Prolomeni hesla facebooku Vyřešeno

[lucni704]

Omlouvam se a posilam vypis.

ComboFix 15-11-09.01 - Uživatel 10.11.2015 19:31:20.4.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3985.3228 [GMT 1:00]
Spuštěný z: c:\users\U×ivatel\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\U×ivatel\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-10-10 do 2015-11-10 )))))))))))))))))))))))))))))))
.
.
2015-11-10 18:35 . 2015-11-10 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-09 15:01 . 2015-11-10 18:35 -------- d-----w- c:\users\Uživatel\AppData\Local\Temp
2015-11-09 15:01 . 2015-11-09 14:47 24064 ----a-w- c:\windows\zoek-delete.exe
2015-11-09 14:47 . 2015-11-09 14:59 -------- d-----w- C:\zoek_backup
2015-11-09 14:28 . 2015-11-09 16:50 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-09 14:28 . 2015-11-09 14:39 -------- d-----w- c:\programdata\RogueKiller
2015-11-08 16:46 . 2015-11-08 16:46 386096 ----a-w- c:\windows\system32\aswBoot.exe
2015-11-08 16:46 . 2015-11-08 16:46 43112 ----a-w- c:\windows\avastSS.scr
2015-11-08 16:40 . 2015-11-08 16:40 -------- d-----w- c:\users\Uživatel\AppData\Local\Macromedia
2015-11-08 16:35 . 2015-11-08 16:35 -------- d-----w- c:\users\Uživatel\AppData\Local\Adobe
2015-11-08 10:45 . 2015-11-08 10:45 -------- d-----w- c:\users\Uživatel\AppData\Local\Apps
2015-11-07 05:44 . 2015-10-20 03:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{121BFCC5-0A28-480B-B386-7F140E33F0F7}\mpengine.dll
2015-10-31 07:30 . 2015-05-06 15:54 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-08 16:46 . 2015-08-10 19:17 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-11-08 16:46 . 2015-08-10 19:17 449992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-11-08 16:46 . 2015-08-10 19:17 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-11-08 16:46 . 2015-08-10 19:17 154256 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-11-08 16:46 . 2015-08-10 19:17 97648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-11-08 16:46 . 2015-08-10 19:17 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-11-08 16:46 . 2015-08-10 19:17 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-11-08 16:46 . 2015-08-10 19:17 1059656 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-11-08 10:51 . 2015-04-07 17:53 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-22 14:28 . 2015-04-18 11:53 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-22 14:28 . 2015-04-18 11:53 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-05 07:50 . 2015-04-07 17:53 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 07:50 . 2015-04-07 17:53 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 07:50 . 2015-04-07 17:53 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-10-19 8551848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-08 7004376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 cmshusbser;Mobile Connector USB Device for Legacy Serial Communication IN ANDROID DEVICE;c:\windows\system32\DRIVERS\cmshusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmshusbser.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-11-08 16:46 870744 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-10-21 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-10-21 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-10-21 442352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-08-27 13647576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\zfv2iwhk.default\
FF - prefs.js: browser.startup.homepage - hxxp://pravednes.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-{4fcf070a-daac-45e9-a8b0-6850941f7ed8} - c:\programdata\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-11-10 19:36:30
ComboFix-quarantined-files.txt 2015-11-10 18:36
ComboFix2.txt 2015-11-10 16:43
ComboFix3.txt 2015-11-09 22:27
ComboFix4.txt 2015-11-09 17:20
.
Před spuštěním: Volných bajtů: 65 504 927 744
Po spuštění: Volných bajtů: 65 448 329 216
.
- - End Of File - - 24B48538632286CB06C45AE96B2DF108
5FB38429D5D77768867C76DCBDB35194

[Reklama]

[jaro3]

c:\users\U×ivatel\Downloads\ComboFix.exe

přesuň ComboFix.exe na plochu!!


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[lucni704]

Provedl jsem a posilam logy.

