Virus csrss.exe, 100CPU usage

[mople71]

Jsou to validní procesy OS, ale teoreticky můžou být infikované... Dáme si tedy ještě jeden sken:


Stáhni si ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypni trvale antivir! V průběhu skenu neotevírej žádná okna!

Ulož na Plochu. Zavři všechny okna, spusť jako správce, vše odsouhlas a nech CF pracovat.

Po dokončení skenu proběhne restart (nemusí) a log bude zde: C:\ComboFix.txt

Jeho obsah sem prosím vlož.

[Reklama]

[Dean100]

ComboFix 15-05-07.01 - Dave 05/09/2015 1:21.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.3124 [GMT 2:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-04-08 to 2015-05-08 )))))))))))))))))))))))))))))))
.
.
2015-05-08 23:33 . 2015-05-08 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-08 23:30 . 2015-05-08 23:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF3F725B-7249-4838-B5E4-AA4913485DDC}\offreg.dll
2015-05-08 14:59 . 2015-05-08 14:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-05-08 14:59 . 2015-05-08 14:59 -------- d-----r- c:\program files (x86)\Skype
2015-05-08 14:59 . 2015-05-08 14:59 -------- d-----w- c:\programdata\Skype
2015-05-08 13:57 . 2015-05-08 13:57 -------- d-----w- c:\programdata\Riot Games
2015-05-08 13:55 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2015-05-08 13:55 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2015-05-08 13:55 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2015-05-08 11:52 . 2015-04-20 07:58 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF3F725B-7249-4838-B5E4-AA4913485DDC}\mpengine.dll
2015-05-08 09:43 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2015-05-08 09:43 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2015-05-08 09:43 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2015-05-08 09:43 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2015-05-08 02:21 . 2015-05-08 01:38 -------- d-----w- c:\windows\Panther
2015-05-08 01:57 . 2015-05-08 01:57 -------- d-----w- c:\windows\SysWow64\Wat
2015-05-08 01:57 . 2015-05-08 01:57 -------- d-----w- c:\windows\system32\Wat
2015-05-08 01:38 . 2015-05-08 14:59 -------- d-----w- c:\users\Dave
2015-05-08 01:38 . 2015-05-08 01:38 -------- d-----w- C:\Recovery
2015-05-08 01:31 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2015-05-08 01:00 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-05-08 01:00 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-05-08 00:19 . 2015-05-08 01:10 -------- d-----w- c:\program files (x86)\Hearthstone
2015-05-08 00:14 . 2015-05-08 00:14 -------- d-----w- c:\program files (x86)\Battle.net
2015-05-08 00:14 . 2015-05-08 00:14 -------- d-----w- c:\programdata\Blizzard Entertainment
2015-05-08 00:10 . 2015-05-08 00:11 -------- d-----w- c:\programdata\Battle.net
2015-05-07 21:54 . 2015-05-07 21:54 -------- d-----w- c:\program files\Common Files\logishrd
2015-05-07 21:17 . 2005-02-05 17:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2015-05-07 20:32 . 2015-05-08 20:24 -------- d-----w- C:\FRST
2015-05-07 20:27 . 2015-05-07 20:27 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-07 20:27 . 2015-04-14 07:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-07 20:27 . 2015-04-14 07:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-07 20:20 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-05-07 20:20 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2015-05-07 20:20 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2015-05-07 20:20 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2015-05-07 20:20 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2015-05-07 20:18 . 2015-05-07 20:27 -------- d-----w- c:\programdata\Malwarebytes
2015-05-07 20:18 . 2015-05-07 20:27 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-07 20:18 . 2015-05-07 20:29 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-07 20:18 . 2015-04-14 07:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-07 20:10 . 2015-05-07 20:13 -------- d-----w- C:\AdwCleaner
2015-05-07 19:38 . 2010-05-26 18:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2015-05-07 19:34 . 2015-05-07 19:34 -------- d-----w- c:\program files (x86)\Microsoft.NET
2015-05-07 19:32 . 2015-05-07 19:37 -------- d-----w- c:\program files\NVIDIA Corporation
2015-05-07 19:31 . 2015-05-07 19:31 -------- d-----w- C:\NVIDIA
2015-05-07 19:20 . 2015-05-07 19:20 -------- d-----w- c:\program files (x86)\Gaming Keyboard
2015-05-07 19:20 . 2015-05-07 19:20 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2015-05-07 18:59 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-05-07 18:59 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-05-07 18:57 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-05-07 18:57 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-05-07 18:53 . 2015-05-07 18:53 -------- d-----w- c:\program files (x86)\Alcohol Soft
2015-05-07 18:48 . 2015-05-07 18:50 -------- d-s---w- c:\windows\system32\GWX
