Kontrola logu (LoL - "MAESTRO ERROR") Vyřešeno

[Xialoxeen]

Už jsem tu zase :( a posílám tu log z combofixu + log HJT. A dále log z aswMBR.

ComboFix 14-10-04.01 - Respiro . 10. 2014 12:27:31.2.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3995.2581 [GMT 2:00]
Running from: c:\users\Respiro\Desktop\ComboFix.exe
Command switches used :: c:\users\Respiro\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\RMAutoUpdate.job"
"c:\windows\Tasks\RMSchedule.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.24.15\goopdate.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.24.15\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.24.15\psmachine.dll
c:\program files (x86)\Google\Update\1.3.24.15\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.24.15\psuser.dll
c:\program files (x86)\Google\Update\1.3.24.15\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.15\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.124\37.0.2062.124_37.0.2062.120_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gupdate
-------\Legacy_gupdatem
-------\Legacy_gupdate
-------\Legacy_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2014-09-07 to 2014-10-07 )))))))))))))))))))))))))))))))
.
.
2014-10-07 10:34 . 2014-10-07 10:34 -------- d-----w- c:\users\Respiro\AppData\Local\temp
2014-10-07 10:34 . 2014-10-07 10:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-07 08:16 . 2014-10-07 08:16 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-10-06 09:34 . 2014-10-06 09:19 24064 ----a-w- c:\windows\zoek-delete.exe
2014-10-06 09:19 . 2014-10-06 09:32 -------- d-----w- C:\zoek_backup
2014-10-05 14:35 . 2014-10-06 09:05 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-05 14:35 . 2014-10-05 14:35 -------- d-----w- c:\programdata\RogueKiller
2014-10-05 14:22 . 2014-10-05 14:22 -------- d-----w- c:\windows\ERUNT
2014-10-04 09:55 . 2014-10-05 14:02 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-04 09:54 . 2014-10-04 09:54 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-04 09:54 . 2014-10-04 09:54 -------- d-----w- c:\programdata\Malwarebytes
2014-10-04 09:54 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-04 09:54 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-04 09:54 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-04 09:44 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-10-04 09:43 . 2014-10-05 14:09 -------- d-----w- C:\AdwCleaner
2014-09-30 20:37 . 2000-01-01 00:00 6101504 ----a-w- c:\windows\system32\stlang64.dll
2014-09-30 20:37 . 2000-01-01 00:00 426328 ----a-w- c:\windows\system32\EED64A.dll
2014-09-30 20:37 . 2000-01-01 00:00 3308376 ----a-w- c:\windows\system32\EEP64A.dll
2014-09-30 20:37 . 2000-01-01 00:00 1897984 ----a-w- c:\windows\system32\IDTNC64.cpl
2014-09-30 20:37 . 2000-01-01 00:00 1703424 ----a-w- c:\windows\sttray64.exe
2014-09-30 20:37 . 2000-01-01 00:00 136024 ----a-w- c:\windows\system32\EEL64A.dll
2014-09-30 20:37 . 2000-01-01 00:00 118104 ----a-w- c:\windows\system32\EEA64A.dll
2014-09-30 20:37 . 2014-09-30 20:37 -------- d-----w- c:\windows\system32\SRSLabs
2014-09-30 20:36 . 2000-01-01 00:00 693760 ------w- c:\windows\system32\stapi64.dll
2014-09-30 20:36 . 2000-01-01 00:00 550912 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2014-09-30 20:36 . 2000-01-01 00:00 499200 ----a-w- c:\windows\system32\stcplx64.dll
2014-09-30 20:36 . 2000-01-01 00:00 256000 ----a-w- c:\windows\system32\st646482.dll
2014-09-30 20:36 . 2000-01-01 00:00 2199040 ----a-w- c:\windows\system32\stapo64.dll
2014-09-30 20:33 . 2014-09-30 20:33 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2014-09-30 20:29 . 2014-09-30 20:29 -------- d-----w- c:\users\Respiro\AppData\Roaming\Intel Corporation
2014-09-30 20:28 . 2014-09-30 20:28 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Intel
2014-09-30 20:28 . 2014-09-30 20:28 -------- d-----w- c:\users\Respiro\Intel
2014-09-30 20:22 . 2014-04-23 08:25 870104 ----a-w- c:\windows\system32\drivers\Rt630x64.sys
