VIRY.CZ

Dobrý den,

objevila se mi v PC potvora Neshta. Kamarád mi doporučil ComboFix.
Neshta se mi stále objevuje, již sem odinstaloval Spybot. Používám antivir Avira.

Zde přikládám log z ComboFixu,

děkuji moc za kontrolu..

***********************************************************************************************************************
ComboFix 15-07-10.01 - user . 07. 2015 22:52:07.1.8 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.8081.5596 [GMT 2:00]
Spuštěný z: c:\users\user\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Phone\Skype.exe
c:\programdata\4812644201181863510
c:\programdata\4812644201181863510\07870b539a388c2b0006073755508bdd.ini
c:\programdata\4812644201181863510\1cbae057a4d1d4580006073755508bdd.ini
c:\programdata\4812644201181863510\25bedd18880898ff0006073755508bdd.ini
c:\programdata\4812644201181863510\2a0b23fa8d6e74d40006073755508bdd.ini
c:\programdata\4812644201181863510\465f8e59c1c2d7740006073755508bdd.ini
c:\programdata\4812644201181863510\48b7d16c1455ab250006073755508bdd.ini
c:\programdata\4812644201181863510\4ab07dd0adbafc360006073755508bdd.ini
c:\programdata\4812644201181863510\62dd3921369ec2f60006073755508bdd.ini
c:\programdata\4812644201181863510\7f34a1ce87ee8a850006073755508bdd.ini
c:\programdata\4812644201181863510\8c84dcdc46445dd60006073755508bdd.ini
c:\programdata\4812644201181863510\c17d33934423380b0006073755508bdd.ini
c:\programdata\4812644201181863510\cd5b15e575e1c3d00006073755508bdd.ini
c:\programdata\4812644201181863510\f6f6eb7fa6ec98570006073755508bdd.ini
c:\users\user\AppData\Local\.#
c:\users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\directx.sys
c:\windows\msdownld.tmp
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-11 do 2015-07-11 )))))))))))))))))))))))))))))))
.
.
2015-07-11 20:59 . 2015-07-11 20:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-07-11 20:59 . 2015-07-11 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-11 20:59 . 2015-07-11 20:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-07-11 10:10 . 2015-07-11 10:10 -------- d-----w- c:\users\user\AppData\Roaming\Avira
2015-07-11 10:08 . 2015-06-16 07:36 43576 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-07-11 10:08 . 2015-06-16 07:36 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-07-11 10:08 . 2015-06-16 07:36 132656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-07-11 10:08 . 2015-06-16 07:36 153256 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-07-11 10:05 . 2015-07-11 10:08 -------- d-----w- c:\programdata\Avira
2015-07-11 10:05 . 2015-07-11 10:08 -------- d-----w- c:\program files (x86)\Avira
2015-07-11 09:17 . 2015-07-11 09:17 -------- d-----w- c:\users\user\Tracing
2015-07-10 18:24 . 2015-07-10 18:24 -------- d-----w- c:\program files (x86)\Battle.net
2015-07-10 16:08 . 2015-07-10 17:58 -------- d-----w- c:\users\user\AppData\Roaming\GameRanger
2015-06-27 20:37 . 2015-07-10 19:11 -------- d-----w- c:\users\user\AppData\Roaming\Trine2
2015-06-24 11:49 . 2015-06-24 11:49 -------- d-----w- c:\programdata\Battle.net
2015-06-22 19:45 . 2015-06-22 19:46 -------- d-----w- c:\program files (x86)\The KMPlayer
2015-06-22 18:18 . 2015-06-22 18:18 -------- d-----w- c:\users\user\AppData\Local\GHISLER
2015-06-22 18:18 . 2015-06-22 18:18 -------- d-----w- c:\users\user\AppData\Roaming\GHISLER
2015-06-22 18:15 . 2015-06-24 11:23 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-06-22 17:58 . 2015-06-22 17:58 -------- d-----w- c:\program files (x86)\Alcohol Soft
2015-06-22 17:54 . 2015-06-22 17:54 868848 ----a-w- c:\windows\system32\drivers\sptd.sys
2015-06-22 17:52 . 2015-06-22 17:52 -------- d-----w- c:\program files (x86)\Franzis
2015-06-21 22:04 . 2015-06-22 19:04 -------- d-----w- c:\users\user\AppData\Roaming\Thinstall
2015-06-21 22:04 . 2015-06-21 22:04 -------- d-----w- c:\users\user\AppData\Local\Thinstall
2015-06-21 11:04 . 2015-06-21 11:04 -------- d-----w- c:\programdata\Steam
2015-06-17 10:43 . 2015-06-24 10:45 -------- d-----w- c:\programdata\{a5171ff4-18db-4ebe-a517-71ff418d7fd0}
2015-06-13 14:32 . 2015-07-02 19:59 -------- d-----w- c:\users\user\AppData\Roaming\TS3Client
2015-06-13 14:32 . 2015-06-13 14:32 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-06-13 08:00 . 2015-06-24 11:21 -------- d-----w- c:\program files\Common Files\AV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-11 21:03 . 2015-02-12 20:13 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-05 04:42 . 2014-11-27 20:39 269992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2015-06-18 06:42 . 2015-02-12 20:13 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2015-02-12 20:13 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2015-02-12 20:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-12 08:43 . 2014-11-18 06:39 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-04-29 22:01 . 2015-04-29 22:01 23200 ----a-w- c:\windows\system32\drivers\wdcsam64.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2015-07-08 03:54 2426256 ----a-w- c:\program files (x86)\AVG Web TuneUp\4.1.4.948\AVG Web TuneUp.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-02-26 21:41 233128 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-02-26 21:41 233128 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-02-26 21:41 233128 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 09:17 683200 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-02-27 5583120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-30 1517056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-05-23 502328]
"vProt"="c:\program files (x86)\AVG Web TuneUp\vprot.exe" [2015-07-08 3174800]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-06-02 134368]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-06-16 730416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 c6a5f59a;RelayEdit;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x]
R3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\e22w8x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w8x64.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]
R3 xusb22;Služba ovladače bezdrátového přijímače Xbox 360, 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\SCM\MSIService.exe;c:\program files (x86)\SCM\MSIService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater18.7.0;vToolbarUpdater18.7.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [x]
S2 WtuSystemSupport;WtuSystemSupport;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\System32\drivers\dtlitescsibus.sys;c:\windows\SYSNATIVE\drivers\dtlitescsibus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NETwNe64;@oem4.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-02-26 21:41 260776 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-02-26 21:41 260776 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-02-26 21:41 260776 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 09:17 803520 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-27 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-27 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-27 441152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-27 13192848]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-08-27 11577216]
"Radio Manager"="c:\program files (x86)\SCM\Radio Manager.exe" [2012-09-13 403848]
"SCM"="c:\program files (x86)\SCM\SCM.exe" [2012-09-13 399776]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-04-20 161984]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://mysearch.avg.com/?cid={991B480E ... 2014-11-24 18:48&v=4.1.0.411&pid=wtu&sg=&sap=hp
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: Odeslat do Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2nsbnboc.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-uTorrent - c:\users\user\AppData\Roaming\uTorrent\uTorrent.exe
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ike Ike! Nekketsu Hockey Bu - Subette Koronde Dai Rantou.lnk - c:\programdata\{c4ee3e10-6c59-b865-c4ee-e3e106c5f841}\Ike Ike! Nekketsu Hockey Bu - Subette Koronde Dai Rantou.exe --startup=1
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pokemon FireRed.lnk - c:\programdata\{9864b5c8-0a48-dab8-9864-4b5c80a4d720}\Pokemon FireRed.exe --startup=1
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-pcsx2-r5875 - d:\pcsx2 1.2.1\Uninst-pcsx2-r5875.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-uTorrent - c:\users\user\AppData\Roaming\uTorrent\uTorrent.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
c:\program files (x86)\AVG Web TuneUp\avgcefrend.exe
c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2015-07-11 23:08:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-07-11 21:08
.
Před spuštěním: 270 114 082 816 bytes free
Po spuštění: 269 821 632 512 bytes free
.
- - End Of File - - 6CF12F888FC0B9AA95E5AC9757B90158

