Kontrola logu-není BFE Vyřešeno

[kimamia]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:12:03, on 21.5.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)

FIREFOX: 27.0.1 (cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
T:\Hamachi\hamachi-2-ui.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
P:\Mozilla Firefox\firefox.exe
P:\Microsoft Office\Office15\MsoSync.exe
P:\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
C:\Users\Tomik\Desktop\HijackThis.exe
P:\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - P:\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - P:\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - P:\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [AvastUI.exe] "p:\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "P:\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://P:\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://P:\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://P:\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Od&eslat do OneNotu - res://P:\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout s IDM - P:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - P:\Internet Download Manager\IEGetAll.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - P:\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - P:\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - P:\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Unknown owner - p:\AVAST Software\Avast\AvastSvc.exe (file missing)
O23 - Service: Avast Firewall (avast! Firewall) - Unknown owner - p:\AVAST Software\Avast\afwServ.exe (file missing)
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - p:\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - T:\Hamachi\hamachi-2.exe
O23 - Service: MBAMService - Malwarebytes Corporation - p:\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

--
End of file - 8385 bytes

[Reklama]

[kimamia]

Problém stále stejný.
BFE není ve službách
windows firewall nejde zapnout
nejde nainstalovat žádný antivir

[jerabina]

Dobře, podíváme se na to.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[kimamia]

