Prosím o kontrolu logu,podezření na vir

[petrzezulka]

11:38:42.0898 0x0d94 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:38:42.0899 0x0d94 SiSRaid4 - ok
11:38:42.0976 0x0d94 [ 9CD1BB2DB803B6AC642BD643DDB773BC, E03EC2FFBE9720E291D13ABF35E027DFA1324CE0934403D1BF4A8E1B86623053 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:38:42.0986 0x0d94 SkypeUpdate - ok
11:38:43.0003 0x0d94 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:38:43.0009 0x0d94 Smb - ok
11:38:43.0056 0x0d94 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:38:43.0059 0x0d94 SNMPTRAP - ok
11:38:43.0069 0x0d94 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
11:38:43.0070 0x0d94 spldr - ok
11:38:43.0103 0x0d94 [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler C:\Windows\System32\spoolsv.exe
11:38:43.0120 0x0d94 Spooler - ok
11:38:43.0275 0x0d94 [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
11:38:43.0336 0x0d94 sppsvc - ok
11:38:43.0368 0x0d94 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:38:43.0371 0x0d94 sppuinotify - ok
11:38:43.0401 0x0d94 [ EC8F67289105BF270498095F14963464, 454031C8AE06511DD13DBAA613B983516AF937590FB2B8C6ADC273D018D30858 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:38:43.0409 0x0d94 srv - ok
11:38:43.0436 0x0d94 [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:38:43.0444 0x0d94 srv2 - ok
11:38:43.0456 0x0d94 [ 26E84D3649019C3244622E654DFCD75B, 49BD7345AF744298698629E0D7C0C373AB2F75F542281268BCF91A6D2B278AA8 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:38:43.0459 0x0d94 srvnet - ok
11:38:43.0478 0x0d94 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:38:43.0484 0x0d94 SSDPSRV - ok
11:38:43.0503 0x0d94 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:38:43.0505 0x0d94 SstpSvc - ok
11:38:43.0659 0x0d94 [ EACEC497A6496E2A280348AD67ACF280, DAC7141A072FC83274612BC228DA6E014C371707FC76832470604ACDD5BF4BE3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:38:43.0678 0x0d94 Stereo Service - ok
11:38:43.0690 0x0d94 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:38:43.0691 0x0d94 stexstor - ok
11:38:43.0766 0x0d94 [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
11:38:43.0800 0x0d94 stisvc - ok
11:38:43.0856 0x0d94 [ FFD7A6F15B14234B5B0E5D49E7961895, 9553BDB65D021DA621BDFF1C180B9F4C6355FC748BAE854CE114D4B3EFF307B7 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
11:38:43.0860 0x0d94 storflt - ok
11:38:43.0886 0x0d94 [ 8FCCBEFC5C440B3C23454656E551B09A, 392A38D0B18B7FD08ACBE3E56ADCB235FA49BDB99F81E0820434D57332FA8FF7 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
11:38:43.0890 0x0d94 storvsc - ok
11:38:43.0909 0x0d94 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:38:43.0910 0x0d94 swenum - ok
11:38:43.0961 0x0d94 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
11:38:43.0994 0x0d94 swprv - ok
11:38:44.0098 0x0d94 [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
11:38:44.0156 0x0d94 SysMain - ok
11:38:44.0180 0x0d94 [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:38:44.0183 0x0d94 TabletInputService - ok
11:38:44.0200 0x0d94 [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:38:44.0209 0x0d94 TapiSrv - ok
11:38:44.0225 0x0d94 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
11:38:44.0228 0x0d94 TBS - ok
11:38:44.0296 0x0d94 [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:38:44.0329 0x0d94 Tcpip - ok
11:38:44.0450 0x0d94 [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:38:44.0483 0x0d94 TCPIP6 - ok
11:38:44.0513 0x0d94 [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:38:44.0513 0x0d94 tcpipreg - ok
11:38:44.0530 0x0d94 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:38:44.0530 0x0d94 TDPIPE - ok
11:38:44.0535 0x0d94 [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:38:44.0536 0x0d94 TDTCP - ok
11:38:44.0555 0x0d94 [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:38:44.0558 0x0d94 tdx - ok