2015-05-07 18:48 . 2015-05-07 18:48 -------- d-s---w- c:\windows\SysWow64\GWX
2015-05-07 18:48 . 2015-05-07 18:48 -------- d-s---w- c:\windows\system32\CompatTel
2015-05-07 18:48 . 2015-05-07 18:48 -------- d-----w- c:\windows\system32\appraiser
2015-05-07 18:46 . 2015-05-07 18:46 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
2015-05-07 18:37 . 2015-05-07 18:37 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-05-07 18:37 . 2015-05-07 18:37 542272 ----a-w- c:\program files\Internet Explorer\pdm.dll
2015-05-07 18:37 . 2015-05-07 18:37 400968 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
2015-05-07 18:37 . 2015-05-07 18:37 147968 ----a-w- c:\windows\system32\occache.dll
2015-05-07 18:37 . 2015-05-07 18:37 105568 ----a-w- c:\program files\Internet Explorer\pdmproxy100.dll
2015-05-07 18:37 . 2015-05-07 18:37 774144 ----a-w- c:\windows\system32\jscript.dll
2015-05-07 18:37 . 2015-05-07 18:37 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-05-07 18:37 . 2015-05-07 18:37 142336 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2015-05-07 18:37 . 2015-05-07 18:37 13824 ----a-w- c:\windows\system32\mshta.exe
2015-05-07 18:37 . 2015-05-07 18:37 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-05-07 18:35 . 2015-05-07 18:35 859648 ----a-w- c:\windows\system32\tdh.dll
2015-05-07 18:35 . 2015-05-07 18:35 878080 ----a-w- c:\windows\system32\advapi32.dll
2015-05-07 18:35 . 2015-05-07 18:35 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-07 18:35 . 2015-05-07 18:35 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-07 17:58 . 2015-05-07 17:58 -------- d-----w- c:\programdata\Oracle
2015-05-07 17:51 . 2015-05-07 18:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-05-07 17:44 . 2015-05-07 17:44 -------- d-----w- c:\program files\ESET
2015-05-07 17:28 . 2015-05-07 17:29 -------- d-----w- c:\windows\system32\MRT
2015-05-07 17:19 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2015-05-07 17:19 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2015-05-07 17:19 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2015-05-07 17:19 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2015-05-07 17:19 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2015-05-07 17:19 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2015-05-07 17:19 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2015-05-07 17:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-05-07 17:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2015-05-07 17:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2015-05-07 17:10 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-05-07 17:10 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-05-07 17:10 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-05-07 17:10 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-05-07 17:10 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-05-07 17:10 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-05-07 17:10 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-05-07 17:10 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-05-07 17:08 . 2014-03-04 09:44 39936 ----a-w- c:\windows\system32\wincredprovider.dll
2015-05-07 17:07 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2015-05-07 17:06 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-05-07 16:59 . 2015-05-08 14:59 -------- d-sh--w- c:\windows\Installer
2015-05-07 16:55 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2015-05-07 16:55 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-05-07 16:54 . 2015-05-07 16:54 -------- d-----w- c:\program files (x86)\Google
2015-05-07 16:54 . 2015-05-07 16:54 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-07 16:54 . 2015-05-07 16:54 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-07 16:54 . 2015-05-07 16:54 -------- d-----w- c:\windows\SysWow64\Macromed
2015-05-07 16:54 . 2015-05-07 16:54 -------- d-----w- c:\windows\system32\Macromed
2015-05-07 16:47 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2015-05-07 16:47 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2015-05-07 16:47 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-17 04:56 . 2015-05-07 17:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-02-24 11:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\programy\Steam\steam.exe" [2015-04-13 2889408]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31280256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe" [2013-04-09 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-07 17:14 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-04-09 2673296]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-04-09 1570672]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-05-09 01:54:25
ComboFix-quarantined-files.txt 2015-05-08 23:54
.
Pre-Run: 64,460,345,344 bytes free
Post-Run: 64,060,055,552 bytes free
.
- - End Of File - - 1A8A01A2742C222B19E7F463A6625431
A36C5E4F47E84449FF07ED3517B43A31

