Pomalé PC Vyřešeno

[jerabina]

Odinstaluj vše od Uniblue, jedná se o produkty z této stránky: http://www.uniblue.com/
Dělá to v počítači akorát bordel.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::

Folder::
c:\program files (x86)\Google\Update
c:\programdata\RogueKiller

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf8d5b25fe0c8d.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Reklama]

[hukuj]

S těmi programy Uniblue tomu moc nerozumím, já si tam nic vědomě nenainstaloval. Ale všiml jsem si, že "PC Mechanic" se mi tam nainstaloval (spouštěcí odkaz byl na ploše) společně s tím "CrystalDiscInfo" z odkazu, co jste mi doporučili. Ale pak to něčím, co jsem dělal dál podle vašich pokynů, zase zmizelo. A teď už jsem našel v Program Files jen prázdnou složku Uniblue. Tak snad tam už nic nemám.
Jinak jsem udělal ten ComboFix a tady je log:


ComboFix 15-05-28.01 - oem 30.05.2015 22:06:54.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1790.821 [GMT 2:00]
Spuštěný z: c:\users\oem\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\oem\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf8d5b25fe0c8d.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.27.5\goopdate.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.27.5\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.27.5\psmachine.dll
c:\program files (x86)\Google\Update\1.3.27.5\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.27.5\psuser.dll
c:\program files (x86)\Google\Update\1.3.27.5\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{17DA49E9-B505-422B-AF60-E7317BF1BBE8}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.27.5\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.81\43.0.2357.81_43.0.2357.65_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.6227.252\GoogleToolbarInstaller_updater_signed.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{08F418C7-47FB-4B24-9E49-4442CFDC421E}\43.0.2357.65_42.0.2311.152_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{1A22F2E5-E4FC-471B-9BC2-E1CB74A2C886}\41.0.2272.101_chrome_installer.exe
c:\program files (x86)\Google\Update\Install\{20B5A9E5-6BBA-4CEE-A080-AFBDB44EA0C5}\41.0.2272.101_41.0.2272.89_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{20FF99DE-7942-4100-AB6B-72414EFBF68A}\43.0.2357.81_43.0.2357.65_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{48C16CA0-69AE-4F4B-9DA9-B35B7343F05F}\41.0.2272.118_41.0.2272.101_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{49A05597-1D37-47E9-9374-84B93FF79EBE}\42.0.2311.90_41.0.2272.118_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{56AE05FA-8418-4CC1-9AC0-EE2AA4D94C6E}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{6B6E9EAF-B42F-4B9C-826C-F8AE226A43E1}\42.0.2311.135_42.0.2311.90_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{920D9662-9A52-4ECC-B796-0742775DADFA}\42.0.2311.152_42.0.2311.135_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{A61639B8-850B-4D74-8891-229494F53CAC}\GoogleToolbarInstaller_updater_signed.exe
c:\program files (x86)\Google\Update\Install\{A6287BC0-691A-41B5-9F6C-F44C16B412B7}\40.0.2214.111_40.0.2214.94_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{C93F5B0B-2B56-4683-ABE0-5E2BC3314262}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{DDFD29FF-B12A-41CA-92C3-3C026C387E19}\41.0.2272.89_40.0.2214.115_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{EDC74F0A-82CF-4BA8-9EA7-14FF58F227D6}\GoogleUpdateSetup.exe
c:\programdata\RogueKiller
c:\programdata\RogueKiller\config.ini
c:\programdata\RogueKiller\Logs\RKreport_DEL_05052015_201526.log
c:\programdata\RogueKiller\Logs\RKreport_DEL_05302015_180105.log
c:\programdata\RogueKiller\Logs\RKreport_SCN_05042015_195226.log
c:\programdata\RogueKiller\Logs\RKreport_SCN_05052015_201328.log
c:\programdata\RogueKiller\Logs\RKreport_SCN_05292015_230517.log
c:\programdata\RogueKiller\Logs\RKreport_SCN_05292015_230932.log
c:\programdata\RogueKiller\Logs\RKreport_SCN_05302015_174554.log
c:\programdata\RogueKiller\vt.cache
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-28 do 2015-05-30 )))))))))))))))))))))))))))))))
.
.
2015-05-30 20:16 . 2015-05-30 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-30 16:32 . 2015-05-30 16:04 24064 ----a-w- c:\windows\zoek-delete.exe
2015-05-30 16:32 . 2015-05-30 20:20 -------- d-----w- c:\users\oem\AppData\Local\Temp
2015-05-30 16:04 . 2015-05-30 16:25 -------- d-----w- C:\zoek_backup
2015-05-30 16:01 . 2015-05-30 16:01 -------- d-----w- c:\users\oem\AppData\Local\CrashDumps
2015-05-30 13:04 . 2015-05-30 13:04 -------- d-----w- c:\users\oem\AppData\Local\Adobe
2015-05-29 21:28 . 2015-05-29 21:29 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2015-05-29 20:28 . 2015-05-29 20:28 -------- d-----w- C:\RegBackup
2015-05-29 07:32 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6707882A-BECB-412F-8A5F-39DBA9F0BC93}\mpengine.dll
2015-05-28 17:43 . 2015-05-28 17:45 -------- d-----w- C:\AdwCleaner
2015-05-28 17:34 . 2015-05-28 17:34 -------- d-----w- c:\users\oem\AppData\Local\ATI
2015-05-28 17:34 . 2015-05-28 17:34 -------- d-----w- c:\users\oem\AppData\Local\AVerMedia
2015-05-19 19:04 . 2015-05-20 06:36 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-05-13 21:56 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:56 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 07:52 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-13 07:50 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-05-13 07:49 . 2015-01-29 03:19 2543104 ----a-w- c:\windows\system32\wpdshext.dll
2015-05-13 07:49 . 2015-01-29 03:19 1195008 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-05-13 07:49 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll
2015-05-13 07:48 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-05-13 07:48 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-05-13 07:48 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-13 07:48 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-13 07:48 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-13 07:48 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-13 07:48 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-13 07:48 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-13 07:48 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-10 10:19 . 2015-05-10 10:19 165376 ----a-w- c:\program files (x86)\SystemLook_x64.exe
2015-05-09 18:46 . 2015-05-09 18:46 -------- d-----w- c:\program files\CCleaner
2015-05-08 17:48 . 2015-05-24 17:07 -------- d-----w- c:\programdata\AVerTV