Zdravim

Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umi s nim kamarad pracovat (spusteni, rozlusteni logu, napsani skriptu)

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Dobré ráno,

velice děkuji za rychlou odpověď.. Stydím se, protože i já sem před několika lety vystudoval výpočetní techniku, ale tím, že jsem se o obor dále nezajímal, už jsem se ztratil, a onen zmíněný kamarád, pracuje jako IT. Ale myslím si, že s programem CF, nemá zkušenosti. Trvdí ale, že mu CF pomohl, zbavit se Neshta viru, což mi přijde jako nesmysl po tom, co vše jsem se dočetl zde na forum... Je mi líto, že jsem sem nezavítal už před tím a nenechal si poradit od Vás.

Na Vaší radu stáhnu AdwCleaner a přidám log.

zde je log z adwCleaneru

*****************************************************************

# AdwCleaner v4.208 - Log vytvořen 12/07/2015 v 07:14:02
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-11.1 [Server]
# Operační system : Windows 8 (x64)
# Uživatelské jméno : user - MSI
# Spuštěno z : C:\Users\user\Desktop\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : c6a5f59a
[#] Služba Smazáno : vToolbarUpdater18.7.0

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\AVG Secure Search
Složka Smazáno : C:\ProgramData\AVG Security Toolbar
Složka Smazáno : C:\ProgramData\Avg_Update_0215tb
Složka Smazáno : C:\ProgramData\Avg_Update_1214tb
Složka Smazáno : C:\ProgramData\{9864b5c8-0a48-dab8-9864-4b5c80a4d720}
Složka Smazáno : C:\ProgramData\{a5171ff4-18db-4ebe-a517-71ff418d7fd0}
Složka Smazáno : C:\ProgramData\{c4ee3e10-6c59-b865-c4ee-e3e106c5f841}
Složka Smazáno : C:\Program Files (x86)\RelayEdit
Složka Smazáno : C:\Program Files (x86)\PrICeMaInus
Složka Smazáno : C:\Program Files (x86)\Common Files\AVG Secure Search
Složka Smazáno : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2nsbnboc.default\Extensions\Avg@toolbar
Soubor Smazáno : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2nsbnboc.default\searchplugins\avg-secure-search.xml
Soubor Smazáno : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

Zástupce Vyléčeno : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoodGameEmpire\GoodGameEmpire.lnk
Zástupce Vyléčeno : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GoodGameEmpire.lnk

***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Klíč Smazáno : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Klíč Smazáno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíč Smazáno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Klíč Smazáno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Klíč Smazáno : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Klíč Smazáno : HKLM\SOFTWARE\9b897857-9013-0bd4-45b7-8b8c4eeadf84
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč Smazáno : HKCU\Software\Avg Secure Update
Klíč Smazáno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíč Smazáno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíč Smazáno : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Prohlížeče ] *****

-\\ Internet Explorer v10.0.9200.16442

-\\ Mozilla Firefox v39.0 (x86 cs)

[2nsbnboc.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Extension] : fcijkonhppildbjgkdaglmeoeemcldha

-\\ Chromium v

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [6119 bytů] - [12/07/2015 07:13:17]
AdwCleaner[S0].txt - [5759 bytů] - [12/07/2015 07:14:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5817 bytů] ##########

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\programdata\{a5171ff4-18db-4ebe-a517-71ff418d7fd0}
c:\program files (x86)\AVG Web TuneUp