ComboFix 15-05-19.01 - Tomik 21.05.2015 23:49:17.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.2279 [GMT 2:00]
Spuštěný z: c:\users\Tomik\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Tomik\AppData\Roaming\inst.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-21 do 2015-05-21 )))))))))))))))))))))))))))))))
.
.
2015-05-21 09:05 . 2015-05-21 08:27 24064 ----a-w- c:\windows\zoek-delete.exe
2015-05-21 09:05 . 2015-05-21 22:11 -------- d-----w- c:\users\Tomik\AppData\Local\Temp
2015-05-21 08:27 . 2015-05-21 08:59 -------- d-----w- C:\zoek_backup
2015-05-21 05:59 . 2015-05-21 05:59 -------- d-----w- c:\program files\Common Files\Java
2015-05-21 05:55 . 2015-05-21 06:09 -------- d-----w- c:\users\Tomik\AppData\Local\Adobe
2015-05-20 19:10 . 2015-05-21 08:02 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-20 19:10 . 2015-05-20 19:23 -------- d-----w- c:\programdata\RogueKiller
2015-05-20 18:58 . 2015-05-20 18:58 -------- d-----w- C:\RegBackup
2015-05-20 16:59 . 2015-05-20 18:32 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-20 16:58 . 2015-04-14 07:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-20 16:58 . 2015-04-14 07:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-20 16:58 . 2015-04-14 07:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-20 16:58 . 2015-05-20 16:58 -------- d-----w- c:\programdata\Malwarebytes
2015-05-20 16:38 . 2015-05-20 18:27 -------- d-----w- C:\AdwCleaner
2015-05-19 16:25 . 2015-05-19 16:25 427736 ----a-w- c:\windows\system32\drivers\yecfodtv.sys
2015-05-19 14:49 . 2015-05-19 14:49 26096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-05-19 14:49 . 2015-04-22 08:15 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-19 14:49 . 2015-05-19 14:49 271248 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-05-15 14:24 . 2015-05-01 13:16 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:45 . 2015-04-20 02:56 909312 ----a-w- c:\windows\system32\FntCache.dll
2015-05-13 10:44 . 2015-03-04 04:11 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-05-12 09:34 . 2015-05-12 09:35 -------- d-----w- c:\programdata\Freemake
2015-05-12 08:56 . 2015-02-25 08:24 25912 ----a-w- c:\windows\system32\authuitu.dll
2015-05-12 08:54 . 2015-02-25 08:24 36664 ----a-w- c:\windows\system32\uxtuneup.dll
2015-05-12 08:49 . 2015-02-25 08:25 37176 ----a-w- c:\windows\system32\TURegOpt.exe
2015-05-12 08:49 . 2015-05-12 08:49 -------- d-----w- c:\users\Tomik\AppData\Roaming\AVG
2015-05-12 08:48 . 2015-05-20 09:17 -------- d-----w- c:\program files\AVG
2015-05-12 08:48 . 2015-05-12 08:48 -------- d-----w- c:\users\Tomik\AppData\Local\Avg
2015-05-12 08:45 . 2015-05-12 08:53 -------- d-----w- c:\programdata\AVG
2015-05-12 08:28 . 2015-05-12 08:28 -------- d-----w- c:\users\Tomik\AppData\Roaming\MPC-HC
2015-05-12 08:25 . 2011-12-07 18:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2015-05-12 08:25 . 2014-12-21 13:57 3588608 ----a-w- c:\windows\system32\x264vfw.dll
2015-05-12 08:25 . 2014-12-04 22:55 655872 ----a-w- c:\windows\system32\xvidcore.dll
2015-05-12 08:25 . 2014-11-14 14:11 240128 ----a-w- c:\windows\system32\xvidvfw.dll
2015-05-12 08:25 . 2012-07-21 11:54 122880 ----a-w- c:\windows\system32\ac3acm.acm
2015-05-12 08:25 . 2015-01-13 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2015-05-12 08:25 . 2015-05-12 08:25 -------- d-----w- c:\program files\K-Lite Codec Pack
2015-05-12 08:14 . 2015-05-12 08:14 -------- d-----w- c:\users\Tomik\AppData\Roaming\Media Player Classic
2015-04-23 12:12 . 2015-04-23 12:12 3039424 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1029\MSOINTL.DLL
2015-04-22 15:19 . 2015-04-22 15:19 112455352 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-04-22 15:19 . 2015-04-22 15:19 26815168 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-04-22 11:55 . 2015-04-22 11:55 -------- d-----w- c:\windows\system32\vbox
2015-04-22 08:15 . 2015-04-22 08:15 43112 ------w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-21 05:58 . 2015-03-31 05:17 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-05-21 05:55 . 2012-04-01 15:54 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-21 05:55 . 2011-06-04 12:50 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-05 01:12 . 2015-05-13 10:45 248832 ----a-w- c:\windows\system32\schannel.dll
2015-04-27 19:05 . 2015-05-13 10:46 92160 ----a-w- c:\windows\system32\sechost.dll
2015-04-22 08:16 . 2014-08-10 12:04 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-22 08:16 . 2014-08-10 12:04 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-22 08:16 . 2013-07-09 14:01 427992 ------w- c:\windows\system32\drivers\aswSP.sys
2015-04-22 08:16 . 2013-07-09 14:01 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-22 08:16 . 2013-07-09 14:01 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-22 08:16 . 2013-07-09 14:01 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-22 08:16 . 2013-07-09 14:01 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-22 08:15 . 2013-07-09 14:01 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-15 12:58 . 2014-03-12 06:58 18178736 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2015-03-25 03:00 . 2015-04-15 05:25 35328 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:00 . 2015-04-15 05:25 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00 . 2015-04-15 05:25 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00 . 2015-04-15 05:25 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:00 . 2015-04-15 05:25 29696 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:00 . 2015-04-15 05:25 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 05:25 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:00 . 2015-04-15 05:25 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00 . 2015-04-15 05:25 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00 . 2015-04-15 05:25 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:00 . 2015-04-15 05:25 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-23 03:06 . 2015-04-15 05:26 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06 . 2015-04-15 05:26 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06 . 2015-04-15 05:26 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06 . 2015-04-15 05:26 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06 . 2015-04-15 05:26 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06 . 2015-04-15 05:26 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:06 . 2015-04-15 05:26 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 02:59 . 