11:38:44.0566 0x0d94 [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:38:44.0569 0x0d94 TermDD - ok
11:38:44.0605 0x0d94 [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService C:\Windows\System32\termsrv.dll
11:38:44.0621 0x0d94 TermService - ok
11:38:44.0673 0x0d94 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
11:38:44.0713 0x0d94 Themes - ok
11:38:44.0754 0x0d94 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
11:38:44.0761 0x0d94 THREADORDER - ok
11:38:44.0805 0x0d94 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
11:38:44.0818 0x0d94 TrkWks - ok
11:38:44.0885 0x0d94 [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:38:44.0898 0x0d94 TrustedInstaller - ok
11:38:44.0923 0x0d94 [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:38:44.0924 0x0d94 tssecsrv - ok
11:38:44.0968 0x0d94 [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:38:44.0975 0x0d94 tunnel - ok
11:38:45.0004 0x0d94 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:38:45.0009 0x0d94 uagp35 - ok
11:38:45.0049 0x0d94 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:38:45.0061 0x0d94 udfs - ok
11:38:45.0091 0x0d94 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:38:45.0094 0x0d94 UI0Detect - ok
11:38:45.0123 0x0d94 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
11:38:45.0125 0x0d94 uliagpkx - ok
11:38:45.0145 0x0d94 [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:38:45.0148 0x0d94 umbus - ok
11:38:45.0153 0x0d94 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:38:45.0154 0x0d94 UmPass - ok
11:38:45.0178 0x0d94 [ AF0AC98EE5077EB844413EB54287FDE3, 1586326510DE94E2735EFAD94A68D06DB5B7347B68055A9EA8B95E19D91A2E69 ] UmRdpService C:\Windows\System32\umrdp.dll
11:38:45.0186 0x0d94 UmRdpService - ok
11:38:45.0213 0x0d94 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
11:38:45.0226 0x0d94 upnphost - ok
11:38:45.0248 0x0d94 [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:38:45.0250 0x0d94 usbccgp - ok
11:38:45.0264 0x0d94 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
11:38:45.0265 0x0d94 usbcir - ok
11:38:45.0285 0x0d94 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5, CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:38:45.0286 0x0d94 usbehci - ok
11:38:45.0310 0x0d94 [ 4C9042B8DF86C1E8E6240C218B99B39B, D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:38:45.0316 0x0d94 usbhub - ok
11:38:45.0330 0x0d94 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:38:45.0331 0x0d94 usbohci - ok
11:38:45.0348 0x0d94 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:38:45.0349 0x0d94 usbprint - ok
11:38:45.0363 0x0d94 [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:38:45.0364 0x0d94 USBSTOR - ok
11:38:45.0369 0x0d94 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:38:45.0370 0x0d94 usbuhci - ok
11:38:45.0411 0x0d94 [ D501E12614B00A3252073101D6A1A74B, DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:38:45.0414 0x0d94 usbvideo - ok
11:38:45.0421 0x0d94 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
11:38:45.0424 0x0d94 UxSms - ok
11:38:45.0436 0x0d94 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc C:\Windows\system32\lsass.exe
11:38:45.0438 0x0d94 VaultSvc - ok
11:38:45.0449 0x0d94 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
11:38:45.0450 0x0d94 vdrvroot - ok
11:38:45.0471 0x0d94 [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
11:38:45.0483 0x0d94 vds - ok
11:38:45.0488 0x0d94 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:38:45.0489 0x0d94 vga - ok
11:38:45.0519 0x0d94 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:38:45.0520 0x0d94 VgaSave - ok
11:38:45.0529 0x0d94 [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
11:38:45.0533 0x0d94 vhdmp - ok
11:38:45.0544 0x0d94 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
11:38:45.0545 0x0d94 viaide - ok
