Prosim o kontrolu logu - mami pocitac se seka je pomalý, nebyl kontrolovony cca. 2roky Vyřešeno

[DarkSun]

ComboFix 17-10-17.01 - Adam 25.10.2017 9:31.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3032.1817 [GMT 2:00]
Spuštěný z: c:\users\Adam\Downloads\ComboFix.exe
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-09-25 do 2017-10-25 )))))))))))))))))))))))))))))))
.
.
2017-10-24 21:17 . 2017-10-24 21:45 -------- d-----w- C:\zoek_backup
2017-10-23 21:09 . 2017-10-24 19:37 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-10-23 20:53 . 2017-10-23 22:13 -------- d-----w- c:\programdata\RogueKiller
2017-10-23 12:37 . 2017-10-23 12:37 -------- d-----w- c:\programdata\Sophos
2017-10-23 12:36 . 2017-10-23 12:36 -------- d-----w- c:\program files\Sophos
2017-10-23 10:35 . 2017-10-23 10:37 -------- d-----w- c:\users\Adam\AppData\Local\AvgSetupLog
2017-10-22 20:40 . 2017-10-22 20:40 166840 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2017-10-22 20:40 . 2017-10-25 07:08 40384 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-10-22 20:39 . 2017-10-23 10:40 221112 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2017-10-22 20:39 . 2017-10-04 11:15 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-10-22 20:39 . 2017-10-22 20:39 -------- d-----w- c:\program files\Malwarebytes
2017-10-22 18:47 . 2017-10-23 10:16 -------- d-----w- C:\AdwCleaner
2017-10-19 11:40 . 2017-10-19 11:39 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-10-19 11:40 . 2013-09-15 20:25 790440 ----a-w- c:\windows\system32\deployJava1.dll
2017-10-19 11:40 . 2013-09-15 20:25 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2017-10-19 11:38 . 2017-10-19 11:38 -------- d-----w- c:\programdata\Oracle
2017-10-19 09:51 . 2017-09-13 15:13 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-10-19 09:21 . 2013-03-09 13:46 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-10-19 09:21 . 2013-03-09 13:46 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-09-13 15:09 . 2017-10-19 09:51 254464 ----a-w- c:\windows\system32\schannel.dll
2017-09-13 15:09 . 2017-10-19 09:51 141312 ----a-w- c:\windows\system32\rpchttp.dll
2017-08-16 15:10 . 2017-09-17 20:01 629760 ----a-w- c:\windows\system32\usp10.dll
2017-08-15 15:10 . 2017-09-17 20:01 1499648 ----a-w- c:\windows\system32\ExplorerFrame.dll
2017-08-14 17:35 . 2017-09-17 20:01 2150912 ----a-w- c:\windows\system32\mmcndmgr.dll
2017-08-14 17:35 . 2017-09-17 20:01 303104 ----a-w- c:\windows\system32\mmcbase.dll
2017-08-14 17:35 . 2017-09-17 20:01 128512 ----a-w- c:\windows\system32\mmcshext.dll
2017-08-14 17:35 . 2017-09-17 20:01 172544 ----a-w- c:\windows\system32\cic.dll
2017-08-13 21:30 . 2017-09-17 20:01 1401344 ----a-w- c:\windows\system32\mmc.exe
2017-08-11 06:19 . 2017-09-17 20:01 497664 ----a-w- c:\windows\system32\win32spl.dll
2017-08-11 06:19 . 2017-09-17 20:01 271360 ----a-w- c:\windows\system32\Wldap32.dll
2017-08-11 06:19 . 2017-09-17 20:01 16384 ----a-w- c:\windows\system32\winnsi.dll
2017-08-11 06:19 . 2017-09-17 20:01 171008 ----a-w- c:\windows\system32\winsrv.dll
2017-08-11 06:19 . 2017-09-17 20:01 377344 ----a-w- c:\windows\system32\rpcss.dll
2017-08-11 06:19 . 2017-09-17 20:01 299008 ----a-w- c:\windows\system32\ntprint.dll
2017-08-11 06:19 . 2017-09-17 20:01 19968 ----a-w- c:\windows\system32\nsisvc.dll
2017-08-11 06:19 . 2017-09-17 20:01 8704 ----a-w- c:\windows\system32\nsi.dll
2017-08-11 06:19 . 2017-09-17 20:01 1417728 ----a-w- c:\windows\system32\ole32.dll
2017-08-11 06:19 . 2017-09-17 20:01 26112 ----a-w- c:\windows\system32\oleres.dll
2017-08-11 06:19 . 2017-09-17 20:01 781824 ----a-w- c:\windows\system32\localspl.dll
2017-08-11 06:19 . 2017-09-17 20:01 294400 ----a-w- c:\windows\system32\KernelBase.dll
2017-08-11 06:19 . 2017-09-17 20:01 126464 ----a-w- c:\windows\system32\inetpp.dll
2017-08-11 06:19 . 2017-09-17 20:01 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-11 06:10 . 2017-09-17 20:01 66048 ----a-w- c:\windows\system32\PrintBrmUi.exe
2017-08-11 06:09 . 2017-09-17 20:01 39424 ----a-w- c:\windows\system32\wpnpinst.exe
2017-08-11 06:09 . 2017-09-17 20:01 61952 ----a-w- c:\windows\system32\ntprint.exe
2017-08-11 06:09 . 2017-09-17 20:01 18944 ----a-w- c:\windows\system32\inetppui.dll
2017-08-11 06:09 . 2017-09-17 20:01 29696 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\winprint.dll
2017-08-11 06:03 . 2017-09-17 20:01 26624 ----a-w- c:\windows\system32\netbtugc.exe
2017-08-11 06:01 . 2017-09-17 20:01 7168 ----a-w- c:\windows\system32\comcat.dll
2017-08-11 05:58 . 2017-09-17 20:01 271360 ----a-w- c:\windows\system32\conhost.exe
2017-08-11 05:55 . 2017-09-17 20:01 188928 ----a-w- c:\windows\system32\drivers\netbt.sys
2017-08-11 05:55 . 2017-09-17 20:01 17920 ----a-w- c:\windows\system32\drivers\nsiproxy.sys
2017-08-11 05:55 . 2017-09-17 20:01 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-11 05:55 . 2017-09-17 20:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-11 05:55 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-11 05:55 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-07-29 14:50 . 2017-08-13 18:10 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-06-06 04:06 . 2012-06-06 04:06 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2011-11-01 6475264]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2017-09-05 587288]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\users\Adam\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-02-17 12400]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-09-07 104960]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys [2017-10-25 40384]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-12-02 137600]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-22 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-22 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-31 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2017-10-23 221112]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-17 243128]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys [2017-10-22 166840]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-08-07 4430792]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 197224]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2011-07-12 319264]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMPROTECTION
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMFarflt
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-10-04 08:19 1450840 ----a-w- c:\program files\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AvgUpdater0415tb - c:\programdata\Avg_Update_0415tb\0415tb_{B0CE6F39-B9E9-44F0-8523-A690DF77D10C}.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-10-25 09:46:11
ComboFix-quarantined-files.txt 2017-10-25 07:46
.
Před spuštěním: Volných bajtů: 30 034 604 032
Po spuštění: Volných bajtů: 33 757 106 176
.
- - End Of File - - FE45B86B0DEFA5DE3A3AEC90D0967455
A36C5E4F47E84449FF07ED3517B43A31