2015-05-08 17:47 . 2008-09-15 03:32 90112 ------r- c:\windows\SysWow64\CardID.dll
2015-05-08 17:47 . 2007-02-08 13:09 49152 ------r- c:\windows\SysWow64\AVerIO.dll
2015-05-08 17:47 . 2005-04-28 19:08 3456 ------r- c:\windows\SysWow64\AVerIO.sys
2015-05-08 17:47 . 2008-09-04 18:22 245760 ------r- c:\windows\SysWow64\sptlib03.dll
2015-05-08 17:47 . 2008-09-04 18:22 249856 ------r- c:\windows\SysWow64\sptlib01.dll
2015-05-08 17:47 . 2007-03-16 09:27 253952 ------r- c:\windows\SysWow64\sptlib02.dll
2015-05-08 17:46 . 2015-05-08 17:47 -------- d-----w- c:\program files (x86)\Common Files\AVerMedia
2015-05-08 17:30 . 2015-05-08 17:30 -------- d-----w- c:\programdata\AVerMedia
2015-05-08 14:11 . 2015-05-08 17:46 -------- d-----w- c:\program files (x86)\AVerMedia
2015-05-02 18:59 . 2015-05-03 13:56 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2015-05-02 18:59 . 2015-05-02 18:59 -------- d-----w- c:\program files\Common Files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-30 20:19 . 2014-11-08 11:56 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-30 15:37 . 2014-11-09 20:17 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-30 12:21 . 2015-04-10 14:47 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-05-13 21:59 . 2010-10-05 14:41 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 01:29 . 2015-05-13 07:53 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 07:53 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-04-27 19:23 . 2015-05-13 07:51 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05 . 2015-05-13 07:51 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:04 . 2015-05-13 07:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-18 13:36 . 2015-04-18 13:36 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-18 13:36 . 2014-11-26 22:52 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-18 13:36 . 2014-11-26 22:52 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-18 13:36 . 2014-11-26 22:52 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-18 13:36 . 2014-11-26 22:52 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-18 13:36 . 2014-11-26 22:52 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-18 13:36 . 2014-11-26 22:52 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-18 13:36 . 2014-11-26 22:52 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-18 13:36 . 2015-04-18 13:36 43112 ----a-w- c:\windows\avastSS.scr
2015-04-18 13:36 . 2014-11-26 22:52 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-15 14:54 . 2012-09-23 16:13 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 14:54 . 2011-11-29 17:37 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2014-11-08 11:56 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-11-08 11:56 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-11-08 11:56 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-25 03:24 . 2015-04-15 06:47 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 06:47 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 06:47 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 06:47 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 06:47 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 06:47 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 06:47 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 06:47 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 06:47 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 06:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 06:47 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 06:47 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 06:47 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 06:47 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 06:47 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 06:47 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 06:46 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 06:46 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 06:46 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 06:46 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 06:46 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 06:46 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 06:46 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 06:46 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 06:45 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 06:45 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 06:45 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 06:45 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 06:46 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 06:46 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 06:43 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 06:43 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 07:48 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 07:48 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 06:43 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 07:48 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 07:48 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 07:48 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2010-11-05 18:53 . 2010-11-05 18:52 6274424 ----a-w- c:\program files (x86)\Silverlight.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-18 5512912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2015-5-8 159744]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2015-5-8 663552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AVerBDA3x_x64;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVerBDA3x_x64.sys [x]
R3 AVerIT13x;AVerMedia A835B USB DVB-T;c:\windows\system32\Drivers\AVerIT13x_x64.sys;c:\windows\SYSNATIVE\Drivers\AVerIT13x_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 AVerA706_x64;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVerA706_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-25 21:22 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-18 13:36 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Celkový čas: 2015-05-30 22:28:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-30 20:28
ComboFix2.txt 2015-05-30 17:24
.
Před spuštěním: Volných bajtů: 340 047 495 168
Po spuštění: Volných bajtů: 339 904 299 008
.
- - End Of File - - 0A48BC00CE0DF3ADFA39A38FA4F0168E
A36C5E4F47E84449FF07ED3517B43A31

[jerabina]

V pořádku, je možné, že se jedná o součást CDI.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Co problémy? + nový log z HJT

[hukuj]

Nevím, co je CDI a k čemu ta odpověď patří, ale pokud je to OK, tak to vědět nemusím.