2015-04-15 05:26 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-12 08:24 . 2015-03-12 08:15 119872 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-03-10 03:08 . 2015-04-15 05:25 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:05 . 2015-04-15 05:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-05 04:06 . 2015-04-15 05:26 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-03-04 04:16 . 2015-04-15 05:26 249784 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:10 . 2015-04-15 05:26 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 10:44 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 10:44 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 10:44 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:03 . 2015-04-15 05:25 514560 ----a-w- c:\windows\system32\drivers\http.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-11-18 09:06 233128 ----a-w- c:\users\Tomik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-11-18 09:06 233128 ----a-w- c:\users\Tomik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-11-18 09:06 233128 ----a-w- c:\users\Tomik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 15:11 1729752 ----a-w- p:\micros~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 15:11 1729752 ----a-w- p:\micros~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 15:11 1729752 ----a-w- p:\micros~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- p:\internet download manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="p:\daemon tools lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-03-06 22:22 1018056 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-04-30 11:45 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" /Background
"Boxoft Tools"="c:\programdata\Boxtools\Boxofttoolbox.exe" -autorun
"Only-search"=c:\users\Tomik\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe
"Google Update"="c:\users\Tomik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UVS10 Preload"=p:\ulead systems\Ulead VideoStudio SE DVD\uvPL.exe
"AtherosBtStack"="c:\program files\Atheros\Bluetooth Suite\BtvStack.exe"
"AthBtTray"="c:\program files\Atheros\Bluetooth Suite\AthBtTray.exe"
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
.
R2 avast! Firewall;Avast Firewall;p:\avast software\Avast\afwServ.exe [x]
R2 MBAMService;MBAMService;p:\malwarebytes anti-malware\mbamservice.exe [2015-04-14 1080120]
R2 VBoxAswDrv;VBoxAsw Support Driver;p:\avast software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R3 Asushwio;Asushwio;d:\bin\Asushwio.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-03-30 38440]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2010-03-30 47144]
R3 AvastVBoxSvc;AvastVBox COM Service;p:\avast software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-04-18 256360]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-03-30 177704]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-04-13 46952]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-04-18 143080]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-04-21 230760]
R3 cpuz134;cpuz134;c:\users\Tomik\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-07-05 12400]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 nuviocir;Nuvoton W836x7HG CIR Device Driver;c:\windows\system32\DRIVERS\nuviocir_win7_x86.sys [2009-06-19 29696]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2010-04-16 1521544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-04 1343400]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Atheros\Ath_CoexAgent.exe [2010-04-29 151552]
R4 AtherosSvc;AtherosSvc;c:\program files\Atheros\Bluetooth Suite\adminservice.exe [2010-05-05 38560]
R4 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2015-05-19 271248]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-03-19 38448]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-05-19 26096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-22 787760]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-04-22 427992]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-15 243128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-22 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-22 74976]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-22 106912]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;t:\hamachi\hamachi-2.exe [2012-11-15 1435568]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-03-12 119872]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2015-02-25 2161976]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-03-30 28200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 60544]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 141568]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2014-09-09 12320]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
utcsvc REG_MULTI_SZ DiagTrack
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2015-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 05:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - p:\micros~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do Microsoft Excelu - p:\micros~1\Office15\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - p:\micros~1\Office14\ONBttnIE.dll/105
IE: Od&eslat do OneNotu - p:\micros~1\Office15\ONBttnIE.dll/105
IE: Stáhnout s IDM - p:\internet download manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - p:\internet download manager\IEGetAll.htm
TCP: DhcpNameServer = 10.157.0.1 4.2.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2011-06-05 11:44; smartwebprinting@hp.com; p:\hp\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-AvastUI.exe - p:\avast software\Avast\AvastUI.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3838077319-2819224973-1163748220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3838077319-2819224973-1163748220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3720)
c:\program files\Atheros\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
t:\hamachi\hamachi-2-ui.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
p:\microsoft office\Office15\MsoSync.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
c:\program files\AVG\AVG PC TuneUp\TURatingSynch.exe
.
**************************************************************************
.
Celkový čas: 2015-05-22 00:17:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-21 22:17
.
Před spuštěním: 6 049 026 048
Po spuštění: 5 738 213 376
.
- - End Of File - - 429E700D0E76B2A0DD3D3B7CEC422AA4
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