ComboFix 15-11-09.01 - Uživatel 11.11.2015 15:57:38.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3985.2580 [GMT 1:00]
Spuštěný z: c:\users\U×ivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\U×ivatel\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-10-11 do 2015-11-11 )))))))))))))))))))))))))))))))
.
.
2015-11-11 15:03 . 2015-11-11 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-11 11:17 . 2015-10-30 23:33 50176 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-11-11 11:16 . 2015-10-13 16:41 497664 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-10 22:03 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-11-10 22:03 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-10 19:05 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
2015-11-10 19:05 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-11-10 19:05 . 2015-07-09 17:58 82944 ----a-w- c:\windows\system32\dwmapi.dll
2015-11-10 19:05 . 2015-07-09 17:58 1632256 ----a-w- c:\windows\system32\dwmcore.dll
2015-11-10 19:05 . 2015-07-09 17:42 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2015-11-10 19:05 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2015-11-10 19:05 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-11-10 19:03 . 2015-07-23 00:02 1390592 ----a-w- c:\windows\system32\diagtrack.dll
2015-11-10 18:49 . 2015-11-10 18:49 -------- d-----w- c:\users\Uživatel\AppData\Local\VirtualStore
2015-11-09 17:23 . 2015-11-10 18:49 -------- d-----w- c:\users\Uživatel\AppData\Local\Deployment
2015-11-09 15:01 . 2015-11-11 15:03 -------- d-----w- c:\users\Uživatel\AppData\Local\Temp
2015-11-09 15:01 . 2015-11-09 14:47 24064 ----a-w- c:\windows\zoek-delete.exe
2015-11-09 14:47 . 2015-11-09 14:59 -------- d-----w- C:\zoek_backup
2015-11-09 14:28 . 2015-11-09 16:50 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-09 14:28 . 2015-11-09 14:39 -------- d-----w- c:\programdata\RogueKiller
2015-11-08 16:46 . 2015-11-08 16:46 386096 ----a-w- c:\windows\system32\aswBoot.exe
2015-11-08 16:46 . 2015-11-08 16:46 43112 ----a-w- c:\windows\avastSS.scr
2015-11-08 16:40 . 2015-11-08 16:40 -------- d-----w- c:\users\Uživatel\AppData\Local\Macromedia
2015-11-08 16:35 . 2015-11-08 16:35 -------- d-----w- c:\users\Uživatel\AppData\Local\Adobe
2015-11-08 10:45 . 2015-11-08 10:45 -------- d-----w- c:\users\Uživatel\AppData\Local\Apps
2015-11-07 05:44 . 2015-10-20 03:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{121BFCC5-0A28-480B-B386-7F140E33F0F7}\mpengine.dll
2015-10-31 07:30 . 2015-05-06 15:54 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 00:22 . 2015-10-13 00:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-11 13:26 . 2015-04-07 13:58 145617392 ----a-w- c:\windows\system32\MRT.exe
2015-11-10 19:11 . 2015-04-07 17:53 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-08 16:46 . 2015-08-10 19:17 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-11-08 16:46 . 2015-08-10 19:17 449992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-11-08 16:46 . 2015-08-10 19:17 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-11-08 16:46 . 2015-08-10 19:17 154256 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-11-08 16:46 . 2015-08-10 19:17 97648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-11-08 16:46 . 2015-08-10 19:17 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-11-08 16:46 . 2015-08-10 19:17 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-11-08 16:46 . 2015-08-10 19:17 1059656 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-10-30 22:34 . 2015-11-11 11:17 262144 ----a-w- c:\windows\system32\webcheck.dll
2015-10-30 22:11 . 2015-11-11 11:17 230400 ----a-w- c:\windows\SysWow64\webcheck.dll
2015-10-29 17:50 . 2015-11-11 11:16 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 11:16 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 11:16 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 11:16 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:49 . 2015-11-11 11:16 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 11:16 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 11:16 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 11:16 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-11-11 11:16 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-22 14:28 . 2015-04-18 11:53 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-22 14:28 . 2015-04-18 11:53 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-20 01:05 . 2015-11-11 11:17 344064 ----a-w- c:\windows\system32\schannel.dll
2015-10-20 00:45 . 2015-11-11 11:17 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-10-20 00:45 . 2015-11-11 11:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-05 07:50 . 2015-04-07 17:53 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 07:50 . 2015-04-07 17:53 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 07:50 . 2015-04-07 17:53 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-08 7004376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 cmshusbser;Mobile Connector USB Device for Legacy Serial Communication IN ANDROID DEVICE;c:\windows\system32\DRIVERS\cmshusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmshusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-11-08 16:46 870744 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-10-21 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-10-21 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-10-21 442352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-08-27 13647576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\zfv2iwhk.default\
FF - prefs.js: browser.startup.homepage - hxxp://pravednes.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-{4fcf070a-daac-45e9-a8b0-6850941f7ed8} - c:\programdata\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-11-11 16:09:53
ComboFix-quarantined-files.txt 2015-11-11 15:09
ComboFix2.txt 2015-11-10 18:36
ComboFix3.txt 2015-11-10 16:43
ComboFix4.txt 2015-11-09 22:27
ComboFix5.txt 2015-11-11 14:56
.
Před spuštěním: Volných bajtů: 59 472 330 752
Po spuštění: Volných bajtů: 59 208 642 560
.
- - End Of File - - 46B4AF122384A125F0654065AE20F72B
5FB38429D5D77768867C76DCBDB35194