2014-09-30 20:22 . 2014-04-23 08:25 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2014-09-30 20:11 . 2014-09-30 20:11 -------- d-----w- c:\users\Respiro\AppData\Local\SlimWare Utilities Inc
2014-09-29 11:10 . 2014-09-29 11:10 -------- d-----w- c:\users\Respiro\AppData\Local\NVIDIA
2014-09-29 11:10 . 2014-09-29 11:10 -------- d-----w- c:\users\Respiro\AppData\Local\NVIDIA Corporation
2014-09-29 11:06 . 2014-09-29 11:06 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-09-29 11:05 . 2014-09-29 11:05 -------- d-----w- c:\windows\SysWow64\NV
2014-09-29 11:05 . 2014-09-29 11:05 -------- d-----w- c:\windows\system32\NV
2014-09-29 10:58 . 2014-09-29 10:58 -------- d-----w- C:\NVIDIA
2014-09-29 10:49 . 2014-09-29 10:49 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-27 20:39 . 2014-09-27 20:39 262824 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10247.bin
2014-09-27 16:32 . 2014-10-02 12:35 -------- d-----w- c:\program files (x86)\Steam
2014-09-24 18:59 . 2014-09-24 18:59 -------- d-----w- c:\users\Respiro\AppData\Roaming\Promethean
2014-09-20 13:22 . 2014-09-20 13:26 -------- d-----w- c:\users\Respiro\AppData\Roaming\twinstar_launcher
2014-09-19 10:00 . 2014-09-19 10:30 -------- d-----w- c:\programdata\Battle.net
2014-09-19 09:36 . 2014-09-19 09:37 -------- d-----w- C:\UpdateChromeLinksLogs
2014-09-14 13:41 . 2014-08-09 08:30 148480 ----a-w- c:\windows\system32\poqexec.exe
2014-09-14 13:41 . 2014-08-09 08:29 144896 ----a-w- c:\windows\system32\tssdisai.dll
2014-09-12 09:43 . 2014-09-12 09:43 227728 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-09-10 14:29 . 2014-09-19 10:58 -------- d-----w- c:\users\Respiro\AppData\Roaming\TS3Client
2014-09-10 14:29 . 2014-09-10 14:29 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2014-09-10 07:31 . 2014-09-04 22:36 755712 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 07:31 . 2014-09-03 01:49 556544 ----a-w- c:\windows\system32\aeinv.dll
2014-09-10 06:42 . 2014-08-16 07:37 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-09-10 06:42 . 2014-08-16 09:34 2239488 ----a-w- c:\windows\system32\wininet.dll
2014-09-10 06:42 . 2014-08-16 09:32 15399424 ----a-w- c:\windows\system32\ieframe.dll
2014-09-10 06:42 . 2014-08-16 09:33 19280384 ----a-w- c:\windows\system32\mshtml.dll
2014-09-10 06:41 . 2014-07-26 02:19 26218496 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-10 06:41 . 2014-07-26 01:52 25479168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-10 06:28 . 2014-06-03 23:12 536776 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2014-09-10 06:28 . 2014-06-05 01:12 678600 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2014-09-10 06:27 . 2014-07-24 03:33 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-09-10 06:27 . 2014-07-24 03:33 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-09-07 16:00 . 2014-09-17 18:01 -------- d-----w- C:\The KMPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-13 23:48 . 2012-09-27 07:09 3223120 ----a-w- c:\windows\system32\nvapi64.dll
2014-09-13 23:48 . 2012-09-27 07:09 2838424 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-09-13 23:48 . 2012-09-27 07:09 174856 ----a-w- c:\windows\system32\nvinitx.dll
2014-09-13 23:48 . 2012-09-27 07:09 156840 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-09-13 23:48 . 2012-09-27 07:09 984424 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-09-13 23:48 . 2012-09-27 07:09 867528 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-09-13 21:53 . 2012-09-27 07:10 6890696 ----a-w- c:\windows\system32\nvcpl.dll
2014-09-13 21:53 . 2012-09-27 07:10 3529872 ----a-w- c:\windows\system32\nvsvc64.dll
2014-09-13 21:53 . 2012-09-27 07:10 934216 ----a-w- c:\windows\system32\nvvsvc.exe
2014-09-13 21:53 . 2012-09-27 07:10 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2014-09-13 21:53 . 2012-09-27 07:10 62608 ----a-w- c:\windows\system32\nvshext.dll
2014-09-13 21:53 . 2012-09-27 07:10 385168 ----a-w- c:\windows\system32\nvmctray.dll
2014-09-13 21:53 . 2012-09-27 07:10 2557640 ----a-w- c:\windows\system32\nvsvcr.dll