[Orcus]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::

KillAll::

Folder::
c:\program files (x86)\Skype\Updater\

Driver::
SkypeUpdate

RegLock::
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.




- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

====================================================

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Dean100]

ComboFix 15-05-07.01 - Dave 05/11/2015 19:31:52.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2985 [GMT 2:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
Command switches used :: c:\users\Dave\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2015-04-11 to 2015-05-11 )))))))))))))))))))))))))))))))
.
.
2015-05-11 17:44 . 2015-05-11 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-11 00:12 . 2015-05-11 00:12 -------- d-----w- c:\windows\system32\appmgmt
2015-05-10 23:07 . 2015-05-10 23:07 -------- d-----w- c:\program files (x86)\OpenOffice 4
2015-05-10 17:32 . 2015-05-10 17:32 -------- d-----w- C:\Minecraft_Backup
2015-05-09 21:51 . 2015-05-09 21:51 -------- d-----w- c:\program files\WinRAR
2015-05-09 21:32 . 2015-05-09 21:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-05-09 21:32 . 2015-05-09 21:32 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-09 21:32 . 2015-05-09 21:32 -------- d-----w- c:\program files (x86)\Java
2015-05-09 21:28 . 2015-05-09 21:28 -------- d-----w- c:\programdata\LogMeIn
2015-05-09 21:27 . 2015-05-09 21:27 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2015-05-08 14:59 . 2015-05-08 14:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-05-08 14:59 . 2015-05-11 17:37 -------- d-----r- c:\program files (x86)\Skype
2015-05-08 14:59 . 2015-05-08 14:59 -------- d-----w- c:\programdata\Skype
2015-05-08 13:57 . 2015-05-08 13:57 -------- d-----w- c:\programdata\Riot Games
2015-05-08 13:55 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2015-05-08 13:55 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2015-05-08 13:55 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2015-05-08 11:52 . 2015-04-20 07:58 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF3F725B-7249-4838-B5E4-AA4913485DDC}\mpengine.dll
2015-05-08 09:43 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2015-05-08 09:43 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2015-05-08 09:43 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2015-05-08 09:43 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2015-05-08 02:21 . 2015-05-08 01:38 -------- d-----w- c:\windows\Panther
2015-05-08 01:57 . 2015-05-08 01:57 -------- d-----w- c:\windows\SysWow64\Wat
2015-05-08 01:57 . 2015-05-08 01:57 -------- d-----w- c:\windows\system32\Wat
2015-05-08 01:38 . 2015-05-08 14:59 -------- d-----w- c:\users\Dave
2015-05-08 01:38 . 2015-05-08 01:38 -------- d-----w- C:\Recovery
2015-05-08 01:31 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2015-05-08 01:00 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-05-08 01:00 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-05-08 00:19 . 2015-05-08 01:10 -------- d-----w- c:\program files (x86)\Hearthstone
2015-05-08 00:14 . 2015-05-08 00:14 -------- d-----w- c:\program files (x86)\Battle.net
2015-05-08 00:14 . 2015-05-08 00:14 -------- d-----w- c:\programdata\Blizzard Entertainment
2015-05-08 00:10 . 2015-05-08 00:11 -------- d-----w- c:\programdata\Battle.net
2015-05-07 21:54 . 2015-05-07 21:54 -------- d-----w- c:\program files\Common Files\logishrd
2015-05-07 21:17 . 2005-02-05 17:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2015-05-07 20:32 . 2015-05-08 20:24 -------- d-----w- C:\FRST
