduSd\FileSignDB\000033.log
c:\programdata\Baidu\BaiduSd\FileSignDB\CURRENT
c:\programdata\Baidu\BaiduSd\FileSignDB\LOCK
c:\programdata\Baidu\BaiduSd\FileSignDB\LOG
c:\programdata\Baidu\BaiduSd\FileSignDB\LOG.old
c:\programdata\Baidu\BaiduSd\FileSignDB\MANIFEST-000032
c:\programdata\Baidu\BaiduSd\IsolationDB.db
c:\programdata\Baidu\BaiduSd\privacy.db
c:\programdata\Baidu\BaiduSd\white_list.db
c:\programdata\Baidu\BDDownload\bddl.bca
c:\programdata\Baidu\BDDownload\bddlp.bca
c:\programdata\Baidu\Common\Global.db
c:\programdata\Baidu\Desktop\Global.db
c:\programdata\Baidu\SDWS\tmpFiles\BDLogicUtils.dll
c:\programdata\Baidu\SDWS\tmpFiles\BDMNet.dll
c:\programdata\Baidu\SDWS\tmpFiles\BDMNetGetInfo.dll
c:\programdata\Baidu\SDWS\tmpFiles\BDMReport.dll
c:\programdata\Tencent
c:\programdata\Tencent\QQPCMgr\BlackCacheData2.ini
c:\programdata\Tencent\QQPCMgr\dr.ini
c:\programdata\Tencent\QQPCMgr\dr_packet.dat
c:\programdata\Tencent\QQPCMgr\QMConfirm2.ini
c:\programdata\Tencent\QQPCMgr\QMFilemonRep.ini
c:\programdata\Tencent\QQPCMgr\RtpLogData.db
c:\programdata\Tencent\QQPCMgr\TaskLog.dat
c:\programdata\TXQMPC
c:\programdata\TXQMPC\DRLOG.dat
c:\programdata\TXQMPC\NWF3OptHis.HIS
c:\programdata\TXQMPC\TXGJFixConfig.DAT
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Legacy_BD0003
-------\Legacy_BDARKIT
-------\Legacy_BDDEFENSE
-------\Legacy_TSDEFENSEBT
-------\Legacy_TSSKX64
-------\Service_BaiduHips
-------\Service_bd0001
-------\Service_bd0002
-------\Service_bd0003
-------\Service_BDArKit
-------\Service_BDDefense
-------\Service_BDKVRTP
-------\Service_BdSandBox
-------\Service_TSDefenseBt
-------\Service_TSSKX64
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-25 do 2015-06-25 )))))))))))))))))))))))))))))))
.
.
2015-06-25 19:31 . 2015-06-25 19:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-25 15:13 . 2015-06-25 15:13 -------- d-----w- c:\programdata\SkidOrbit
2015-06-24 17:23 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1925DFE-CE8D-4A01-9BD2-E320A6E8A530}\mpengine.dll
2015-06-24 10:36 . 2015-06-24 10:13 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-24 10:13 . 2015-06-24 10:32 -------- d-----w- C:\zoek_backup
2015-06-23 19:42 . 2015-06-23 19:48 -------- d-----w- C:\AdwCleaner
2015-06-23 18:43 . 2015-06-23 18:43 -------- d-----w- C:\rsit
2015-06-23 18:43 . 2015-06-23 18:43 -------- d-----w- c:\program files\trend micro
2015-06-23 18:32 . 2015-06-23 18:32 0 ----a-w- c:\windows\prleth.sys
2015-06-23 18:32 . 2015-06-23 18:32 0 ----a-w- c:\windows\hgfs.sys
2015-06-23 16:43 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-23 16:32 . 2015-06-23 18:12 28984 ----a-w- c:\windows\SysWow64\drivers\TS888x64.sys
2015-06-22 18:29 . 2015-06-22 18:29 -------- d-----w- c:\users\ZDENK~2
2015-06-22 18:00 . 2015-06-22 17:59 99640 ----a-w- c:\windows\system32\drivers\TAOAccelerator64.sys
2015-06-22 17:59 . 2015-06-22 17:59 -------- d-----w- c:\users\Zden?
2015-06-22 17:59 . 2015-06-22 17:59 38200 ----a-w- c:\windows\system32\drivers\TSSKX64.sys
2015-06-22 17:59 . 2015-06-22 17:59 174392 ----a-w- c:\windows\system32\drivers\TAOKernel64.sys
2015-06-22 17:59 . 2015-06-22 17:59 87864 ----a-w- c:\windows\system32\drivers\TFsFltX64.sys
2015-06-22 17:56 . 2015-04-08 07:17 56136 ----a-w- c:\windows\system32\drivers\BDMWrench_x64.sys
2015-06-22 17:55 . 2015-04-08 07:17 152392 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2015-06-22 17:55 . 2015-04-08 07:17 103240 ----a-w- c:\windows\system32\drivers\BDDefense.sys
2015-06-22 17:55 . 2015-04-08 07:17 67400 ----a-w- c:\windows\system32\drivers\bd0003.sys
2015-06-22 17:55 . 2015-04-08 07:17 196936 ----a-w- c:\windows\system32\drivers\bd0002.sys
2015-06-22 17:55 . 2015-04-08 07:17 202576 ----a-w- c:\windows\system32\drivers\bd0001.sys
2015-06-22 17:55 . 2015-06-22 17:55 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Baidu
2015-06-22 17:54 . 2015-03-11 05:00 71056 ------w- c:\windows\system32\drivers\rsutils.sys
2015-06-22 17:54 . 2015-02-11 05:00 121072 ------w- c:\windows\system32\drivers\sysmon.sys
2015-06-22 17:54 . 2012-02-29 07:49 11888 ------w- c:\windows\system32\drivers\rsndisp.sys
2015-06-22 17:54 . 2015-06-22 17:54 -------- d-----w- c:\programdata\Rising
2015-06-22 17:54 . 2015-06-22 18:00 -------- d-----w- c:\program files (x86)\Rising