11:38:45.0560 0x0d94 [ 1501699D7EDA984ABC4155A7DA5738D1, 448DFEFF565F1467F387E4EC9782DDD48B8FFDDF6B1EA46A790C2782C20BD952 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
11:38:45.0564 0x0d94 vmbus - ok
11:38:45.0569 0x0d94 [ AE10C35761889E65A6F7176937C5592C, 9DC27647B6149C9B2523799F85B18122CCE749264624FE2E5FE843FE00642BBE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
11:38:45.0570 0x0d94 VMBusHID - ok
11:38:45.0593 0x0d94 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
11:38:45.0594 0x0d94 volmgr - ok
11:38:45.0616 0x0d94 [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:38:45.0623 0x0d94 volmgrx - ok
11:38:45.0638 0x0d94 [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
11:38:45.0643 0x0d94 volsnap - ok
11:38:45.0681 0x0d94 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:38:45.0684 0x0d94 vsmraid - ok
11:38:45.0776 0x0d94 [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
11:38:45.0805 0x0d94 VSS - ok
11:38:45.0823 0x0d94 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:38:45.0824 0x0d94 vwifibus - ok
11:38:45.0843 0x0d94 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
11:38:45.0851 0x0d94 W32Time - ok
11:38:45.0868 0x0d94 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:38:45.0869 0x0d94 WacomPen - ok
11:38:45.0888 0x0d94 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:38:45.0889 0x0d94 WANARP - ok
11:38:45.0905 0x0d94 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:38:45.0908 0x0d94 Wanarpv6 - ok
11:38:46.0029 0x0d94 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:38:46.0029 0x0d94 Suspicious file ( NoAccess ): C:\Windows\system32\Wat\WatAdminSvc.exe. md5: 3CEC96DE223E49EAAE3651FCF8FAEA6C, sha256: 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61
11:38:46.0044 0x0d94 WatAdminSvc - detected LockedFile.Multi.Generic ( 1 )
11:38:48.0742 0x0d94 Detect skipped due to KSN trusted
11:38:48.0743 0x0d94 WatAdminSvc - ok
11:38:48.0852 0x0d94 [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
11:38:48.0882 0x0d94 wbengine - ok
11:38:48.0893 0x0d94 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:38:48.0899 0x0d94 WbioSrvc - ok
11:38:48.0919 0x0d94 [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:38:48.0929 0x0d94 wcncsvc - ok
11:38:48.0944 0x0d94 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:38:48.0947 0x0d94 WcsPlugInService - ok
11:38:48.0962 0x0d94 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:38:48.0963 0x0d94 Wd - ok
11:38:49.0019 0x0d94 [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:38:49.0038 0x0d94 Wdf01000 - ok
11:38:49.0059 0x0d94 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:38:49.0063 0x0d94 WdiServiceHost - ok
11:38:49.0068 0x0d94 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:38:49.0070 0x0d94 WdiSystemHost - ok
11:38:49.0093 0x0d94 [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient C:\Windows\System32\webclnt.dll
11:38:49.0100 0x0d94 WebClient - ok
11:38:49.0120 0x0d94 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:38:49.0128 0x0d94 Wecsvc - ok
11:38:49.0144 0x0d94 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:38:49.0147 0x0d94 wercplsupport - ok
11:38:49.0167 0x0d94 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
11:38:49.0170 0x0d94 WerSvc - ok
11:38:49.0195 0x0d94 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:38:49.0197 0x0d94 WfpLwf - ok
11:38:49.0214 0x0d94 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:38:49.0214 0x0d94 WIMMount - ok
11:38:49.0240 0x0d94 WinDefend - ok
11:38:49.0248 0x0d94 WinHttpAutoProxySvc - ok
11:38:49.0328 0x0d94 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:38:49.0343 0x0d94 Winmgmt - ok
11:38:49.0413 0x0d94 [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
11:38:49.0479 0x0d94 WinRM - ok
11:38:49.0550 0x0d94 [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:38:49.0554 0x0d94 WinUsb - ok
11:38:49.0620 0x0d94 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:38:49.0659 0x0d94 Wlansvc - ok