2014-09-13 21:53 . 2012-09-27 07:10 1087688 ----a-w- c:\windows\system32\nv3dappshext.dll
2014-09-11 18:23 . 2013-09-26 07:48 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-11 15:37 . 2012-09-27 07:10 3961833 ----a-w- c:\windows\system32\nvcoproc.bin
2014-08-23 06:47 . 2014-08-28 20:43 4036096 ----a-w- c:\windows\system32\win32k.sys
2014-08-08 14:30 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-06 16:02 . 2013-12-09 08:30 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-06 16:01 . 2014-01-12 22:43 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-08-06 16:01 . 2013-12-09 08:30 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-06 16:01 . 2013-12-09 08:30 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-06 16:01 . 2014-08-06 16:02 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-06 16:01 . 2013-12-09 08:30 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-06 16:01 . 2013-12-09 08:30 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-06 16:01 . 2013-12-09 08:30 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-06 16:01 . 2013-12-09 08:30 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-06 16:01 . 2014-08-06 16:01 43152 ----a-w- c:\windows\avastSS.scr
2014-07-15 23:03 . 2014-08-14 08:15 1300992 ----a-w- c:\windows\system32\gdi32.dll
2014-07-15 22:51 . 2014-08-15 05:24 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-07-12 02:36 . 2014-08-14 08:15 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll
2010-01-26 08:11 . 2014-04-08 06:32 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-12 07:58 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-12 07:58 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-12 07:58 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-08-02 363520]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-31 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-06 4085896]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-18 925960]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
3;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Ovladac úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\System32\drivers\irstrtdv.sys;c:\windows\SYSNATIVE\drivers\irstrtdv.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 06:37 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-12 17:59]
.
2014-10-07 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2013-10-27 23:57]
.
2014-10-06 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2013-10-27 23:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-12 07:54 2334416 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-12 07:54 2334416 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-12 07:54 2334416 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-06 16:01 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-08 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-08 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-08 440640]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"VDownloader"="c:\program files\VDownloader\VDownloader.exe" [2014-01-28 882176]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2461504]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-09-27 36352]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2000-01-01 1703424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote
IE: Od&eslat do OneNotu - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.4.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1 - c:\program files (x86)\Connected Music powered by Universal Music Group\unins000.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Intel\irstrt\RapidStartConfig.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Completion time: 2014-10-07 12:40:22 - machine was rebooted
ComboFix-quarantined-files.txt 2014-10-07 10:40
ComboFix2.txt 2014-10-06 18:19
.
Pre-Run: 511 374 508 032 bytes free
Post-Run: 511 057 645 568 bytes free
.
- - End Of File - - 2F677C0E623F2FEBB1FF94D7E3104162
5FB38429D5D77768867C76DCBDB35194