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"=-
"SDTray"=-

Driver::
c6a5f59a

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 15-07-10.01 - user . 07. 2015 9:01.2.8 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.8081.6548 [GMT 2:00]
Spuštěný z: c:\users\user\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\user\Desktop\CFScript.txt
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG Web TuneUp
c:\program files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll
c:\program files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp_toolbar.dll
c:\program files (x86)\AVG Web TuneUp\4.1.0.411\install.ini
c:\program files (x86)\AVG Web TuneUp\4.1.4.948\AVG Web TuneUp.dll
c:\program files (x86)\AVG Web TuneUp\4.1.4.948\install.ini
c:\program files (x86)\AVG Web TuneUp\AVG Web TuneUp
c:\program files (x86)\AVG Web TuneUp\avgcefrend.exe
c:\program files (x86)\AVG Web TuneUp\BundleInstall.exe
c:\program files (x86)\AVG Web TuneUp\BundleInstall\_._
c:\program files (x86)\AVG Web TuneUp\BundleInstaller.ini
c:\program files (x86)\AVG Web TuneUp\buttonicon.ico
c:\program files (x86)\AVG Web TuneUp\configuration.xml
c:\program files (x86)\AVG Web TuneUp\crash.avgdx
c:\program files (x86)\AVG Web TuneUp\data.zip
c:\program files (x86)\AVG Web TuneUp\DSPDlg_IE\all.css
c:\program files (x86)\AVG Web TuneUp\DSPDlg_IE\btn-ok2.gif
c:\program files (x86)\AVG Web TuneUp\DSPDlg_IE\downBtn.png
c:\program files (x86)\AVG Web TuneUp\DSPDlg_IE\DSPDlg_IE.html
c:\program files (x86)\AVG Web TuneUp\DSPDlg_IE\logo2.png
c:\program files (x86)\AVG Web TuneUp\DSPDlg_IE\Thumbs.db
c:\program files (x86)\AVG Web TuneUp\DSPDlg_IE\upBtn.png
c:\program files (x86)\AVG Web TuneUp\EnableHelperRes\EEImageHandler.html
c:\program files (x86)\AVG Web TuneUp\EnableHelperRes\Images\box_ie.png
c:\program files (x86)\AVG Web TuneUp\EnableHelperRes\Images\Thumbs.db
c:\program files (x86)\AVG Web TuneUp\favicon.ico
c:\program files (x86)\AVG Web TuneUp\FireFoxSearchXml.tmp
c:\program files (x86)\AVG Web TuneUp\ChConfirmHelperRes\enhancedHelper.js
c:\program files (x86)\AVG Web TuneUp\ChConfirmHelperRes\ExtensionGuard.html
c:\program files (x86)\AVG Web TuneUp\ChConfirmHelperRes\Images\button.png
c:\program files (x86)\AVG Web TuneUp\ChConfirmHelperRes\Images\laptop.png
c:\program files (x86)\AVG Web TuneUp\ChConfirmHelperRes\Images\logo.png
c:\program files (x86)\AVG Web TuneUp\ChConfirmHelperRes\Images\safe-wt.png
c:\program files (x86)\AVG Web TuneUp\ChConfirmHelperRes\Images\shield.png
c:\program files (x86)\AVG Web TuneUp\ChConfirmHelperRes\Images\site-safe.png
c:\program files (x86)\AVG Web TuneUp\ChConfirmHelperRes\Images\sitesafety.png
c:\program files (x86)\AVG Web TuneUp\ChConfirmHelperRes\Images\x.png
c:\program files (x86)\AVG Web TuneUp\ChConfirmHelperRes\jquery-1.8.1.min.js
c:\program files (x86)\AVG Web TuneUp\ChromeGuardRes\avg_logo_medium.png
c:\program files (x86)\AVG Web TuneUp\ChromeGuardRes\cg.css
c:\program files (x86)\AVG Web TuneUp\ChromeGuardRes\cg.js
c:\program files (x86)\AVG Web TuneUp\ChromeGuardRes\ChromeGuadDsp.html
c:\program files (x86)\AVG Web TuneUp\ChromeGuardRes\jquery-1.8.1.min.js
c:\program files (x86)\AVG Web TuneUp\ChromeGuardRes\Thumbs.db
c:\program files (x86)\AVG Web TuneUp\ChromeRes\AVG Nation toolbar\nt28_2.html
c:\program files (x86)\AVG Web TuneUp\ChromeRes\AVG SafeGuard toolbar\nt28_2.html
c:\program files (x86)\AVG Web TuneUp\ChromeRes\AVG Secure Search\nt28_2.html
c:\program files (x86)\AVG Web TuneUp\ChromeRes\AVG Web TuneUp\nt28_2.html
c:\program files (x86)\AVG Web TuneUp\ChromeRes\nt.html
c:\program files (x86)\AVG Web TuneUp\ChromeRes\nt28_2.js
c:\program files (x86)\AVG Web TuneUp\icudt.dll
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\ie_dsp_step1.html
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\ie_dsp_step2.html
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\ie_dsp1.css
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\ie_dsp1.js
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\ie_dsp2.css
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\ie_dsp2.js
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\Images\arrow-up.png
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\Images\arrow.png
