Notebook zamrzá Prosím o kontrolu logu

[robotus]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-03-19 20:58:58
-----------------------------
20:58:58.995 OS Version: Windows x64 6.1.7601 Service Pack 1
20:58:58.995 Number of processors: 4 586 0x2502
20:58:59.011 ComputerName: TOSHIBA UserName:
20:59:01.023 Initialize success
20:59:01.054 VM: initialized successfully
20:59:01.054 VM: Intel CPU supported virtualized
20:59:11.042 VM: supported disk I/O iaStor.sys
20:59:15.145 AVAST engine defs: 16031802
20:59:57.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:59:57.328 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
20:59:57.562 VM: Disk 0 MBR read successfully
20:59:57.577 Disk 0 MBR scan
20:59:58.092 Disk 0 Windows 7 default MBR code
20:59:58.108 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 800 MB offset 63
20:59:58.123 Disk 0 default boot code
20:59:58.279 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238472 MB offset 1638630
20:59:58.295 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 476129 MB offset 490030695
20:59:58.560 Disk 0 scanning C:\Windows\system32\drivers
21:00:12.288 Service scanning
21:01:02.551 Modules scanning
21:01:02.551 Disk 0 trace - called modules:
21:01:02.598 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:01:02.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d53060]
21:01:02.614 3 CLASSPNP.SYS[fffff8800233c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004972050]
21:01:03.877 AVAST engine scan C:\Windows
21:01:07.091 AVAST engine scan C:\Windows\system32
21:04:03.324 AVAST engine scan C:\Windows\system32\drivers
21:04:18.113 AVAST engine scan C:\Users\Jiří Jamník
21:19:49.123 AVAST engine scan C:\ProgramData
21:23:23.592 Disk 0 statistics 4128762/0/22 @ 1.70 MB/s
21:23:23.608 Scan finished successfully
21:23:35.386 Disk 0 MBR has been saved successfully to "C:\Users\Jiří Jamník\Desktop\MBR.dat"
21:23:35.386 The log file has been saved successfully to "C:\Users\Jiří Jamník\Desktop\aswMBR.txt"

[Reklama]

[Orcus]

Skript combofixu se neprovedl. Zkus jej prosím ještě jednou, ale v nouzovém režimu.

[robotus]

Nouzový režim F8 nejde spustit (nenaběhne menu). Jedině bych to nastavil v msconfig, ale mám obavu, že už to pak nikdy nenaběhne. Počítač spustím pouze když mačkám střídavě F10 a enter (po celou dobu je černá obrazovka, nenaskočí bootovací menu a pak comp najede v normálním režimu). Co tedy dělat?

[Orcus]

Zkus to přes tento nástroj:
https://www.foolishit.com/bootsafe/

[robotus]

Tak jsem to zkusil a nenaběhnul. Už nenaskočí ani když to vypnu na tvrdo a pak mačkám F10 a Enter. Co teď?

[robotus]

Počítám, že tak jedině přeinstalovat win 7. Akorát nevím jak to udělat, když mám jenom product key. Vytvořit bootovací flash? Jak?

[robotus]

Asi na devátý pokus něco naběhlo, když jsem držel F10. Nevím co s tím. Na obrazovce je:

Cesta: \Windows\system32\winload.exe
oddíl: 2
Pevný disk:6377875b
[ /NOEXECUTE=OPTIN /SAFEBOOT:MINIMAL /SOS
]

odeslat nebo storno?

[robotus]

Dal jsem odeslat. Asi 30 min byla na monitoru hláška, že systém něco načítá. Poté černá obrazovka. Takže jsem to na tvrdo vypnul, znova zapnul a naběhlo to v nouzovém režimu. Teď jsem teda spustil script v CF.