Odinstaluj:
AVG PC TuneUp

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
Collect::
c:\windows\system32\drivers\yecfodtv.sys

RegLock::
[HKEY_USERS\S-1-5-21-3838077319-2819224973-1163748220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3838077319-2819224973-1163748220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[kimamia]

ComboFix 15-05-19.01 - Tomik 22.05.2015 10:54:50.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.2173 [GMT 2:00]
Spuštěný z: c:\users\Tomik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tomik\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\system32\drivers\yecfodtv.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\yecfodtv.sys
c:\windows\system32\uxtD89.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-22 do 2015-05-22 )))))))))))))))))))))))))))))))
.
.
2015-05-22 09:12 . 2015-05-22 09:13 -------- d-----w- c:\users\Tomik\AppData\Local\temp
2015-05-22 09:12 . 2015-05-22 09:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-21 09:05 . 2015-05-21 08:27 24064 ----a-w- c:\windows\zoek-delete.exe
2015-05-21 08:27 . 2015-05-21 08:59 -------- d-----w- C:\zoek_backup
2015-05-21 05:59 . 2015-05-21 05:59 -------- d-----w- c:\program files\Common Files\Java
2015-05-21 05:55 . 2015-05-21 06:09 -------- d-----w- c:\users\Tomik\AppData\Local\Adobe
2015-05-20 19:10 . 2015-05-21 08:02 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-20 19:10 . 2015-05-20 19:23 -------- d-----w- c:\programdata\RogueKiller
2015-05-20 18:58 . 2015-05-20 18:58 -------- d-----w- C:\RegBackup
2015-05-20 16:59 . 2015-05-20 18:32 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-20 16:58 . 2015-04-14 07:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-20 16:58 . 2015-04-14 07:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-20 16:58 . 2015-04-14 07:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-20 16:58 . 2015-05-20 16:58 -------- d-----w- c:\programdata\Malwarebytes
2015-05-20 16:38 . 2015-05-20 18:27 -------- d-----w- C:\AdwCleaner
2015-05-19 14:49 . 2015-05-19 14:49 26096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-05-19 14:49 . 2015-04-22 08:15 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-19 14:49 . 2015-05-19 14:49 271248 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-05-15 14:24 . 2015-05-01 13:16 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:45 . 2015-04-20 02:56 909312 ----a-w- c:\windows\system32\FntCache.dll
2015-05-13 10:44 . 2015-03-04 04:11 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-05-12 09:34 . 2015-05-12 09:35 -------- d-----w- c:\programdata\Freemake
2015-05-12 08:49 . 2015-05-12 08:49 -------- d-----w- c:\users\Tomik\AppData\Roaming\AVG
2015-05-12 08:48 . 2015-05-20 09:17 -------- d-----w- c:\program files\AVG
2015-05-12 08:48 . 2015-05-12 08:48 -------- d-----w- c:\users\Tomik\AppData\Local\Avg
2015-05-12 08:45 . 2015-05-12 08:53 -------- d-----w- c:\programdata\AVG
2015-05-12 08:28 . 2015-05-12 08:28 -------- d-----w- c:\users\Tomik\AppData\Roaming\MPC-HC
2015-05-12 08:25 . 2011-12-07 18:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2015-05-12 08:25 . 2014-12-21 13:57 3588608 ----a-w- c:\windows\system32\x264vfw.dll
2015-05-12 08:25 . 2014-12-04 22:55 655872 ----a-w- c:\windows\system32\xvidcore.dll
2015-05-12 08:25 . 2014-11-14 14:11 240128 ----a-w- c:\windows\system32\xvidvfw.dll
2015-05-12 08:25 . 2012-07-21 11:54 122880 ----a-w- c:\windows\system32\ac3acm.acm
2015-05-12 08:25 . 2015-01-13 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2015-05-12 08:25 . 2015-05-12 08:25 -------- d-----w- c:\program files\K-Lite Codec Pack
2015-05-12 08:14 . 2015-05-12 08:14 -------- d-----w- c:\users\Tomik\AppData\Roaming\Media Player Classic
2015-04-23 12:12 . 2015-04-23 12:12 3039424 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1029\MSOINTL.DLL
2015-04-22 15:19 . 2015-04-22 15:19 112455352 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-04-22 15:19 . 2015-04-22 15:19 26815168 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-04-22 11:55 . 2015-04-22 11:55 -------- d-----w- c:\windows\system32\vbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-21 05:58 . 2015-03-31 05:17 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-05-21 05:55 . 2012-04-01 15:54 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-21 05:55 . 2011-06-04 12:50 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-05 01:12 . 2015-05-13 10:45 248832 ----a-w- c:\windows\system32\schannel.dll
2015-04-27 19:05 . 2015-05-13 10:46 92160 ----a-w- c:\windows\system32\sechost.dll
2015-04-22 08:16 . 2014-08-10 12:04 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-22 08:16 . 2014-08-10 12:04 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-22 08:16 . 2013-07-09 14:01 427992 ------w- c:\windows\system32\drivers\aswSP.sys
2015-04-22 08:16 . 2013-07-09 14:01 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-22 08:16 . 2013-07-09 14:01 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-22 08:16 . 2013-07-09 14:01 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-22 08:16 . 2013-07-09 14:01 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-22 08:15 . 2015-04-22 08:15 43112 ------w- c:\windows\avastSS.scr
2015-04-22 08:15 . 2013-07-09 14:01 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-15 12:58 . 2014-03-12 06:58 18178736 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2015-03-25 03:00 . 2015-04-15 05:25 35328 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:00 . 2015-04-15 05:25 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00 . 2015-04-15 05:25 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00 . 2015-04-15 05:25 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:00 . 2015-04-15 05:25 29696 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:00 . 2015-04-15 05:25 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 05:25 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:00 . 2015-04-15 05:25 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00 . 2015-04-15 05:25 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00 . 2015-04-15 05:25 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:00 . 2015-04-15 05:25 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-23 03:06 . 2015-04-15 05:26 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06 . 2015-04-15 05:26 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06 . 