2015-05-07 20:27 . 2015-05-07 20:27 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-07 20:27 . 2015-04-14 07:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-07 20:27 . 2015-04-14 07:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-07 20:20 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-05-07 20:20 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2015-05-07 20:20 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2015-05-07 20:20 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2015-05-07 20:20 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2015-05-07 20:18 . 2015-05-07 20:27 -------- d-----w- c:\programdata\Malwarebytes
2015-05-07 20:18 . 2015-05-07 20:27 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-07 20:18 . 2015-05-07 20:29 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-07 20:18 . 2015-04-14 07:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-07 20:10 . 2015-05-07 20:13 -------- d-----w- C:\AdwCleaner
2015-05-07 19:38 . 2010-05-26 18:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2015-05-07 19:34 . 2015-05-07 19:34 -------- d-----w- c:\program files (x86)\Microsoft.NET
2015-05-07 19:32 . 2015-05-07 19:37 -------- d-----w- c:\program files\NVIDIA Corporation
2015-05-07 19:31 . 2015-05-07 19:31 -------- d-----w- C:\NVIDIA
2015-05-07 19:20 . 2015-05-07 19:20 -------- d-----w- c:\program files (x86)\Gaming Keyboard
2015-05-07 19:20 . 2015-05-07 19:20 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2015-05-07 18:59 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-05-07 18:59 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-05-07 18:57 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-05-07 18:57 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-05-07 18:53 . 2015-05-07 18:53 -------- d-----w- c:\program files (x86)\Alcohol Soft
2015-05-07 18:48 . 2015-05-07 18:50 -------- d-s---w- c:\windows\system32\GWX
2015-05-07 18:48 . 2015-05-07 18:48 -------- d-s---w- c:\windows\SysWow64\GWX
2015-05-07 18:48 . 2015-05-07 18:48 -------- d-s---w- c:\windows\system32\CompatTel
2015-05-07 18:48 . 2015-05-07 18:48 -------- d-----w- c:\windows\system32\appraiser
2015-05-07 18:46 . 2015-05-07 18:46 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
2015-05-07 18:37 . 2015-05-07 18:37 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-05-07 18:37 . 2015-05-07 18:37 542272 ----a-w- c:\program files\Internet Explorer\pdm.dll
2015-05-07 18:37 . 2015-05-07 18:37 400968 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
2015-05-07 18:37 . 2015-05-07 18:37 147968 ----a-w- c:\windows\system32\occache.dll
2015-05-07 18:37 . 2015-05-07 18:37 105568 ----a-w- c:\program files\Internet Explorer\pdmproxy100.dll
2015-05-07 18:37 . 2015-05-07 18:37 774144 ----a-w- c:\windows\system32\jscript.dll
2015-05-07 18:37 . 2015-05-07 18:37 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-05-07 18:37 . 2015-05-07 18:37 142336 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2015-05-07 18:37 . 2015-05-07 18:37 13824 ----a-w- c:\windows\system32\mshta.exe
2015-05-07 18:37 . 2015-05-07 18:37 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-05-07 18:35 . 2015-05-07 18:35 859648 ----a-w- c:\windows\system32\tdh.dll
2015-05-07 18:35 . 2015-05-07 18:35 878080 ----a-w- c:\windows\system32\advapi32.dll
2015-05-07 18:35 . 2015-05-07 18:35 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-07 18:35 . 2015-05-07 18:35 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-07 17:58 . 2015-05-07 17:58 -------- d-----w- c:\programdata\Oracle