=====================================================================================================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:23, on 7. 10. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\Respiro\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: ABBYY FineReader 11 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.11.0) - ABBYY - C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem24.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\Windows\SysWOW64\irstrtsv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13031 bytes

=====================================================================================================================================

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-10-07 12:50:44
-----------------------------
12:50:44.927 OS Version: Windows x64 6.2.9200
12:50:44.927 Number of processors: 4 586 0x3A09
12:50:44.927 ComputerName: XIALOXEEN UserName: Respiro
12:50:47.114 Initialize success
12:50:47.114 VM: initialized successfully
12:50:47.130 VM: Intel CPU BiosDisabled
12:51:10.254 VM: disk I/O iaStorA.sys
12:51:13.786 AVAST engine defs: 14100700
12:52:52.244 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003d
12:52:52.244 Disk 0 Vendor: 100. Size: 715402MB BusType: 8
12:52:52.244 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000003e
12:52:52.244 Disk 1 Vendor: XC1M Size: 4096MB BusType: 8
12:52:52.572 Disk 0 MBR read successfully
12:52:52.572 Disk 0 MBR scan
12:52:52.588 Disk 0 unknown MBR code
12:52:52.588 Disk 0 Partition 1 00 EE GPT 715401 MB offset 1
12:52:52.634 Disk 0 scanning C:\Windows\system32\drivers
12:52:58.854 Service scanning
12:53:11.120 Modules scanning
12:53:11.135 Disk 0 trace - called modules:
12:53:11.151 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys storport.sys hal.dll iaStorA.sys
12:53:11.151 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005dfe060]
12:53:11.167 3 CLASSPNP.SYS[fffff880017aae0a] -> nt!IofCallDriver -> [0xfffffa8005b47880]
12:53:11.182 5 hpdskflt.sys[fffff88001c78379] -> nt!IofCallDriver -> \Device\0000003d[0xfffffa80047e6060]
12:53:12.214 AVAST engine scan C:\Windows
12:53:13.464 AVAST engine scan C:\Windows\system32
12:55:03.361 AVAST engine scan C:\Windows\system32\drivers
12:55:12.877 AVAST engine scan C:\Users\Respiro
12:57:43.792 File: C:\Users\Respiro\AppData\Local\Unity\WebPlayer\Uninstall.exe **INFECTED** Win32:Malware-gen
12:59:24.798 AVAST engine scan C:\ProgramData
13:02:17.947 Scan finished successfully
13:03:24.982 Disk 0 MBR has been saved successfully to "C:\Users\Respiro\Desktop\MBR.dat"
13:03:24.982 The log file has been saved successfully to "C:\Users\Respiro\Desktop\aswMBR part 3.txt"

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"


V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Users\Respiro\AppData\Local\Unity\WebPlayer\Uninstall.exe


Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[Xialoxeen]

Stále stejné. Jakmile jsem najel na soubor (C:\Users\Respiro\AppData\Local\Unity\WebPlayer\Uninstall.exe), tak mi okamžitě vyskočil avast a zasáhl .... soubor už tam není (?)!. Jen doufám, že to nebyl nějaký fail z mé strany ...

[Orcus]

Potom jej obnov z karantény, vypni dočasně Avast a poté otestuj.

[Xialoxeen]

Ok, díky, zde je odkaz:https://www.virustotal.com/cs/file/16f7a5762f93fcfa86b6c8722b7475477d57690004d5970321eeeb0953be8bc4/analysis/1412745743/

[jaro3]

Ten zase soubor smaž,.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Co problémy?

[Xialoxeen]

Bohužel, problémy stále přetrvávají ...

[jaro3]

Pokud jde o tu hru , tak to viry nebude , zkus jinou sekci.

[Xialoxeen]

Ok, každopádně mnohokrát děkuji za Váš čas a ochotu.

S pozdravem a přáním hezkého večera

Xialoxeen