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:12:45, on 11.11.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)

FIREFOX: 42.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Uživatel\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6258 bytes

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-11-11 16:13:53
-----------------------------
16:13:53.494 OS Version: Windows x64 6.1.7601 Service Pack 1
16:13:53.494 Number of processors: 2 586 0x2A07
16:13:53.494 ComputerName: UŽIVATEL-PC UserName: Uživatel
16:13:53.900 Initialize success
16:13:53.915 VM: initialized successfully
16:13:53.915 VM: Intel CPU BiosDisabled
16:13:55.663 AVAST engine defs: 15111100
16:14:51.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
16:14:51.667 Disk 0 Vendor: WDC_WD2500AAKX-00ERMA0 15.01H15 Size: 238475MB BusType: 3
16:14:51.776 Disk 0 MBR read successfully
16:14:51.776 Disk 0 MBR scan
16:14:51.776 Disk 0 unknown MBR code
16:14:51.776 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
16:14:51.823 Disk 0 scanning C:\Windows\system32\drivers
16:14:58.624 Service scanning
16:15:12.477 Modules scanning
16:15:12.477 Disk 0 trace - called modules:
16:15:12.493 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:15:12.992 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004635060]
16:15:12.992 3 CLASSPNP.SYS[fffff8800195243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800420d060]
16:15:13.288 AVAST engine scan C:\Windows
16:15:14.879 AVAST engine scan C:\Windows\system32
16:17:02.083 AVAST engine scan C:\Windows\system32\drivers
16:17:10.273 AVAST engine scan C:\Users\Uživatel
16:18:15.980 Disk 0 MBR has been saved successfully to "C:\Users\Uživatel\Desktop\MBR.dat"
16:18:15.980 The log file has been saved successfully to "C:\Users\Uživatel\Desktop\aswMBR.txt"

[Orcus]

Skript se neprovedl. Proveď skript v nouzovém režimu.

[lucni704]

skript v nouzovém režimu.