2015-05-07 17:51 . 2015-05-07 18:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-05-07 17:44 . 2015-05-07 17:44 -------- d-----w- c:\program files\ESET
2015-05-07 17:28 . 2015-05-07 17:29 -------- d-----w- c:\windows\system32\MRT
2015-05-07 17:19 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2015-05-07 17:19 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2015-05-07 17:19 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2015-05-07 17:19 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2015-05-07 17:19 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2015-05-07 17:19 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2015-05-07 17:19 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2015-05-07 17:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-05-07 17:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2015-05-07 17:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2015-05-07 17:10 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-05-07 17:10 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-05-07 17:10 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-05-07 17:10 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-05-07 17:10 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-05-07 17:10 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-05-07 17:10 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-05-07 17:10 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-05-07 17:08 . 2014-03-04 09:44 39936 ----a-w- c:\windows\system32\wincredprovider.dll
2015-05-07 17:07 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2015-05-07 17:06 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-05-07 16:59 . 2015-05-11 00:12 -------- d-sh--w- c:\windows\Installer
2015-05-07 16:55 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2015-05-07 16:55 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-05-07 16:54 . 2015-05-07 16:54 -------- d-----w- c:\program files (x86)\Google
2015-05-07 16:54 . 2015-05-07 16:54 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-07 16:54 . 2015-05-07 16:54 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-07 16:54 . 2015-05-07 16:54 -------- d-----w- c:\windows\SysWow64\Macromed
2015-05-07 16:54 . 2015-05-07 16:54 -------- d-----w- c:\windows\system32\Macromed
2015-05-07 16:47 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2015-05-07 16:47 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2015-05-07 16:47 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-30 13:25 . 2015-03-30 13:25 33856 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2015-03-17 04:56 . 2015-05-07 17:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-02-24 11:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\programy\Steam\steam.exe" [2015-04-13 2889408]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31280256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe" [2013-04-09 270336]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-03-30 3978600]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-07 17:14 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-04-09 2673296]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-04-09 1570672]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Gaming Keyboard\OSD.exe
.
**************************************************************************
.
Completion time: 2015-05-11 20:11:08 - machine was rebooted
ComboFix-quarantined-files.txt 2015-05-11 18:10
ComboFix2.txt 2015-05-08 23:54
.
Pre-Run: 58,758,320,128 bytes free
Post-Run: 58,561,474,560 bytes free
.
- - End Of File - - D1F741DCF2E610C80738FE2AFE391947
A36C5E4F47E84449FF07ED3517B43A31