11:38:49.0825 0x0d94 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:38:49.0864 0x0d94 wlidsvc - ok
11:38:49.0912 0x0d94 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:38:49.0912 0x0d94 WmiAcpi - ok
11:38:49.0944 0x0d94 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:38:49.0958 0x0d94 wmiApSrv - ok
11:38:49.0985 0x0d94 WMPNetworkSvc - ok
11:38:49.0997 0x0d94 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:38:50.0003 0x0d94 WPCSvc - ok
11:38:50.0023 0x0d94 [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:38:50.0034 0x0d94 WPDBusEnum - ok
11:38:50.0047 0x0d94 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:38:50.0048 0x0d94 ws2ifsl - ok
11:38:50.0064 0x0d94 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
11:38:50.0069 0x0d94 wscsvc - ok
11:38:50.0074 0x0d94 WSearch - ok
11:38:50.0190 0x0d94 [ 38340204A2D0228F1E87740FC5E554A7, 57181ED34E73DD17B590803C770A086C57754F229C6F587637B8FBB5D6519603 ] wuauserv C:\Windows\system32\wuaueng.dll
11:38:50.0269 0x0d94 wuauserv - ok
11:38:50.0285 0x0d94 [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:38:50.0287 0x0d94 WudfPf - ok
11:38:50.0318 0x0d94 [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:38:50.0320 0x0d94 WUDFRd - ok
11:38:50.0338 0x0d94 [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:38:50.0342 0x0d94 wudfsvc - ok
11:38:50.0354 0x0d94 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:38:50.0362 0x0d94 WwanSvc - ok
11:38:50.0368 0x0d94 ================ Scan global ===============================
11:38:50.0389 0x0d94 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
11:38:50.0409 0x0d94 [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
11:38:50.0422 0x0d94 [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
11:38:50.0445 0x0d94 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:38:50.0507 0x0d94 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
11:38:50.0522 0x0d94 [ Global ] - ok
11:38:50.0522 0x0d94 ================ Scan MBR ==================================
11:38:50.0538 0x0d94 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:38:50.0892 0x0d94 \Device\Harddisk0\DR0 - ok
11:38:50.0893 0x0d94 ================ Scan VBR ==================================
11:38:50.0895 0x0d94 [ E52671318A609F2B825EA456920220A7 ] \Device\Harddisk0\DR0\Partition1
11:38:50.0897 0x0d94 \Device\Harddisk0\DR0\Partition1 - ok
11:38:50.0902 0x0d94 [ 947DB38C76AF5F4946D6A00CA506D53C ] \Device\Harddisk0\DR0\Partition2
11:38:50.0903 0x0d94 \Device\Harddisk0\DR0\Partition2 - ok
11:38:50.0904 0x0d94 Waiting for KSN requests completion. In queue: 42
11:38:51.0904 0x0d94 Waiting for KSN requests completion. In queue: 30
11:38:52.0904 0x0d94 Waiting for KSN requests completion. In queue: 30
11:38:53.0960 0x0d94 Win FW state via NFP2: enabled
11:38:56.0617 0x0d94 ============================================================
11:38:56.0617 0x0d94 Scan finished
11:38:56.0617 0x0d94 ============================================================
11:38:56.0639 0x0a20 Detected object count: 0
11:38:56.0639 0x0a20 Actual detected object count: 0
11:39:14.0924 0x040c Deinitialize success

[Reklama]

[Orcus]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.

[petrzezulka]

sorry za zpoždění..byl sem v práci..nicméně tady...doufám že už se tahle odysea "logů" blíží ke zdárnému cíli
ComboFix 14-03-13.01 - PC 13.03.2014 19:35:06.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.8190.6811 [GMT 1:00]
Spuštěný z: c:\users\PC\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp3163.tmp
c:\windows\SysWow64\tmp31C2.tmp
c:\windows\SysWow64\tmp41DA.tmp
c:\windows\SysWow64\tmp420A.tmp
c:\windows\SysWow64\tmp9AC8.tmp
c:\windows\SysWow64\tmp9AE8.tmp
c:\windows\SysWow64\tmpA9A9.tmp
c:\windows\SysWow64\tmpA9D9.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-13 do 2014-03-13 )))))))))))))))))))))))))))))))
.
.