[Reklama]

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\users\Adam\AppData\Local\AvgSetupLog

Folder::
c:\program files\Skype\Updater

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.


Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[DarkSun]

ComboFix 17-10-17.01 - Adam 25.10.2017 11:13:51.7.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3032.1966 [GMT 2:00]
Spuštěný z: c:\users\Adam\Desktop\pc help\ComboFix.exe
Použité ovládací přepínače :: c:\users\Adam\Desktop\CFScript.txt
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\users\Adam\AppData\Local\AvgSetupLog"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-09-25 do 2017-10-25 )))))))))))))))))))))))))))))))
.
.
2017-10-25 09:24 . 2017-10-25 09:27 -------- d-----w- c:\users\Adam\AppData\Local\temp
2017-10-25 09:24 . 2017-10-25 09:24 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2017-10-25 09:24 . 2017-10-25 09:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-10-25 09:24 . 2017-10-25 09:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-10-24 21:48 . 2017-10-24 21:17 24064 ----a-w- c:\windows\zoek-delete.exe
2017-10-24 21:17 . 2017-10-24 21:45 -------- d-----w- C:\zoek_backup
2017-10-23 21:09 . 2017-10-24 19:37 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-10-23 20:53 . 2017-10-23 22:13 -------- d-----w- c:\programdata\RogueKiller
2017-10-23 12:37 . 2017-10-23 12:37 -------- d-----w- c:\programdata\Sophos
2017-10-23 12:36 . 2017-10-23 12:36 -------- d-----w- c:\program files\Sophos
2017-10-23 10:35 . 2017-10-23 10:37 -------- d-----w- c:\users\Adam\AppData\Local\AvgSetupLog
2017-10-22 20:40 . 2017-10-22 20:40 166840 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2017-10-22 20:40 . 2017-10-25 09:26 40384 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-10-22 20:39 . 2017-10-23 10:40 221112 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2017-10-22 20:39 . 2017-10-04 11:15 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-10-22 20:39 . 2017-10-22 20:39 -------- d-----w- c:\program files\Malwarebytes
2017-10-22 18:47 . 2017-10-23 10:16 -------- d-----w- C:\AdwCleaner
2017-10-19 11:40 . 2017-10-19 11:39 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-10-19 11:40 . 2013-09-15 20:25 790440 ----a-w- c:\windows\system32\deployJava1.dll
2017-10-19 11:40 . 2013-09-15 20:25 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2017-10-19 11:38 . 2017-10-19 11:38 -------- d-----w- c:\programdata\Oracle
2017-10-19 09:51 . 2017-09-13 15:13 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-10-19 09:21 . 2013-03-09 13:46 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-10-19 09:21 . 2013-03-09 13:46 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-09-13 15:09 . 2017-10-19 09:51 254464 ----a-w- c:\windows\system32\schannel.dll
2017-09-13 15:09 . 2017-10-19 09:51 141312 ----a-w- c:\windows\system32\rpchttp.dll
2017-08-16 15:10 . 2017-09-17 20:01 629760 ----a-w- c:\windows\system32\usp10.dll
2017-08-15 15:10 . 2017-09-17 20:01 1499648 ----a-w- c:\windows\system32\ExplorerFrame.dll
2017-08-14 17:35 . 2017-09-17 20:01 2150912 ----a-w- c:\windows\system32\mmcndmgr.dll
2017-08-14 17:35 . 2017-09-17 20:01 303104 ----a-w- c:\windows\system32\mmcbase.dll
2017-08-14 17:35 . 2017-09-17 20:01 128512 ----a-w- c:\windows\system32\mmcshext.dll
2017-08-14 17:35 . 2017-09-17 20:01 172544 ----a-w- c:\windows\system32\cic.dll
2017-08-13 21:30 . 2017-09-17 20:01 1401344 ----a-w- c:\windows\system32\mmc.exe
2017-08-11 06:19 . 2017-09-17 20:01 497664 ----a-w- c:\windows\system32\win32spl.dll
2017-08-11 06:19 . 2017-09-17 20:01 271360 ----a-w- c:\windows\system32\Wldap32.dll
2017-08-11 06:19 . 2017-09-17 20:01 16384 ----a-w- c:\windows\system32\winnsi.dll