[Dean100]

V tomto testu se CONHOST.exe vymazal a následně i zmizel ze správce zařízení. Myslím ten (pravděpodobně s tím virem). Ted už tam běží jen validní procesy OS, které mají i umístění a všechno. Mám tedy dělat i ten další test? Vše už vypadá, že běží jak má.

[jerabina]

Ahoj, pro jistotu ho udělej. Pomocí něho zjistíme, jestli nemáš náhodou v počítači nějaké rootkity(programy kryjící jiné viry). To není nikdy na škodu

[Dean100]

Další den se conhost. exe a csrss.exe objevil ve správci úloh a byl tu dokonce puštěný 3x a pouze 1x s viditelným umístěním. Pustil jsem Combofix znovu a opět to je v pohodě :) a tu přínáším log z dalšího programu. Omlouvám se za pozdější odpověd, ale mám sváťák a učím se jak drak na maturitu :) Díky za prominutí

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-05-14 13:04:38
-----------------------------
13:04:38.056 OS Version: Windows x64 6.1.7601 Service Pack 1
13:04:38.056 Number of processors: 4 586 0x403
13:04:38.056 ComputerName: DAVE-PC UserName: Dave
13:04:38.290 Initialize success
13:04:38.321 VM: initialized successfully
13:04:38.321 VM: Amd CPU supported
13:04:42.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
13:04:42.984 Disk 0 Vendor: INTEL_SS DC32 Size: 114473MB BusType: 3
13:04:42.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000064
13:04:43.000 Disk 1 Vendor: ST310005 CC38 Size: 953869MB BusType: 3
13:04:43.000 Disk 0 MBR read successfully
13:04:43.000 Disk 0 MBR scan
13:04:43.000 Disk 0 Windows 7 default MBR code
13:04:43.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:04:43.015 Disk 0 default boot code
13:04:43.015 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
13:04:43.015 Disk 0 scanning C:\Windows\system32\drivers
13:04:44.170 Service scanning
13:04:48.538 Service ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys **LOCKED** 5
13:04:48.585 Service epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys **LOCKED** 5
13:04:50.847 Modules scanning
13:04:50.847 Disk 0 trace - called modules:
13:04:50.847 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800382d2c0]<<sptd.sys storport.sys hal.dll nvstor.sys
13:04:50.847 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80040f1060]
13:04:50.862 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8003948690]
13:04:50.862 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000063[0xfffffa8003d1d9c0]
13:04:50.862 \Driver\nvstor[0xfffffa80037f1d40] -> IRP_MJ_CREATE -> 0xfffffa800382d2c0
13:04:50.862 Disk 0 statistics 87442/0/0 @ 76.24 MB/s
13:04:50.862 Scan finished successfully
13:36:35.135 Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\MBR.dat"
13:36:35.150 The log file has been saved successfully to "C:\Users\Dave\Desktop\aswMBR.txt"

[jerabina]

Log z Combofixu nám dodat můžeš?

[MiliNess]

Omluva za vstup.
Jen malé vysvětlení

Další den se conhost. exe a csrss.exe objevil ve správci úloh a byl tu dokonce puštěný 3x a pouze 1x s viditelným umístěním.

Procesu subsystému prostředí csrss.exe existuje pro každou relaci jedna instance. Pokud je k počítači přihlášený jeden uživatel, budou existovat 2 instance csrss.exe (pro relaci 0 a pro relaci přihlášeného uživatele). S každým novým přihlášeným uživatelem, vzroste počet instancí csrss.exe o jednu. Tedy dva přihlášení uživatélé->tři instance csrss.exe, tři přihlášení uživatelé->čtyři csrss.exe a pod.
Je to tedy zcela přirozené, nehledejte v tom něco nekalého.

Co se týká procesu conhost.exe, bude existovat tolikrát, kolik bude spuštěno konzolových aplikací. Pokud spustíš třeba 2x obyčejný příkazový řádek (cmd.exe), objeví se ti dva procesy conhost.exe.
Proces tedy může existovat třeba 100x a každá instance se váže k nějakému dalšímu procesu, který vidíš ve správci úloh.

[Dean100]

Děkuji za upřesnění a vysvětlení :) Já se jen bojím, aby to zase nebyl ten vir. Uživatele mám jenom sebe na pc. Snad to bude už v pohodě :) Zatím PC pracuje v pořádku.