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\Images\avg_logo.png
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\Images\box-bottom-small.png
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\Images\box-bottom.png
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\Images\box-middle.png
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\Images\box-top-small.png
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\Images\box-top.png
c:\program files (x86)\AVG Web TuneUp\IeDspHelperRes\jquery-1.8.1.min.js
c:\program files (x86)\AVG Web TuneUp\IERes\OfflineCEF.html
c:\program files (x86)\AVG Web TuneUp\libcef.dll
c:\program files (x86)\AVG Web TuneUp\Licenses\CPOL license.txt
c:\program files (x86)\AVG Web TuneUp\Licenses\Encoding_decoding_base64.txt
c:\program files (x86)\AVG Web TuneUp\Licenses\hmac.txt
c:\program files (x86)\AVG Web TuneUp\Licenses\LICENSE-bsdiff.txt
c:\program files (x86)\AVG Web TuneUp\Licenses\LICENSE-bzip.txt
c:\program files (x86)\AVG Web TuneUp\Licenses\LICENSE-JasonCpp.txt
c:\program files (x86)\AVG Web TuneUp\Licenses\LICENSE-MPL-NPAPI.txt
c:\program files (x86)\AVG Web TuneUp\Licenses\LICENSE-sparsehash.txt
c:\program files (x86)\AVG Web TuneUp\Licenses\Log4CPlus.txt
c:\program files (x86)\AVG Web TuneUp\Licenses\PassthruApp.txt
c:\program files (x86)\AVG Web TuneUp\lip.exe
c:\program files (x86)\AVG Web TuneUp\locales\am.pak
c:\program files (x86)\AVG Web TuneUp\locales\ar.pak
c:\program files (x86)\AVG Web TuneUp\locales\bg.pak
c:\program files (x86)\AVG Web TuneUp\locales\bn.pak
c:\program files (x86)\AVG Web TuneUp\locales\ca.pak
c:\program files (x86)\AVG Web TuneUp\locales\cs.pak
c:\program files (x86)\AVG Web TuneUp\locales\da.pak
c:\program files (x86)\AVG Web TuneUp\locales\de.pak
c:\program files (x86)\AVG Web TuneUp\locales\el.pak
c:\program files (x86)\AVG Web TuneUp\locales\en-GB.pak
c:\program files (x86)\AVG Web TuneUp\locales\en-US.pak
c:\program files (x86)\AVG Web TuneUp\locales\es-419.pak
c:\program files (x86)\AVG Web TuneUp\locales\es.pak
c:\program files (x86)\AVG Web TuneUp\locales\et.pak
c:\program files (x86)\AVG Web TuneUp\locales\fa.pak
c:\program files (x86)\AVG Web TuneUp\locales\fi.pak
c:\program files (x86)\AVG Web TuneUp\locales\fil.pak
c:\program files (x86)\AVG Web TuneUp\locales\fr.pak
c:\program files (x86)\AVG Web TuneUp\locales\gu.pak
c:\program files (x86)\AVG Web TuneUp\locales\he.pak
c:\program files (x86)\AVG Web TuneUp\locales\hi.pak
c:\program files (x86)\AVG Web TuneUp\locales\hr.pak
c:\program files (x86)\AVG Web TuneUp\locales\hu.pak
c:\program files (x86)\AVG Web TuneUp\locales\id.pak
c:\program files (x86)\AVG Web TuneUp\locales\it.pak
c:\program files (x86)\AVG Web TuneUp\locales\ja.pak
c:\program files (x86)\AVG Web TuneUp\locales\kn.pak
c:\program files (x86)\AVG Web TuneUp\locales\ko.pak
c:\program files (x86)\AVG Web TuneUp\locales\lt.pak
c:\program files (x86)\AVG Web TuneUp\locales\lv.pak
c:\program files (x86)\AVG Web TuneUp\locales\ml.pak
c:\program files (x86)\AVG Web TuneUp\locales\mr.pak
c:\program files (x86)\AVG Web TuneUp\locales\ms.pak
c:\program files (x86)\AVG Web TuneUp\locales\nb.pak
c:\program files (x86)\AVG Web TuneUp\locales\nl.pak
c:\program files (x86)\AVG Web TuneUp\locales\pl.pak
c:\program files (x86)\AVG Web TuneUp\locales\pt-BR.pak
c:\program files (x86)\AVG Web TuneUp\locales\pt-PT.pak
c:\program files (x86)\AVG Web TuneUp\locales\ro.pak
c:\program files (x86)\AVG Web TuneUp\locales\ru.pak
c:\program files (x86)\AVG Web TuneUp\locales\sk.pak
c:\program files (x86)\AVG Web TuneUp\locales\sl.pak
c:\program files (x86)\AVG Web TuneUp\locales\sr.pak
c:\program files (x86)\AVG Web TuneUp\locales\sv.pak
c:\program files (x86)\AVG Web TuneUp\locales\sw.pak
c:\program files (x86)\AVG Web TuneUp\locales\ta.pak
c:\program files (x86)\AVG Web TuneUp\locales\te.pak
c:\program files (x86)\AVG Web TuneUp\locales\th.pak
c:\program files (x86)\AVG Web TuneUp\locales\tr.pak
c:\program files (x86)\AVG Web TuneUp\locales\uk.pak
c:\program files (x86)\AVG Web TuneUp\locales\vi.pak
c:\program files (x86)\AVG Web TuneUp\locales\zh-CN.pak
c:\program files (x86)\AVG Web TuneUp\locales\zh-TW.pak
c:\program files (x86)\AVG Web TuneUp\remote_configuration.xml