2014-03-13 18:38 . 2014-03-13 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-12 22:14 . 2014-03-12 22:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server
2014-03-12 22:13 . 2014-03-12 22:22 -------- d-----w- c:\program files (x86)\EVGA Precision X
2014-03-12 19:39 . 2014-03-12 19:39 -------- d-----w- c:\program files\HWiNFO64
2014-03-12 18:45 . 2014-03-12 18:45 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-03-12 18:44 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-12 18:43 . 2014-03-04 13:05 2558808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-12 18:43 . 2014-03-04 13:05 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-12 05:31 . 2014-03-12 05:31 -------- d-----w- c:\windows\ERUNT
2014-03-11 14:40 . 2014-03-12 05:28 -------- d-----w- C:\AdwCleaner
2014-03-11 14:33 . 2014-03-11 14:33 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes
2014-03-11 14:33 . 2014-03-11 14:33 -------- d-----w- c:\programdata\Malwarebytes
2014-03-11 12:31 . 2014-03-11 12:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-11 12:31 . 2014-03-11 13:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-03-11 08:00 . 2014-03-11 08:00 -------- d-----w- C:\rsit
2014-03-11 08:00 . 2014-03-11 08:00 -------- d-----w- c:\program files\trend micro
2014-03-08 12:28 . 2014-03-05 21:19 7670 --s-a-w- c:\windows\SysWow64\mncdroyws.vbe
2014-03-08 12:28 . 2014-03-08 12:28 -------- d-----w- c:\windows\SysWow64\bitstreams
2014-03-08 12:28 . 2013-10-26 19:30 538126 --s-a-w- c:\windows\SysWow64\libcurl-4.dll
2014-03-08 12:28 . 2013-10-26 19:30 364544 --s-a-w- c:\windows\SysWow64\ssleay32.dll
2014-03-08 12:28 . 2013-10-26 19:30 192512 --s-a-w- c:\windows\SysWow64\libidn-11.dll
2014-03-08 12:28 . 2013-10-26 19:30 171008 --s-a-w- c:\windows\SysWow64\libssh2.dll
2014-03-08 12:28 . 2013-10-26 19:30 1704448 --s-a-w- c:\windows\SysWow64\libeay32.dll
2014-03-08 12:28 . 2013-10-26 19:30 133632 --s-a-w- c:\windows\SysWow64\librtmp.dll
2014-03-08 12:28 . 2013-06-12 14:15 119888 --s-a-w- c:\windows\SysWow64\pthreadGC2.dll
2014-03-08 12:28 . 2013-06-12 14:15 100864 --s-a-w- c:\windows\SysWow64\zlib1.dll
2014-03-08 12:28 . 2012-09-25 22:46 472424 --s-a-w- c:\windows\SysWow64\cudart32_50_35.dll
2014-03-08 12:28 . 2012-05-27 00:36 55808 --s-a-w- c:\windows\SysWow64\pthreadVC2.dll
2014-03-06 17:02 . 2014-03-06 17:02 -------- d-----w- c:\program files\CPUID
2014-03-06 16:43 . 2014-03-06 16:59 -------- d-----w- c:\program files (x86)\CPU-M Benchmark
2014-03-06 16:30 . 2014-03-12 20:14 31648 ----a-w- c:\windows\system32\drivers\HWiNFO64A.SYS
2014-03-02 22:14 . 2014-03-02 22:14 -------- d-----w- c:\users\PC\AppData\Roaming\Battlefield 3
2014-03-02 19:36 . 2014-03-02 19:36 -------- d-----w- c:\users\PC\AppData\Local\Game Updater
2014-03-02 19:22 . 2014-03-02 19:22 -------- d-----w- c:\users\PC\AppData\Local\Setup Integrity Check
2014-02-25 08:59 . 2014-02-25 08:59 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-02-16 14:09 . 2014-02-16 14:09 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 06:21 . 2013-07-09 12:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 06:21 . 2013-07-09 12:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2011-05-24 21:44 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2011-05-24 21:44 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-04 13:06 . 2013-11-18 10:08 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2013-11-18 10:08 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2013-11-18 10:08 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2013-11-18 10:08 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2013-11-18 10:08 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-05 09:31 . 2013-11-18 08:31 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2013-11-18 08:31 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-27 18:42 . 2013-11-18 08:28 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-12-19 20:33 . 2014-01-12 16:37 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-12 16:37 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll
2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-08-08 . 8D0F86272C524052236761CABF6E7AFE . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2013-08-08 . E01EBE6A0C7B306763667FDC60A0B25A . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSStp"="c:\windows\inf\msstp.vbe" [2014-03-05 1584]
"mncdroywsSrv"="c:\windows\system32\mncdroyws.vbe" [2014-03-05 7670]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-09 06:21]
.
2014-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2573665497-3606081175-3667947770-1000Core.job
- c:\users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-24 10:00]
.