2015-04-15 05:26 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06 . 2015-04-15 05:26 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06 . 2015-04-15 05:26 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06 . 2015-04-15 05:26 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:06 . 2015-04-15 05:26 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 02:59 . 2015-04-15 05:26 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-12 08:24 . 2015-03-12 08:15 119872 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-03-10 03:08 . 2015-04-15 05:25 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:05 . 2015-04-15 05:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-05 04:06 . 2015-04-15 05:26 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-03-04 04:16 . 2015-04-15 05:26 249784 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:10 . 2015-04-15 05:26 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 10:44 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 10:44 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 10:44 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:03 . 2015-04-15 05:25 514560 ----a-w- c:\windows\system32\drivers\http.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-11-18 09:06 233128 ----a-w- c:\users\Tomik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-11-18 09:06 233128 ----a-w- c:\users\Tomik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-11-18 09:06 233128 ----a-w- c:\users\Tomik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 15:11 1729752 ----a-w- p:\micros~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 15:11 1729752 ----a-w- p:\micros~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 15:11 1729752 ----a-w- p:\micros~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- p:\internet download manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="p:\daemon tools lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
"AvastUI.exe"="p:\avast software\Avast\AvastUI.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-03-06 22:22 1018056 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-04-30 11:45 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" /Background
"Boxoft Tools"="c:\programdata\Boxtools\Boxofttoolbox.exe" -autorun
"Only-search"=c:\users\Tomik\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe
"Google Update"="c:\users\Tomik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UVS10 Preload"=p:\ulead systems\Ulead VideoStudio SE DVD\uvPL.exe
"AtherosBtStack"="c:\program files\Atheros\Bluetooth Suite\BtvStack.exe"
"AthBtTray"="c:\program files\Atheros\Bluetooth Suite\AthBtTray.exe"
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
.
R2 avast! Firewall;Avast Firewall;p:\avast software\Avast\afwServ.exe [x]
R2 MBAMService;MBAMService;p:\malwarebytes anti-malware\mbamservice.exe [2015-04-14 1080120]
R2 VBoxAswDrv;VBoxAsw Support Driver;p:\avast software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R3 Asushwio;Asushwio;d:\bin\Asushwio.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-03-30 38440]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2010-03-30 47144]
R3 AvastVBoxSvc;AvastVBox COM Service;p:\avast software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-04-18 256360]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-03-30 177704]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-04-13 46952]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-04-18 143080]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-04-21 230760]
R3 CFcatchme;CFcatchme;c:\users\Tomik\AppData\Local\Temp\CFcatchme.sys [x]
R3 cpuz134;cpuz134;c:\users\Tomik\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-07-05 12400]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 nuviocir;Nuvoton W836x7HG CIR Device Driver;c:\windows\system32\DRIVERS\nuviocir_win7_x86.sys [2009-06-19 29696]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2010-04-16 1521544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-04 1343400]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Atheros\Ath_CoexAgent.exe [2010-04-29 151552]
R4 AtherosSvc;AtherosSvc;c:\program files\Atheros\Bluetooth Suite\adminservice.exe [2010-05-05 38560]
R4 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2015-05-19 271248]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-03-19 38448]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-05-19 26096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-22 787760]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-04-22 427992]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-15 243128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-22 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-22 74976]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-22 106912]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;t:\hamachi\hamachi-2.exe [2012-11-15 1435568]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-03-12 119872]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-03-30 28200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 60544]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 141568]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
utcsvc REG_MULTI_SZ DiagTrack
.
Obsah adresáře 'Naplánované úlohy'
.
2015-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 05:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - p:\micros~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do Microsoft Excelu - p:\micros~1\Office15\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - p:\micros~1\Office14\ONBttnIE.dll/105
IE: Od&eslat do OneNotu - p:\micros~1\Office15\ONBttnIE.dll/105
IE: Stáhnout s IDM - p:\internet download manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - p:\internet download manager\IEGetAll.htm
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2011-06-05 11:44; smartwebprinting@hp.com; p:\hp\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3884)
c:\program files\Atheros\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
t:\hamachi\hamachi-2-ui.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
p:\microsoft office\Office15\MsoSync.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2015-05-22 11:19:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-22 09:19
ComboFix2.txt 2015-05-21 22:17
.
Před spuštěním: 5 754 470 400
Po spuštění: 5 696 098 304
.
- - End Of File - - 01AC12E738EEA671A10A72A8E85302CC
A36C5E4F47E84449FF07ED3517B43A31