c:\program files (x86)\AVG Web TuneUp\setup.bmp
c:\program files (x86)\AVG Web TuneUp\TBAPI.dll
c:\program files (x86)\AVG Web TuneUp\TBRDialog\images\avg_logo.png
c:\program files (x86)\AVG Web TuneUp\TBRDialog\images\toolbar-remover-icon.png
c:\program files (x86)\AVG Web TuneUp\TBRDialog\images\toolbar_ok_btn.png
c:\program files (x86)\AVG Web TuneUp\TBRDialog\jquery.js
c:\program files (x86)\AVG Web TuneUp\TBRDialog\styles\toolbar-remover-dialog.css
c:\program files (x86)\AVG Web TuneUp\TBRDialog\toolbar-remover-dialog.html
c:\program files (x86)\AVG Web TuneUp\Uninstall.exe
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\avg-logo.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\cleaner.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\gray_button_left.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\gray_button_right.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\light_button_left.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\light_button_right.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\privacy.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\progressBarLeft.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\progressBarRight.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\progressBarTile.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\safety.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\Thumbs.db
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\top-bg.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\webtuneup.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\images\uninstaller\x.png
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\libs\jquery.min.js
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\styles\bootstrap-2.3.2.min.css
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\styles\fonts\AVGSans-Bold.eot
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\styles\fonts\AVGSans-Book.eot
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\styles\fonts\AVGSans-Light.eot
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\styles\uninstaller.css
c:\program files (x86)\AVG Web TuneUp\UninstallRes\ClientPackage\uninstall.html
c:\program files (x86)\AVG Web TuneUp\vprot.exe
c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
c:\users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WtuSystemSupport
-------\Legacy_WtuSystemSupport
-------\Service_WtuSystemSupport
-------\Service_WtuSystemSupport
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-12 do 2015-07-12 )))))))))))))))))))))))))))))))
.
.
2015-07-12 07:08 . 2015-07-12 07:08 -------- d-----w- c:\users\user\AppData\Local\temp
2015-07-12 07:08 . 2015-07-12 07:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-07-12 07:08 . 2015-07-12 07:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-12 07:08 . 2015-07-12 07:08 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-07-12 05:11 . 2015-07-12 05:20 -------- d-----w- C:\AdwCleaner
2015-07-11 10:10 . 2015-07-11 10:10 -------- d-----w- c:\users\user\AppData\Roaming\Avira
2015-07-11 10:08 . 2015-06-16 07:36 43576 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-07-11 10:08 . 2015-06-16 07:36 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-07-11 10:08 . 2015-06-16 07:36 132656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-07-11 10:08 . 2015-06-16 07:36 153256 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-07-11 10:05 . 2015-07-11 10:08 -------- d-----w- c:\programdata\Avira
2015-07-11 10:05 . 2015-07-11 10:08 -------- d-----w- c:\program files (x86)\Avira
2015-07-11 09:17 . 2015-07-11 09:17 -------- d-----w- c:\users\user\Tracing
2015-07-10 18:24 . 2015-07-10 18:24 -------- d-----w- c:\program files (x86)\Battle.net
2015-07-10 16:08 . 2015-07-10 17:58 -------- d-----w- c:\users\user\AppData\Roaming\GameRanger
2015-06-27 20:37 . 2015-07-10 19:11 -------- d-----w- c:\users\user\AppData\Roaming\Trine2
2015-06-24 11:49 . 2015-06-24 11:49 -------- d-----w- c:\programdata\Battle.net
2015-06-22 19:45 . 2015-06-22 19:46 -------- d-----w- c:\program files (x86)\The KMPlayer
2015-06-22 18:18 . 2015-06-22 18:18 -------- d-----w- c:\users\user\AppData\Local\GHISLER
2015-06-22 18:18 . 2015-06-22 18:18 -------- d-----w- c:\users\user\AppData\Roaming\GHISLER