[robotus]

ComboFix 16-03-18.01 - Jiří Jamník 20.03.2016 13:31:13.5.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3955.3058 [GMT 1:00]
Spuštěný z: c:\users\Ji°Ý JamnÝk\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ji°Ý JamnÝk\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-20 do 2016-03-20 )))))))))))))))))))))))))))))))
.
.
2016-03-20 12:41 . 2016-03-20 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-20 08:50 . 2016-02-19 01:53 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AA1DF44-B53D-4F6A-BC9A-7F894BC6BA7A}\mpengine.dll
2016-03-18 19:17 . 2015-11-19 14:07 994760 ----a-w- c:\windows\system32\ucrtbase.dll
2016-03-18 19:16 . 2016-02-08 20:38 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-03-18 19:15 . 2016-02-11 18:52 1733592 ----a-w- c:\windows\system32\ntdll.dll
2016-03-18 19:14 . 2016-02-05 17:48 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-03-18 19:14 . 2016-02-05 18:54 41472 ----a-w- c:\windows\system32\lpk.dll
2016-03-18 19:14 . 2016-02-05 18:54 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-03-18 19:14 . 2016-02-05 18:53 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-03-18 19:14 . 2016-02-05 18:53 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-03-18 19:14 . 2016-02-05 18:50 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-03-18 19:14 . 2016-02-05 18:44 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-03-18 19:14 . 2016-02-05 18:42 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-03-18 19:14 . 2016-02-05 17:43 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-03-18 19:14 . 2016-02-05 17:43 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-03-18 16:32 . 2016-03-18 17:32 -------- d-----w- c:\programdata\Comodo
2016-03-18 09:06 . 2016-03-18 09:06 -------- d-----w- C:\zoek_backup
2016-03-17 21:55 . 2016-03-17 21:59 -------- d-----w- c:\windows\MATS
2016-03-17 21:55 . 2016-03-17 21:59 -------- d-----w- c:\program files\Microsoft Fix it Center
2016-03-17 20:58 . 2016-03-17 20:58 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-17 20:58 . 2016-03-17 20:58 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-16 11:18 . 2016-03-17 22:18 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-16 11:17 . 2016-03-16 17:59 -------- d-----w- c:\programdata\RogueKiller
2016-03-16 11:01 . 2016-03-18 19:38 -------- d-----w- c:\program files (x86)\AVG
2016-03-16 11:01 . 2016-03-18 19:38 -------- d-----w- c:\programdata\Avg
2016-03-16 11:00 . 2016-03-16 11:04 -------- d-----w- c:\users\Jiří Jamník\AppData\Local\Avg
2016-03-16 11:00 . 2016-03-16 11:00 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2016-03-16 06:55 . 2016-03-16 08:24 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-16 06:54 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-16 06:54 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-16 06:54 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-16 06:54 . 2016-03-16 06:54 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-03-15 22:01 . 2016-03-15 23:34 -------- d-----w- c:\program files (x86)\AdwCleaner
2016-03-15 13:57 . 2016-03-16 19:53 -------- d-----w- c:\program files\trend micro
2016-03-15 08:13 . 2016-03-15 08:12 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-03-15 08:13 . 2016-03-15 08:12 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-03-15 08:12 . 2016-03-15 08:12 52184 ----a-w- c:\windows\avastSS.scr
2016-02-21 21:41 . 2016-02-21 21:41 -------- d-----w- c:\program files (x86)\OpenXML-ODF Translator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-15 08:14 . 2011-03-09 08:47 1070904 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-03-15 08:14 . 2010-12-01 09:54 107792 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-03-15 08:14 . 2010-12-01 09:54 463744 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-03-15 08:13 . 2013-04-26 12:00 287016 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-03-15 08:13 . 2013-12-30 19:55 165344 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-03-15 08:12 . 2014-05-07 14:24 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-03-15 08:12 . 2013-04-26 12:00 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-03-15 08:12 . 2012-03-14 15:34 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-03-15 08:12 . 2015-08-25 15:58 154024 ----a-w- c:\windows\system32\drivers\ngvss.sys