Ten ComboFix jsem odinstaloval, ale ještě předtím jsem to zdrbal, protože jsem ho (omlouvám se, nečetl jsme instrukci přesně) znovu spustil a pak jsem to nemohl zastavit. Nechtěl jsme čekat, ukončil jsem ho přes správce úloh a asi to není to pravý ořechový, protože po restartu to zase cca 5 min bylo strašně pomalý a přetížený, ale to bylo možná tím. Teď je to zas OK. Akorát nevím, když jsem si tam teď nainstaloval znovu CCleaner a mám u něj aktivní (podle lišty na hlavním panelu) jakýsi monitoring, jestli není lepší to vypnout (což snad v tom nastavení někde najdu).

Ale teď mě napadla ještě jedna věc, která asi nepatří do tohoto tématu. Už nějakou dobu mám potíže s myší, která místo 1x klikne levým tl. většinou nechtěně 2x, nemohlo být to přetížení tím a nikoli infekcí? Že se jako každá aplikace spouštěla dvakrát - některých jsem to poznal a druhý okno hned zavřel, ale nevím.

Tak tady je ten poslední log HTJ. Problémy - kromě shora uvedených, které se vyskytovaly nejčastěji po spuštění nebo po restartu - teď nemám.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:09:40, on 31.5.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
C:\Users\oem\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6575 bytes

[jerabina]

CDI = Crystal Disk Info, omlouvám se za použití zkratky.

Nejlepší to není, co se vám stalo s ComboFixem. Tyto nástroje jsou velice sofistikované a musejí se používat podle určitých postupů, každopádně jestli už ty problémy nejsou, tak je to v pořádku a nějakou větší paseku to nenapáchalo.

Pokud se vám program spustí 2x tak to je samozřejmě pro počítač náročnější, takže si na to dávat pozor a když tak pořídit novou myš, protože to vypadá na HW chybu.

CCleaner monitoring vypneme přes HJT, je zbytečné, aby to běželo na pozadí.

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - zelenou "fajfku"

[hukuj]

To fixnutí v HJT jsem zvládl. Problémy teď nejsou a možná to ani kvůli infekci nebyly (připomínám, že jsem "pololama"). Ale než to uzavřu a poděkuju, mám ještě jeden dotaz. Posledně mi po obdobném čištění (podle vašich návodů) nezůstalo nic z toho, co jsem během toho nainstaloval. Laicky předpokládám, že to nakonec "uklidí" ten Delfix. Teď mi ale zůstalo nainstalováno: ATF-Cleaner, CClenaer, CrystalDiscInfo a memtest. Nevadí to? Chápu to dobře, že když to nebudu spouštět, tak to žádnou "činnost na pozadí" nebo "monitoring" samo nedělá? U toho CCleaneru jsme ten monitoring zrušili, tomu rozumím, ale ty ostatní si nejsu jistej. Díky.
Jo a myš co nejdřív vyměním. Ona fakt pořád kliká 2x a možná to mohlo být i tím.



# DelFix v1.010 - Logfile created 31/05/2015 at 15:35:10
# Updated 26/04/2015 by Xplode
# Username : oem - OEM-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\oem\Desktop\AdwCleaner.exe
Deleted : C:\Users\oem\Desktop\JRT.exe
Deleted : C:\Users\oem\Desktop\hijackthis 1.txt
Deleted : C:\Users\oem\Desktop\hijackthis.exe
Deleted : C:\Users\oem\Desktop\RogueKillerX64.exe
Deleted : C:\Users\oem\Desktop\TFC.exe
Deleted : C:\Users\oem\Desktop\zoek.exe
Deleted : C:\Users\oem\Downloads\HijackThis.exe
Deleted : C:\Users\oem\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #675 [ComboFix created restore point | 05/31/2015 10:55:54]
Deleted : RP #676 [AA11 | 05/31/2015 12:00:17]

New restore point created !

########## - EOF - ##########

[jerabina]

Ahoj!

Tvé otázky rád zodpovím

ATF-Cleaner, Memtest ani Crystal Disk Info nejsou v Delfixu zabudované, takže je nutné je vymazat/odinstalovat ručně. Akorát zabírají místo, nic jiného na pozadí nedělají.
CCleaner si klidně můžeš ponechat a jednou za čas jím můžeš dle návodu počítač pročistit. Pokud ho ale nechceš, tak ho normálně odinstaluj přes ovládací panely.

[hukuj]

Tak jo. Tak všem moc děkuju, vypadá to, že problémy už nejsou.