2015-06-22 18:15 . 2015-06-24 11:23 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-06-22 17:58 . 2015-06-22 17:58 -------- d-----w- c:\program files (x86)\Alcohol Soft
2015-06-22 17:54 . 2015-06-22 17:54 868848 ----a-w- c:\windows\system32\drivers\sptd.sys
2015-06-22 17:52 . 2015-06-22 17:52 -------- d-----w- c:\program files (x86)\Franzis
2015-06-21 22:04 . 2015-06-22 19:04 -------- d-----w- c:\users\user\AppData\Roaming\Thinstall
2015-06-21 22:04 . 2015-06-21 22:04 -------- d-----w- c:\users\user\AppData\Local\Thinstall
2015-06-21 11:04 . 2015-06-21 11:04 -------- d-----w- c:\programdata\Steam
2015-06-13 14:32 . 2015-07-02 19:59 -------- d-----w- c:\users\user\AppData\Roaming\TS3Client
2015-06-13 14:32 . 2015-06-13 14:32 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-06-13 08:00 . 2015-06-24 11:21 -------- d-----w- c:\program files\Common Files\AV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-12 07:11 . 2015-02-12 20:13 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-05 04:42 . 2014-11-27 20:39 269992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2015-06-18 06:42 . 2015-02-12 20:13 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2015-02-12 20:13 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2015-02-12 20:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-12 08:43 . 2014-11-18 06:39 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-04-29 22:01 . 2015-04-29 22:01 23200 ----a-w- c:\windows\system32\drivers\wdcsam64.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-02-26 21:41 233128 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-02-26 21:41 233128 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-02-26 21:41 233128 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 09:17 683200 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-30 1517056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-05-23 502328]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-06-02 134368]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-06-16 730416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x]
R3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\e22w8x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w8x64.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]
R3 xusb22;Služba ovladače bezdrátového přijímače Xbox 360, 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\SCM\MSIService.exe;c:\program files (x86)\SCM\MSIService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\System32\drivers\dtlitescsibus.sys;c:\windows\SYSNATIVE\drivers\dtlitescsibus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NETwNe64;@oem4.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-02-26 21:41 260776 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-02-26 21:41 260776 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-02-26 21:41 260776 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 09:17 803520 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-27 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-27 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-27 441152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-27 13192848]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-08-27 11577216]
"Radio Manager"="c:\program files (x86)\SCM\Radio Manager.exe" [2012-09-13 403848]
"SCM"="c:\program files (x86)\SCM\SCM.exe" [2012-09-13 399776]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-04-20 161984]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://mysearch.avg.com/?cid={991B480E ... 2014-11-24 18:48&v=4.1.0.411&pid=wtu&sg=&sap=hp
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: Odeslat do Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2nsbnboc.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-AVG Web TuneUp - c:\program files (x86)\AVG Web TuneUp\UNINSTALL.exe
AddRemove-pcsx2-r5875 - d:\pcsx2 1.2.1\Uninst-pcsx2-r5875.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2015-07-12 09:16:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-07-12 07:16
ComboFix2.txt 2015-07-11 21:08
.
Před spuštěním: 272 455 544 832 bytes free
Po spuštění: 271 835 512 832 bytes free
.
- - End Of File - - 577A074240A249C469F3E906DE613D99