2016-03-15 08:10 . 2013-06-13 14:34 462304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2016-03-11 05:51 . 2010-11-20 13:49 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-02-11 18:48 . 2016-03-18 19:15 344064 ----a-w- c:\windows\system32\schannel.dll
2016-02-11 18:37 . 2016-03-18 19:15 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-02-11 18:30 . 2016-03-18 19:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-01-22 06:19 . 2016-02-10 18:45 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-01-22 06:18 . 2016-02-10 18:46 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-01-22 06:18 . 2016-02-10 18:46 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-01-22 06:17 . 2016-02-10 18:46 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-01-22 06:15 . 2016-02-10 18:45 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-01-22 06:12 . 2016-02-10 18:45 1940992 ----a-w- c:\windows\system32\authui.dll
2016-01-22 06:04 . 2016-02-10 18:46 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-01-22 06:04 . 2016-02-10 18:46 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-01-22 06:02 . 2016-02-10 18:46 114176 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-01-22 06:02 . 2016-02-10 18:46 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-01-22 06:00 . 2016-02-10 18:45 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-01-22 05:59 . 2016-02-10 18:45 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-01-22 05:19 . 2016-02-10 18:45 3231232 ----a-w- c:\windows\explorer.exe
2016-01-22 05:12 . 2016-02-10 18:45 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-01-20 05:56 . 2015-03-26 09:33 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-01-16 19:01 . 2016-02-10 18:47 2085888 ----a-w- c:\windows\system32\ole32.dll
2016-01-16 18:36 . 2016-02-10 18:47 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2016-01-07 17:42 . 2016-02-10 18:48 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-01-06 19:02 . 2016-02-10 18:49 24576 ----a-w- c:\windows\system32\jnwmon.dll
2016-01-06 19:02 . 2016-02-10 18:49 275456 ----a-w- c:\windows\system32\InkEd.dll
2016-01-06 18:41 . 2016-02-10 18:49 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2009-02-13 10:02 . 2009-02-13 10:02 80896 ----a-w- c:\program files\devcon_amd64.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Jiří Jamník\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-08-12 73832]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2016-03-18 7139256]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-13 1085656]
"ZoneAlarm Installer"="c:\program files (x86)\CheckPoint\Install\Launcher.exe" [2016-03-18 439096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys;c:\program files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe;c:\program files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys;c:\windows\SYSNATIVE\drivers\LUMDriver.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R4 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S0 ngvss;ngvss; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-03-15 08:12 905248 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jiří Jamník\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jiří Jamník\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jiří Jamník\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jiří Jamník\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Otevřít programem PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Jiří Jamník\AppData\Roaming\Mozilla\Firefox\Profiles\gexw2bdx.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-{3651C800-6E7A-47E1-AEAD-ACF68509BF8D} - c:\programdata\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-03-20 13:45:00
ComboFix-quarantined-files.txt 2016-03-20 12:45
ComboFix2.txt 2016-03-19 19:55
ComboFix3.txt 2016-03-18 20:06
ComboFix4.txt 2016-03-18 17:57
ComboFix5.txt 2016-03-20 12:30
.
Před spuštěním: Volných bajtů: 36,340,760,576
Po spuštění: Volných bajtů: 35,976,286,208
.
- - End Of File - - B08AF98D0D5534EC1275903D9810E24A