2017-08-11 06:19 . 2017-09-17 20:01 171008 ----a-w- c:\windows\system32\winsrv.dll
2017-08-11 06:19 . 2017-09-17 20:01 377344 ----a-w- c:\windows\system32\rpcss.dll
2017-08-11 06:19 . 2017-09-17 20:01 299008 ----a-w- c:\windows\system32\ntprint.dll
2017-08-11 06:19 . 2017-09-17 20:01 19968 ----a-w- c:\windows\system32\nsisvc.dll
2017-08-11 06:19 . 2017-09-17 20:01 8704 ----a-w- c:\windows\system32\nsi.dll
2017-08-11 06:19 . 2017-09-17 20:01 1417728 ----a-w- c:\windows\system32\ole32.dll
2017-08-11 06:19 . 2017-09-17 20:01 26112 ----a-w- c:\windows\system32\oleres.dll
2017-08-11 06:19 . 2017-09-17 20:01 781824 ----a-w- c:\windows\system32\localspl.dll
2017-08-11 06:19 . 2017-09-17 20:01 294400 ----a-w- c:\windows\system32\KernelBase.dll
2017-08-11 06:19 . 2017-09-17 20:01 126464 ----a-w- c:\windows\system32\inetpp.dll
2017-08-11 06:19 . 2017-09-17 20:01 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-11 06:19 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-11 06:10 . 2017-09-17 20:01 66048 ----a-w- c:\windows\system32\PrintBrmUi.exe
2017-08-11 06:09 . 2017-09-17 20:01 39424 ----a-w- c:\windows\system32\wpnpinst.exe
2017-08-11 06:09 . 2017-09-17 20:01 61952 ----a-w- c:\windows\system32\ntprint.exe
2017-08-11 06:09 . 2017-09-17 20:01 18944 ----a-w- c:\windows\system32\inetppui.dll
2017-08-11 06:09 . 2017-09-17 20:01 29696 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\winprint.dll
2017-08-11 06:03 . 2017-09-17 20:01 26624 ----a-w- c:\windows\system32\netbtugc.exe
2017-08-11 06:01 . 2017-09-17 20:01 7168 ----a-w- c:\windows\system32\comcat.dll
2017-08-11 05:58 . 2017-09-17 20:01 271360 ----a-w- c:\windows\system32\conhost.exe
2017-08-11 05:55 . 2017-09-17 20:01 188928 ----a-w- c:\windows\system32\drivers\netbt.sys
2017-08-11 05:55 . 2017-09-17 20:01 17920 ----a-w- c:\windows\system32\drivers\nsiproxy.sys
2017-08-11 05:55 . 2017-09-17 20:01 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-11 05:55 . 2017-09-17 20:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-11 05:55 . 2017-09-17 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-11 05:55 . 2017-09-17 20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-07-29 14:50 . 2017-08-13 18:10 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-06-06 04:06 . 2012-06-06 04:06 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2011-11-01 6475264]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2017-09-05 587288]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\users\Adam\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-02-17 12400]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-09-07 104960]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys [2017-10-25 40384]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-12-02 137600]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-22 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-22 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-31 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2017-10-23 221112]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-17 243128]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys [2017-10-22 166840]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-08-07 4430792]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 197224]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2011-07-12 319264]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-10-04 08:19 1450840 ----a-w- c:\program files\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2017-10-25 11:34:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-10-25 09:34
ComboFix2.txt 2017-10-25 07:46
.
Před spuštěním: Volných bajtů: 33 704 476 672
Po spuštění: Volných bajtů: 33 451 433 984
.
- - End Of File - - 37E26F51FCD07A9CBFB33E40CE78EE98
A36C5E4F47E84449FF07ED3517B43A31