2014-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2573665497-3606081175-3667947770-1000UA.job
- c:\users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-24 10:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-10-30 8151040]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.1.1 8.8.8.8
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2573665497-3606081175-3667947770-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,cc,2c,2f,2b,b9,ea,f7,76,20,26,a6,77,75,76,2b,a2,fb,88,a5,a2,fa,69,
2d,24,ac,bf,ab,65,3e,0a,60,56,ad,90,6c,d2,ce,b3,ad,53,c4,d7,da,d6,50,34,0c,\
"??"=hex:33,0f,17,9c,e5,6f,cd,2f,48,2e,16,05,f9,c6,91,09
.
[HKEY_USERS\S-1-5-21-2573665497-3606081175-3667947770-1000\Software\SecuROM\License information*]
"datasecu"=hex:2e,90,05,97,1f,c8,3b,80,2a,24,f3,c1,c9,55,53,10,59,34,bb,24,b3,
2c,d2,1b,e7,5c,1a,b5,af,4b,c6,82,da,de,14,74,b4,f4,f9,ce,a1,15,2a,c8,d8,b4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-03-13 19:40:23
ComboFix-quarantined-files.txt 2014-03-13 18:40
.
Před spuštěním: Volných bajtů: 57 560 338 432
Po spuštění: Volných bajtů: 57 296 719 872
.
- - End Of File - - CAEE56BC19838AA36DC92B180B251FC6
A36C5E4F47E84449FF07ED3517B43A31

[Orcus]

Vypni Windows Defender + odinstaluj Spybot - Search & Destroy 2. A pak nový log z CF.

Mimochodem.. nevidím tam antivir.

[petrzezulka]

ComboFix 14-03-13.01 - PC 14.03.2014 9:37.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.8190.6845 [GMT 1:00]
Spuštěný z: c:\users\PC\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-14 do 2014-03-14 )))))))))))))))))))))))))))))))
.
.
2014-03-14 08:41 . 2014-03-14 08:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-14 08:17 . 2014-03-14 08:17 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2014-03-12 22:14 . 2014-03-12 22:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server
2014-03-12 22:13 . 2014-03-12 22:22 -------- d-----w- c:\program files (x86)\EVGA Precision X
2014-03-12 19:39 . 2014-03-12 19:39 -------- d-----w- c:\program files\HWiNFO64
2014-03-12 18:45 . 2014-03-12 18:45 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-03-12 18:44 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-12 18:43 . 2014-03-04 13:05 2558808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-12 18:43 . 2014-03-04 13:05 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-12 05:31 . 2014-03-12 05:31 -------- d-----w- c:\windows\ERUNT
2014-03-11 14:40 . 2014-03-12 05:28 -------- d-----w- C:\AdwCleaner
2014-03-11 14:33 . 2014-03-11 14:33 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes
2014-03-11 14:33 . 2014-03-11 14:33 -------- d-----w- c:\programdata\Malwarebytes
2014-03-11 12:31 . 2014-03-11 12:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-11 12:31 . 2014-03-11 13:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-03-11 08:00 . 2014-03-11 08:00 -------- d-----w- C:\rsit
2014-03-11 08:00 . 2014-03-11 08:00 -------- d-----w- c:\program files\trend micro
2014-03-08 12:28 . 2014-03-05 21:19 7670 --s-a-w- c:\windows\SysWow64\mncdroyws.vbe
2014-03-08 12:28 . 2014-03-08 12:28 -------- d-----w- c:\windows\SysWow64\bitstreams
2014-03-08 12:28 . 2013-10-26 19:30 538126 --s-a-w- c:\windows\SysWow64\libcurl-4.dll
2014-03-08 12:28 . 2013-10-26 19:30 364544 --s-a-w- c:\windows\SysWow64\ssleay32.dll
2014-03-08 12:28 . 2013-10-26 19:30 192512 --s-a-w- c:\windows\SysWow64\libidn-11.dll
2014-03-08 12:28 . 2013-10-26 19:30 171008 --s-a-w- c:\windows\SysWow64\libssh2.dll
2014-03-08 12:28 . 2013-10-26 19:30 1704448 --s-a-w- c:\windows\SysWow64\libeay32.dll
2014-03-08 12:28 . 2013-10-26 19:30 133632 --s-a-w- c:\windows\SysWow64\librtmp.dll
2014-03-08 12:28 . 2013-06-12 14:15 119888 --s-a-w- c:\windows\SysWow64\pthreadGC2.dll
2014-03-08 12:28 . 2013-06-12 14:15 100864 --s-a-w- c:\windows\SysWow64\zlib1.dll
2014-03-08 12:28 . 2012-09-25 22:46 472424 --s-a-w- c:\windows\SysWow64\cudart32_50_35.dll
2014-03-08 12:28 . 2012-05-27 00:36 55808 --s-a-w- c:\windows\SysWow64\pthreadVC2.dll