Jak se chova PC??

Vše naskočilo tak jak má.

Čekám zda antivir nalezne opět nějakou mršku.

Tak to sledujte a pak napiste, at uklidime po pouzitych nastrojich

Dobře.. prozatím děkuji.. určitě se ozvu a velice rád Vaše fórum podpořím..

Za podporu fora predem jmenem celeho tymu dekuji

Po tříhodinovém skenu Aviry, bylo nalezeno cca 52 detekovaných souborů, což je podstatně méně než předtím.

Vše samozřejmě Neshta..

Asi se té potvory jen tak nezbavím.

nejhorší je, že PC se chová, alespoň zatím, jakoby nic..

Muzete mi prosim dat screen tech nalezu, kde je nasla...

Zde je log z Aviry s nálezy.. jedná se převážně hry ze steamu, battle.net (blizzard), ale take emulatory na gameboy a psx.

Smažu rád cokoliv mi řeknete... jen abych se toho neřádu zbavil..

Starting the file scan:

Begin scan in 'C:\' <OS_Install>
C:\Program Files (x86)\Steam\SteamApps\common\Max Payne 3\MP3_Installers\vcredist_x86.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Max Payne 3\MP3_Installers\DirectX\DXSETUP.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\DirectX10\DXSETUP.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\DotNetFX\dotnetfx35setup.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\VCRedist\vcredist_x86.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\editor_initialize.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\trine2_launcher.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\mod\editor\bin\dotNetFx40_Full_setup.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\mod\editor\bin\vcredist_x64_64bit.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\mod\editor\bin\vcredist_x86_32bit.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\tools\archiver.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\tools\luac.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\tools\luac_x64.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\_DirectX_Trine2\DXSETUP.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher64.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Users\user\AppData\Local\Microsoft\Redist\dxsetup.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Users\user\AppData\Local\Microsoft\Redist\install.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Users\user\AppData\Local\Microsoft\SkyDrive\Update\skydrivesetup.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_37594.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.3_40097.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Users\user\Documents\z flashky\NHLko\NHL 09 crack,keygen,cz dabing\NHL 09 crack,keygen,cz dabing by kropovez\Čeština s dabingem\NHL09_CZ.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Users\user\Downloads\f3cz\STEAM_FALLOUT 3_GOTY_čeština\Fallout3CZ_1.0.0.15_patch.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Users\user\Downloads\f3cz\STEAM_FALLOUT 3_GOTY_čeština\Fallout_3_Broken_Steel_CZ\Fallout_3_Broken_Steel_CZ\fomm_0_10_2-640.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Windows\System32\Drivers\sptd.sys
[WARNING] The file could not be opened!
C:\Windows.old\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZMTX9DP\OEMScanner[1].exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Windows.old\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMYZ0SAD\Firefox Setup Stub 31.0.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
C:\Windows.old\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMYZ0SAD\NLRemovePCCU2[1].exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
Begin scan in 'D:\' <Data>
D:\DA CZ\GolemCZ.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\DA CZ\LelianaCZ.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\DA CZ\WitchCZ.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Halo 1\DirectX\dxsetup.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Halo 1\Files\HALO.EXE
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Halo 1\Redist\GSArcade.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Halo 1\Redist\InstMsiA.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Halo 1\Redist\InstMsiW.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Halo 1\Redist\ShFolder.Exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\NAMCO\Tekken 3\psxfin.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\NAMCO\Tekken 3\utils\cdztool.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Program Files (x86)\Czech Soccer Manager 2001\uninstall.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Program Files (x86)\Diablo\Diablo III\InspectorReporter\BlizzardError.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Program Files (x86)\Diablo\StarCraft II\Support\BlizzardError.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Program Files (x86)\Diablo\StarCraft II\Support\ErrorReporter.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Program Files (x86)\World of Warcraft\World of Warcraft\BlizzardError.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\Program Files (x86)\World of Warcraft\World of Warcraft\Utils\WowBrowserProxyT.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\PSX\ePSXe.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
D:\VisualBoyAdvance-1.8.0-beta3\VisualBoyAdvance.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus

Beginning disinfection:
D:\VisualBoyAdvance-1.8.0-beta3\VisualBoyAdvance.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\PSX\ePSXe.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Program Files (x86)\World of Warcraft\World of Warcraft\Utils\WowBrowserProxyT.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Program Files (x86)\World of Warcraft\World of Warcraft\BlizzardError.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Program Files (x86)\Diablo\StarCraft II\Support\ErrorReporter.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Program Files (x86)\Diablo\StarCraft II\Support\BlizzardError.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Program Files (x86)\Diablo\Diablo III\InspectorReporter\BlizzardError.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Program Files (x86)\Czech Soccer Manager 2001\uninstall.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\NAMCO\Tekken 3\utils\cdztool.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\NAMCO\Tekken 3\psxfin.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Halo 1\Redist\ShFolder.Exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Halo 1\Redist\InstMsiW.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Halo 1\Redist\InstMsiA.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Halo 1\Redist\GSArcade.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Halo 1\Files\HALO.EXE
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\Halo 1\DirectX\dxsetup.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\DA CZ\WitchCZ.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\DA CZ\LelianaCZ.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
D:\DA CZ\GolemCZ.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Windows.old\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMYZ0SAD\NLRemovePCCU2[1].exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Windows.old\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMYZ0SAD\Firefox Setup Stub 31.0.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Windows.old\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZMTX9DP\OEMScanner[1].exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Users\user\Downloads\f3cz\STEAM_FALLOUT 3_GOTY_čeština\Fallout_3_Broken_Steel_CZ\Fallout_3_Broken_Steel_CZ\fomm_0_10_2-640.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Users\user\Downloads\f3cz\STEAM_FALLOUT 3_GOTY_čeština\Fallout3CZ_1.0.0.15_patch.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Users\user\Documents\z flashky\NHLko\NHL 09 crack,keygen,cz dabing\NHL 09 crack,keygen,cz dabing by kropovez\Čeština s dabingem\NHL09_CZ.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.3_40097.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_37594.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Users\user\AppData\Local\Microsoft\SkyDrive\Update\skydrivesetup.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Users\user\AppData\Local\Microsoft\Redist\install.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Users\user\AppData\Local\Microsoft\Redist\dxsetup.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher64.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\_DirectX_Trine2\DXSETUP.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\tools\luac_x64.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\tools\luac.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\tools\archiver.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\mod\editor\bin\vcredist_x86_32bit.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\mod\editor\bin\vcredist_x64_64bit.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\mod\editor\bin\dotNetFx40_Full_setup.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\trine2_launcher.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Trine 2\editor_initialize.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\VCRedist\vcredist_x86.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\DotNetFX\dotnetfx35setup.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\DirectX10\DXSETUP.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Max Payne 3\MP3_Installers\DirectX\DXSETUP.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.
C:\Program Files (x86)\Steam\SteamApps\common\Max Payne 3\MP3_Installers\vcredist_x86.exe
[DETECTION] Contains code of the W32/Neshta.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was repaired.

End of the scan: neděle, července 12, 2015 12:39
Used time: 3:08:56 Hour(s)

The scan has been done completely.

115381 Scanned directories
1584669 Files were scanned
52 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
52 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
1584615 Files not concerned
16707 Archives were scanned
2 Warnings
52 Notes
1153 Objects were scanned with rootkit scan
0 Hidden objects were found

Ono je to s timhle smejdem hodne tezke, ale uvidime

Zkuste tento nastroj http://free.avg.com/redir?url=http%3A%2 ... drancFA%3D

Pote aplikujte Kaspersky Removal Tool http://www.kaspersky.com/antivirus-removal-tool?form=1

VIRY.CZ

Neshta, log ComboFix

Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix

Re: Neshta, log ComboFix