2015-06-22 17:30 . 2015-06-22 17:30 -------- d-----w- c:\program files\Ubisoft
2015-06-19 11:00 . 2015-03-26 19:59 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51ED816A-4883-4BD3-9D79-D829404EB168}\gapaengine.dll
2015-06-09 19:32 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-06-01 17:10 . 2015-06-01 17:10 -------- d-----w- c:\users\Zdeněk\AppData\Local\GWX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-23 17:40 . 2014-01-03 08:48 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-23 17:40 . 2014-01-03 08:48 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 16:37 . 2015-02-21 13:32 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-09 21:27 . 2014-01-03 11:27 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:38 . 2014-06-16 17:59 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-25 18:19 . 2015-06-09 19:32 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 19:32 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-09 19:32 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 19:32 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-09 19:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-13 20:30 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 20:30 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 16:52 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-13 16:52 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 02:56 . 2015-05-13 16:52 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 16:54 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 16:54 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 07:37 . 2015-02-21 13:31 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-02-21 13:31 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-01-07 16:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 16:53 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 16:52 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 16:52 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 16:52 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RSDTRAY"="c:\program files (x86)\Rising\RSD\popwndexe.exe" [2012-09-25 126808]
"QQPCTray"="c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTRAY.EXE" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv61xx.sys [x]
S0 sysmon;sysmon;c:\windows\system32\DRIVERS\sysmon.sys;c:\windows\SYSNATIVE\DRIVERS\sysmon.sys [x]
S1 BDMWrench_x64;BDMWrench_x64;c:\windows\system32\DRIVERS\BDMWrench_x64.sys;c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 rsutils;rsutils;c:\windows\system32\DRIVERS\rsutils.sys;c:\windows\SYSNATIVE\DRIVERS\rsutils.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [x]
S2 RsRavMon;Rav Service;c:\program files (x86)\Rising\RAV\ravmond.exe;c:\program files (x86)\Rising\RAV\ravmond.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VmbService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-03 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\TSWebMon64.dat [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.QMDeskTopGCIcon]
@="{B7667919-3765-4815-A66D-98A09BE662D6}"
[HKEY_CLASSES_ROOT\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]
c:\program files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMGCShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7541976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
TCP: Interfaces\{01919392-71EE-4495-9FEE-D3BA839FCCED}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{4E2608BF-D6A0-4680-BFC0-6AD30A8BC216}: NameServer = 217.77.165.81 217.77.161.131
FF - ProfilePath - c:\users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\gnisfrvf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\10.9.16350.226\\QQPCTRAY.EXE\" /regrun /qqrepair"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
.
**************************************************************************
.
Celkový čas: 2015-06-25 21:41:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-06-25 19:41
ComboFix2.txt 2015-06-25 10:21
ComboFix3.txt 2015-06-24 14:00
ComboFix4.txt 2015-06-24 11:31
.
Před spuštěním: Volných bajtů: 71 956 307 968
Po spuštění: Volných bajtů: 71 740 301 312
.
- - End Of File - - EDD3C6985D2C940E959B7B8D6CF3FA31
A36C5E4F47E84449FF07ED3517B43A31

VIRY.CZ

Preventivka - spíše tam toho najdeme!

Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!

Re: Preventivka - spíše tam toho najdeme!