ComboFix 15-05-07.01 - Dave 05/14/2015 12:11:29.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2018 [GMT 2:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
Command switches used :: c:\users\Dave\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-04-14 to 2015-05-14 )))))))))))))))))))))))))))))))
.
.
2015-05-14 10:23 . 2015-05-14 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-14 00:43 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:43 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:52 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-05-12 13:53 . 2015-04-20 07:58 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{085F2AEE-7DAB-4797-9D6C-67819D7E4859}\mpengine.dll
2015-05-11 00:12 . 2015-05-11 00:12 -------- d-----w- c:\windows\system32\appmgmt
2015-05-10 23:07 . 2015-05-10 23:07 -------- d-----w- c:\program files (x86)\OpenOffice 4
2015-05-10 17:32 . 2015-05-10 17:32 -------- d-----w- C:\Minecraft_Backup
2015-05-09 21:51 . 2015-05-09 21:51 -------- d-----w- c:\program files\WinRAR
2015-05-09 21:32 . 2015-05-09 21:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-05-09 21:32 . 2015-05-09 21:32 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-09 21:32 . 2015-05-09 21:32 -------- d-----w- c:\program files (x86)\Java
2015-05-09 21:28 . 2015-05-09 21:28 -------- d-----w- c:\programdata\LogMeIn
2015-05-09 21:27 . 2015-05-09 21:27 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2015-05-08 14:59 . 2015-05-08 14:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-05-08 14:59 . 2015-05-11 17:37 -------- d-----r- c:\program files (x86)\Skype
2015-05-08 14:59 . 2015-05-08 14:59 -------- d-----w- c:\programdata\Skype
2015-05-08 13:57 . 2015-05-08 13:57 -------- d-----w- c:\programdata\Riot Games
2015-05-08 13:55 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2015-05-08 13:55 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2015-05-08 13:55 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2015-05-08 09:43 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2015-05-08 09:43 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2015-05-08 09:43 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2015-05-08 09:43 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2015-05-08 02:21 . 2015-05-08 01:38 -------- d-----w- c:\windows\Panther
2015-05-08 01:57 . 2015-05-08 01:57 -------- d-----w- c:\windows\SysWow64\Wat
2015-05-08 01:57 . 2015-05-08 01:57 -------- d-----w- c:\windows\system32\Wat
2015-05-08 01:38 . 2015-05-08 14:59 -------- d-----w- c:\users\Dave
2015-05-08 01:38 . 2015-05-08 01:38 -------- d-----w- C:\Recovery
2015-05-08 01:31 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2015-05-08 01:00 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-05-08 01:00 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-05-08 00:19 . 2015-05-08 01:10 -------- d-----w- c:\program files (x86)\Hearthstone
2015-05-08 00:14 . 2015-05-11 18:17 -------- d-----w- c:\program files (x86)\Battle.net
2015-05-08 00:14 . 2015-05-08 00:14 -------- d-----w- c:\programdata\Blizzard Entertainment
2015-05-08 00:10 . 2015-05-08 00:11 -------- d-----w- c:\programdata\Battle.net
2015-05-07 21:54 . 2015-05-07 21:54 -------- d-----w- c:\program files\Common Files\logishrd
2015-05-07 21:17 . 2005-02-05 17:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2015-05-07 20:32 . 2015-05-08 20:24 -------- d-----w- C:\FRST
2015-05-07 20:27 . 2015-05-07 20:27 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-07 20:27 . 2015-04-14 07:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-07 20:27 . 2015-04-14 07:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-07 20:20 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-05-07 20:20 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2015-05-07 20:20 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2015-05-07 20:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2015-05-07 20:20 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2015-05-07 20:20 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2015-05-07 20:18 . 2015-05-07 20:27 -------- d-----w- c:\programdata\Malwarebytes
2015-05-07 20:18 . 2015-05-07 20:27 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-07 20:18 . 2015-05-07 20:29 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-07 20:18 . 2015-04-14 07:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-07 20:17 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2015-05-07 20:17 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2015-05-07 20:17 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2015-05-07 20:17 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2015-05-07 20:17 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2015-05-07 20:17 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2015-05-07 20:17 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2015-05-07 20:17 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2015-05-07 20:17 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2015-05-07 20:17 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2015-05-07 20:17 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2015-05-07 20:17 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2015-05-07 20:10 . 2015-05-07 20:13 -------- d-----w- C:\AdwCleaner