[jaro3]

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

máš tam nainstalovány dva antiviry , dva firewally a dva antispywary..
jen odinstaluj a nový sken Combofixu.

[robotus]

Tomu moc nerozumím. V programech mám jeden avast, jeden zonealarm a jeden superantispyware. Všechno jsem to odinstaloval
a jdu na CF. Je nutný to před CF restartovat? Mám pak problém to nahodit.

[robotus]

Protože mám obavu, že by to po restartu nenaběhlo, tak jsem oddinstaloval avast, superantispyware a zonealarm a pak to projel CF. Log přikládám. Jestli to dobře chápu, tak to tam je pořád dvakrát, což nechápu. Protože, avast používám avast free, kde firewall je placený, Zonealarm nemám antivirus aktivovaný, u spyware si nejsem jistej.

ComboFix 16-03-18.01 - Jiří Jamník 20.03.2016 15:40:46.6.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3955.2835 [GMT 1:00]
Spuštěný z: c:\users\Ji°Ý JamnÝk\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ji°Ý JamnÝk\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-20 do 2016-03-20 )))))))))))))))))))))))))))))))
.
.
2016-03-20 14:45 . 2016-03-20 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-20 14:30 . 2016-03-15 08:13 287016 ----a-w- c:\windows\system32\drivers\asw7AA6.tmp
2016-03-20 14:30 . 2016-03-15 08:13 165344 ----a-w- c:\windows\system32\drivers\asw7D84.tmp
2016-03-20 14:30 . 2016-03-15 08:14 107792 ----a-w- c:\windows\system32\drivers\asw792D.tmp
2016-03-20 14:30 . 2016-03-15 08:14 463744 ----a-w- c:\windows\system32\drivers\asw7A38.tmp
2016-03-20 14:30 . 2016-03-15 08:12 74544 ----a-w- c:\windows\system32\drivers\asw79BA.tmp
2016-03-20 14:30 . 2016-03-15 08:12 37656 ----a-w- c:\windows\system32\drivers\asw789F.tmp
2016-03-20 14:29 . 2016-03-15 08:14 1070904 ----a-w- c:\windows\system32\drivers\asw73CC.tmp
2016-03-20 14:29 . 2016-03-15 08:12 103064 ----a-w- c:\windows\system32\drivers\asw7535.tmp
2016-03-20 14:29 . 2016-03-15 08:12 37144 ----a-w- c:\windows\system32\drivers\asw72E1.tmp
2016-03-20 14:29 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\asw74C7.tmp
2016-03-20 14:29 . 2016-03-15 08:12 154024 ----a-w- c:\windows\system32\drivers\ngv71E6.tmp
2016-03-20 14:29 . 2016-03-20 14:29 -------- d-s---w- c:\windows\SysWow64\Microsoft
2016-03-20 08:50 . 2016-02-19 01:53 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AA1DF44-B53D-4F6A-BC9A-7F894BC6BA7A}\mpengine.dll
2016-03-18 19:17 . 2015-11-19 14:07 994760 ----a-w- c:\windows\system32\ucrtbase.dll
2016-03-18 19:16 . 2016-02-08 20:38 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-03-18 19:15 . 2016-02-11 18:52 1733592 ----a-w- c:\windows\system32\ntdll.dll
2016-03-18 19:14 . 2016-02-05 17:48 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-03-18 19:14 . 2016-02-05 18:54 41472 ----a-w- c:\windows\system32\lpk.dll
2016-03-18 19:14 . 2016-02-05 18:54 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-03-18 19:14 . 2016-02-05 18:53 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-03-18 19:14 . 2016-02-05 18:53 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-03-18 19:14 . 2016-02-05 18:50 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-03-18 19:14 . 2016-02-05 18:44 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-03-18 19:14 . 2016-02-05 18:42 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-03-18 19:14 . 2016-02-05 17:43 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-03-18 19:14 . 2016-02-05 17:43 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-03-18 16:32 . 2016-03-18 17:32 -------- d-----w- c:\programdata\Comodo
2016-03-18 09:06 . 2016-03-18 09:06 -------- d-----w- C:\zoek_backup
2016-03-17 21:55 . 2016-03-17 21:59 -------- d-----w- c:\windows\MATS
2016-03-17 21:55 . 2016-03-17 21:59 -------- d-----w- c:\program files\Microsoft Fix it Center
2016-03-17 20:58 . 2016-03-17 20:58 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-17 20:58 . 2016-03-17 20:58 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-16 11:18 . 2016-03-17 22:18 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-16 11:17 . 2016-03-16 17:59 -------- d-----w- c:\programdata\RogueKiller
2016-03-16 11:01 . 2016-03-18 19:38 -------- d-----w- c:\program files (x86)\AVG
2016-03-16 11:01 . 2016-03-18 19:38 -------- d-----w- c:\programdata\Avg