[kimamia]

HJT se aktualizovalo na 2.0.4 a je tam jen dát scan. Když jsem ho dal tak to projelo, ale výpis automaticky nevyskočil. Kde ho najdu, nebo na co mám kliknout ? Na info ? V tom info je tohle.

* Trend Micro HijackThis v2.0.4 *


See bottom for version history.

The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components

Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention

* Version history *

[v2.0.4]
* Fixed parser issues on winlogon notify
* Fixed issues to handle certain environment variables
* Rename HJT generates complete scan log
[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release

A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.

[kimamia]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-05-22 11:33:25
-----------------------------
11:33:25.661 OS Version: Windows 6.1.7601 Service Pack 1
11:33:25.661 Number of processors: 4 586 0x1C0A
11:33:25.661 ComputerName: DOMÁCÍ UserName: Tomik
11:34:09.741 Initialize success
11:34:09.771 VM: initialized successfully
11:34:09.771 VM: Intel CPU virtualization not supported
11:34:22.612 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
11:34:22.612 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
11:34:22.737 Disk 0 MBR read successfully
11:34:22.737 Disk 0 MBR scan
11:34:22.753 Disk 0 Windows 7 default MBR code
11:34:22.753 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 2048
11:34:22.768 Disk 0 default boot code
11:34:22.784 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 61969 MB offset 208896
11:34:22.784 Disk 0 Partition - 00 0F Extended LBA 414865 MB offset 127122345
11:34:22.815 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 9020 MB offset 127122408
11:34:22.815 Disk 0 Partition - 00 05 Extended 308419 MB offset 145597095
11:34:22.846 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 308419 MB offset 145597158
11:34:22.862 Disk 0 Partition - 00 05 Extended 97424 MB offset 795715515
11:34:22.893 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 97424 MB offset 777240828
11:34:22.909 Disk 0 scanning sectors +976766976
11:34:22.955 Disk 0 scanning C:\Windows\system32\drivers
11:34:29.539 Service scanning
11:34:30.802 Service Asushwio D:\Bin\Asushwio.sys **LOCKED** 21
11:34:41.145 Modules scanning
11:34:41.161 Disk 0 trace - called modules:
11:34:41.192 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
11:34:41.208 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872a0518]
11:34:41.254 3 CLASSPNP.SYS[845bd59e] -> nt!IofCallDriver -> [0x8710f930]
11:34:41.270 5 ACPI.sys[8441e3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x87139330]
11:34:41.286 Disk 0 statistics 94203/0/0 @ 7,94 MB/s
11:34:41.301 Scan finished successfully
11:35:04.654 Disk 0 MBR has been saved successfully to "C:\Users\Tomik\Desktop\MBR.dat"
11:35:04.670 The log file has been saved successfully to "C:\Users\Tomik\Desktop\aswMBR.txt"

[Orcus]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Vyčisti systém CCleanerem

Stáhni tuto verzi HJT a neaktualizuj ji:
http://sourceforge.net/projects/hjt/fil ... t/download

[kimamia]

Vyčičtěno.
Služba BFE už je
Firewall Windows už jde spustit
Instalace Avast Internet Security taky úspěšná

Jestli je ještě něco potřeba udělat tak napište. Jinak potom dám fajfku. Moc a moc děkuji. Jste fakt machři.
Až nad tím zůstává rozum stát co všechno musíte vědět a umět.
Je to nenahraditelný co lidem ušetříte peněz, času a nervů. Hlavně nervů. Ještě jednou moc díky.

[jerabina]

Super, jsem rád, že to už funguje, jsme tu od toho, aby jsme pomohli

Ještě to dočistíme, postupuj podle návodu kolegy:

Stáhni tuto verzi HJT a neaktualizuj ji:
http://sourceforge.net/projects/hjt/fil ... t/download

[kimamia]

To už jsem udělal. Je to verze 2.0.5