2015-05-07 19:38 . 2010-05-26 18:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2015-05-07 19:38 . 2010-05-26 18:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2015-05-07 19:34 . 2015-05-07 19:34 -------- d-----w- c:\program files (x86)\Microsoft.NET
2015-05-07 19:32 . 2015-05-07 19:37 -------- d-----w- c:\program files\NVIDIA Corporation
2015-05-07 19:31 . 2015-05-07 19:31 -------- d-----w- C:\NVIDIA
2015-05-07 19:20 . 2015-05-07 19:20 -------- d-----w- c:\program files (x86)\Gaming Keyboard
2015-05-07 19:20 . 2015-05-07 19:20 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2015-05-07 18:59 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-05-07 18:59 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-05-07 18:57 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-05-07 18:57 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-05-07 18:53 . 2015-05-07 18:53 -------- d-----w- c:\program files (x86)\Alcohol Soft
2015-05-07 18:48 . 2015-05-07 18:50 -------- d-s---w- c:\windows\system32\GWX
2015-05-07 18:48 . 2015-05-07 18:48 -------- d-s---w- c:\windows\SysWow64\GWX
2015-05-07 18:48 . 2015-05-07 18:48 -------- d-s---w- c:\windows\system32\CompatTel
2015-05-07 18:48 . 2015-05-07 18:48 -------- d-----w- c:\windows\system32\appraiser
2015-05-07 18:46 . 2015-05-07 18:46 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
2015-05-07 18:37 . 2015-05-07 18:37 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-05-07 18:37 . 2015-05-07 18:37 542272 ----a-w- c:\program files\Internet Explorer\pdm.dll
2015-05-07 18:37 . 2015-05-07 18:37 400968 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
2015-05-07 18:37 . 2015-05-07 18:37 147968 ----a-w- c:\windows\system32\occache.dll
2015-05-07 18:37 . 2015-05-07 18:37 105568 ----a-w- c:\program files\Internet Explorer\pdmproxy100.dll
2015-05-07 18:37 . 2015-05-07 18:37 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-05-07 18:37 . 2015-05-07 18:37 142336 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2015-05-07 18:37 . 2015-05-07 18:37 13824 ----a-w- c:\windows\system32\mshta.exe
2015-05-07 18:37 . 2015-05-07 18:37 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-05-07 17:58 . 2015-05-07 17:58 -------- d-----w- c:\programdata\Oracle
2015-05-07 17:51 . 2015-05-07 18:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-05-07 17:44 . 2015-05-07 17:44 -------- d-----w- c:\program files\ESET
2015-05-07 17:28 . 2015-05-14 00:46 -------- d-----w- c:\windows\system32\MRT
2015-05-07 17:19 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2015-05-07 17:19 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2015-05-07 17:19 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2015-05-07 17:19 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2015-05-07 17:19 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2015-05-07 17:19 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2015-05-07 17:19 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2015-05-07 17:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-05-07 17:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2015-05-07 17:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2015-05-07 17:10 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-05-07 17:10 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-05-07 17:10 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-05-07 17:10 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-05-07 17:10 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-05-07 17:10 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-05-07 17:10 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-05-07 17:10 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-05-07 17:08 . 2014-03-04 09:44 39936 ----a-w- c:\windows\system32\wincredprovider.dll
2015-05-07 17:07 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2015-05-07 17:06 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2015-05-07 16:59 . 2015-05-14 00:52 -------- d-sh--w- c:\windows\Installer
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-27 19:04 . 2015-05-13 12:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-30 13:25 . 2015-03-30 13:25 33856 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2015-03-04 04:41 . 2015-05-13 12:52 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 12:52 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-05-13 12:52 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 12:52 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 12:52 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-24 11:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\programy\Steam\steam.exe" [2015-04-13 2889408]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31280256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe" [2013-04-09 270336]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-03-30 3978600]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-07 17:14 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-04-09 2673296]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-04-09 1570672]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2015-05-14 12:48:44 - machine was rebooted
ComboFix-quarantined-files.txt 2015-05-14 10:48
ComboFix2.txt 2015-05-11 18:11
ComboFix3.txt 2015-05-08 23:54
.
Pre-Run: 58,548,629,504 bytes free
Post-Run: 58,062,090,240 bytes free
.
- - End Of File - - 860F274F3543003788D57ACF06C5A4CC
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Vlož nový log z HJT + informuj o problémech.