2016-03-16 11:00 . 2016-03-16 11:04 -------- d-----w- c:\users\Jiří Jamník\AppData\Local\Avg
2016-03-16 11:00 . 2016-03-16 11:00 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2016-03-16 06:55 . 2016-03-16 08:24 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-16 06:54 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-16 06:54 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-16 06:54 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-16 06:54 . 2016-03-16 06:54 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-03-15 22:01 . 2016-03-15 23:34 -------- d-----w- c:\program files (x86)\AdwCleaner
2016-03-15 13:57 . 2016-03-16 19:53 -------- d-----w- c:\program files\trend micro
2016-03-15 08:12 . 2016-03-15 08:12 52184 ----a-w- c:\windows\avastSS.scr
2016-02-21 21:41 . 2016-02-21 21:41 -------- d-----w- c:\program files (x86)\OpenXML-ODF Translator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-11 05:51 . 2010-11-20 13:49 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-02-11 18:48 . 2016-03-18 19:15 344064 ----a-w- c:\windows\system32\schannel.dll
2016-02-11 18:37 . 2016-03-18 19:15 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-02-11 18:30 . 2016-03-18 19:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-01-22 06:19 . 2016-02-10 18:45 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-01-22 06:18 . 2016-02-10 18:46 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-01-22 06:18 . 2016-02-10 18:46 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-01-22 06:17 . 2016-02-10 18:46 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-01-22 06:15 . 2016-02-10 18:45 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-01-22 06:12 . 2016-02-10 18:45 1940992 ----a-w- c:\windows\system32\authui.dll
2016-01-22 06:04 . 2016-02-10 18:46 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-01-22 06:04 . 2016-02-10 18:46 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-01-22 06:02 . 2016-02-10 18:46 114176 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-01-22 06:02 . 2016-02-10 18:46 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-01-22 06:00 . 2016-02-10 18:45 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-01-22 05:59 . 2016-02-10 18:45 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-01-22 05:19 . 2016-02-10 18:45 3231232 ----a-w- c:\windows\explorer.exe
2016-01-22 05:12 . 2016-02-10 18:45 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-01-20 05:56 . 2015-03-26 09:33 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-01-16 19:01 . 2016-02-10 18:47 2085888 ----a-w- c:\windows\system32\ole32.dll
2016-01-16 18:36 . 2016-02-10 18:47 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2016-01-07 17:42 . 2016-02-10 18:48 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-01-06 19:02 . 2016-02-10 18:49 24576 ----a-w- c:\windows\system32\jnwmon.dll
2016-01-06 19:02 . 2016-02-10 18:49 275456 ----a-w- c:\windows\system32\InkEd.dll
2016-01-06 18:41 . 2016-02-10 18:49 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2009-02-13 10:02 . 2009-02-13 10:02 80896 ----a-w- c:\program files\devcon_amd64.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Jiří Jamník\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-13 1085656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jiří Jamník\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jiří Jamník\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jiří Jamník\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Jiří Jamník\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Otevřít programem PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Jiří Jamník\AppData\Roaming\Mozilla\Firefox\Profiles\gexw2bdx.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ZoneAlarm Installer - c:\program files (x86)\CheckPoint\Install\Launcher.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-{3651C800-6E7A-47E1-AEAD-ACF68509BF8D} - c:\programdata\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-03-20 15:49:04
ComboFix-quarantined-files.txt 2016-03-20 14:49
ComboFix2.txt 2016-03-20 12:45
ComboFix3.txt 2016-03-19 19:55
ComboFix4.txt 2016-03-18 20:06
ComboFix5.txt 2016-03-20 14:39
.
Před spuštěním: Volných bajtů: 38,166,302,720
Po spuštění: Volných bajtů: 37,948,997,632
.
- - End Of File - - EAEF8E02DAAB8379D419AEAE9E7154EC