ComboFix 15-11-09.01 - Uživatel 11.11.2015 18:49:49.6.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3985.2903 [GMT 1:00]
Spuštěný z: c:\users\U×ivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\U×ivatel\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-10-11 do 2015-11-11 )))))))))))))))))))))))))))))))
.
.
2015-11-11 17:54 . 2015-11-11 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-11 11:17 . 2015-10-30 23:33 50176 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-11-11 11:16 . 2015-10-13 16:41 497664 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-10 22:03 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-11-10 22:03 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-10 19:05 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
2015-11-10 19:05 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-11-10 19:05 . 2015-07-09 17:58 82944 ----a-w- c:\windows\system32\dwmapi.dll
2015-11-10 19:05 . 2015-07-09 17:58 1632256 ----a-w- c:\windows\system32\dwmcore.dll
2015-11-10 19:05 . 2015-07-09 17:42 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2015-11-10 19:05 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2015-11-10 19:05 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-11-10 19:03 . 2015-07-23 00:02 1390592 ----a-w- c:\windows\system32\diagtrack.dll
2015-11-10 18:49 . 2015-11-10 18:49 -------- d-----w- c:\users\Uživatel\AppData\Local\VirtualStore
2015-11-09 17:23 . 2015-11-11 15:25 -------- d-----w- c:\users\Uživatel\AppData\Local\Deployment
2015-11-09 15:01 . 2015-11-11 17:54 -------- d-----w- c:\users\Uživatel\AppData\Local\Temp
2015-11-09 15:01 . 2015-11-09 14:47 24064 ----a-w- c:\windows\zoek-delete.exe
2015-11-09 14:47 . 2015-11-09 14:59 -------- d-----w- C:\zoek_backup
2015-11-09 14:28 . 2015-11-09 16:50 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-09 14:28 . 2015-11-09 14:39 -------- d-----w- c:\programdata\RogueKiller
2015-11-08 16:46 . 2015-11-08 16:46 386096 ----a-w- c:\windows\system32\aswBoot.exe
2015-11-08 16:46 . 2015-11-08 16:46 43112 ----a-w- c:\windows\avastSS.scr
2015-11-08 16:40 . 2015-11-08 16:40 -------- d-----w- c:\users\Uživatel\AppData\Local\Macromedia
2015-11-08 16:35 . 2015-11-08 16:35 -------- d-----w- c:\users\Uživatel\AppData\Local\Adobe
2015-11-08 10:45 . 2015-11-08 10:45 -------- d-----w- c:\users\Uživatel\AppData\Local\Apps
2015-11-07 05:44 . 2015-10-20 03:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{121BFCC5-0A28-480B-B386-7F140E33F0F7}\mpengine.dll
2015-10-31 07:30 . 2015-05-06 15:54 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 00:22 . 2015-10-13 00:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-11 13:26 . 2015-04-07 13:58 145617392 ----a-w- c:\windows\system32\MRT.exe
2015-11-10 19:11 . 2015-04-07 17:53 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-08 16:46 . 2015-08-10 19:17 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-11-08 16:46 . 2015-08-10 19:17 449992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-11-08 16:46 . 2015-08-10 19:17 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-11-08 16:46 . 2015-08-10 19:17 154256 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-11-08 16:46 . 2015-08-10 19:17 97648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-11-08 16:46 . 2015-08-10 19:17 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-11-08 16:46 . 2015-08-10 19:17 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-11-08 16:46 . 2015-08-10 19:17 1059656 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-10-30 22:34 . 2015-11-11 11:17 262144 ----a-w- c:\windows\system32\webcheck.dll
2015-10-30 22:11 . 2015-11-11 11:17 230400 ----a-w- c:\windows\SysWow64\webcheck.dll
2015-10-29 17:50 . 2015-11-11 11:16 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 11:16 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 11:16 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 11:16 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:49 . 2015-11-11 11:16 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 11:16 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 11:16 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 11:16 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-11-11 11:16 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-22 14:28 . 2015-04-18 11:53 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-22 14:28 . 2015-04-18 11:53 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-20 01:05 . 2015-11-11 11:17 344064 ----a-w- c:\windows\system32\schannel.dll
2015-10-20 00:45 . 2015-11-11 11:17 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-10-20 00:45 . 2015-11-11 11:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-05 07:50 . 2015-04-07 17:53 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 07:50 . 2015-04-07 17:53 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 07:50 . 2015-04-07 17:53 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-08 7004376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 cmshusbser;Mobile Connector USB Device for Legacy Serial Communication IN ANDROID DEVICE;c:\windows\system32\DRIVERS\cmshusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmshusbser.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-11-08 16:46 870744 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-10-21 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-10-21 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-10-21 442352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-08-27 13647576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\zfv2iwhk.default\
FF - prefs.js: browser.startup.homepage - hxxp://pravednes.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-{4fcf070a-daac-45e9-a8b0-6850941f7ed8} - c:\programdata\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-11-11 18:55:28
ComboFix-quarantined-files.txt 2015-11-11 17:55
ComboFix2.txt 2015-11-11 15:09
ComboFix3.txt 2015-11-10 18:36
ComboFix4.txt 2015-11-10 16:43
ComboFix5.txt 2015-11-11 17:49
.
Před spuštěním: Volných bajtů: 59 078 275 072
Po spuštění: Volných bajtů: 58 690 756 608
.
- - End Of File - - 17B6CF75F9CC077B1D9EE84378602FFF
5FB38429D5D77768867C76DCBDB35194

[jaro3]

nemaže , jsou to ale zbytečnosti..

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Co problémy?

[lucni704]

Tak jsem to provedl a myslím že to bude dobre a chci podekovat. Dekuji a naschle.

[jerabina]

Ještě udělej Delfix, aby jsme po sobě uklidili.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - "fajfku"

[lucni704]

Provedl jsem a posilam log

# DelFix v1.011 - Logfile created 12/11/2015 at 15:26:52
# Updated 18/08/2015 by Xplode
# Username : Uživatel - UŽIVATEL-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Users\Uživatel\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #107 [Naplánovaný kontrolní bod | 11/12/2015 07:52:37]
Deleted : RP #108 [Windows Update | 11/12/2015 10:44:22]

New restore point created !

########## - EOF - ##########

[jaro3]

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.