[DarkSun]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:39:32, on 25.10.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18817)


Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Adam\Desktop\pc help\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe

--
End of file - 4818 bytes

[DarkSun]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-10-25 11:41:12
-----------------------------
11:41:12.354 OS Version: Windows 6.1.7601 Service Pack 1
11:41:12.354 Number of processors: 2 586 0x170A
11:41:12.356 ComputerName: ADAM-PC UserName: Adam
11:41:32.996 Initialize success
11:41:34.069 VM: initialized successfully
11:41:34.074 VM: Intel CPU virtualization not supported
11:45:56.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:45:56.083 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
11:45:56.226 Disk 0 MBR read successfully
11:45:56.231 Disk 0 MBR scan
11:45:56.236 Disk 0 Windows 7 default MBR code
11:45:56.241 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:45:56.258 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100000 MB offset 81920
11:45:56.268 Disk 0 Boot: NTFS code=2
11:45:56.294 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 138434 MB offset 204881920
11:45:56.305 Disk 0 scanning sectors +488394752
11:45:56.470 Disk 0 scanning C:\Windows\system32\drivers
11:46:05.733 Service scanning
11:46:41.363 Modules scanning
11:46:41.382 Disk 0 trace - called modules:
11:46:41.422 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
11:46:41.432 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88b6aa78]
11:46:41.442 3 CLASSPNP.SYS[8bf9859e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86944028]
11:46:41.452 Disk 0 statistics 83843/0/0 @ 4,63 MB/s
11:46:41.463 Scan finished successfully
11:47:53.943 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
11:47:53.953 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Máš alespoň 15-20% volného místa na systémovém disku?

Co problémy?

[DarkSun]

mam tam skoro 30 procent.

Zatim vse v poradku i se pc se yrzchluje.

[jaro3]

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[DarkSun]

# DelFix v1.013 - Logfile created 27/10/2017 at 20:41:12
# Updated 17/04/2016 by Xplode
# Username : Adam - ADAM-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Adam\Desktop\MBR.dat
Deleted : C:\Users\Adam\Downloads\aswmbr.exe
Deleted : C:\Users\Adam\Downloads\OTC.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #951 [ComboFix created restore point | 10/25/2017 09:10:10]

New restore point created !

########## - EOF - ##########

[jaro3]

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[DarkSun]

Jaro3 dekuju vsechno bezi jak ma.. Davam zelenou