2014-03-06 17:02 . 2014-03-06 17:02 -------- d-----w- c:\program files\CPUID
2014-03-06 16:43 . 2014-03-06 16:59 -------- d-----w- c:\program files (x86)\CPU-M Benchmark
2014-03-06 16:30 . 2014-03-12 20:14 31648 ----a-w- c:\windows\system32\drivers\HWiNFO64A.SYS
2014-03-02 22:14 . 2014-03-02 22:14 -------- d-----w- c:\users\PC\AppData\Roaming\Battlefield 3
2014-03-02 19:36 . 2014-03-02 19:36 -------- d-----w- c:\users\PC\AppData\Local\Game Updater
2014-03-02 19:22 . 2014-03-02 19:22 -------- d-----w- c:\users\PC\AppData\Local\Setup Integrity Check
2014-02-25 08:59 . 2014-02-25 08:59 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-02-16 14:09 . 2014-02-16 14:09 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 06:21 . 2013-07-09 12:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 06:21 . 2013-07-09 12:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2011-05-24 21:44 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2011-05-24 21:44 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-04 13:06 . 2013-11-18 10:08 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2013-11-18 10:08 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2013-11-18 10:08 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2013-11-18 10:08 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2013-11-18 10:08 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-05 09:31 . 2013-11-18 08:31 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2013-11-18 08:31 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-27 18:42 . 2013-11-18 08:28 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-12-19 20:33 . 2014-01-12 16:37 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-12 16:37 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll
2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-08-08 . 8D0F86272C524052236761CABF6E7AFE . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2013-08-08 . E01EBE6A0C7B306763667FDC60A0B25A . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSStp"="c:\windows\inf\msstp.vbe" [2014-03-05 1584]
"mncdroywsSrv"="c:\windows\system32\mncdroyws.vbe" [2014-03-05 7670]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-09 06:21]
.
2014-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2573665497-3606081175-3667947770-1000Core.job
- c:\users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-24 10:00]
.
2014-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2573665497-3606081175-3667947770-1000UA.job
- c:\users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-24 10:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-10-30 8151040]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.1.1 8.8.8.8
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2573665497-3606081175-3667947770-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,cc,2c,2f,2b,b9,ea,f7,76,20,26,a6,77,75,76,2b,a2,fb,88,a5,a2,fa,69,
2d,24,ac,bf,ab,65,3e,0a,60,56,ad,90,6c,d2,ce,b3,ad,53,c4,d7,da,d6,50,34,0c,\
"??"=hex:33,0f,17,9c,e5,6f,cd,2f,48,2e,16,05,f9,c6,91,09
.
[HKEY_USERS\S-1-5-21-2573665497-3606081175-3667947770-1000\Software\SecuROM\License information*]
"datasecu"=hex:2e,90,05,97,1f,c8,3b,80,2a,24,f3,c1,c9,55,53,10,59,34,bb,24,b3,
2c,d2,1b,e7,5c,1a,b5,af,4b,c6,82,da,de,14,74,b4,f4,f9,ce,a1,15,2a,c8,d8,b4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-03-14 09:42:49
ComboFix-quarantined-files.txt 2014-03-14 08:42
ComboFix2.txt 2014-03-13 18:40
.
Před spuštěním: Volných bajtů: 36 402 270 208
Po spuštění: Volných bajtů: 36 341 526 528
.
- - End Of File - - 75CD1AB362D9DA4AB62D27A7B23C7BE4
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\SysWow64\mncdroyws.vbe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2573665497-3606081175-3667947770-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2573665497-3606081175-3667947770-1000UA.job

Folder::
c:\programdata\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy 2
c:\program files (x86)\Skype\Updater
c:\users\PC\AppData\Local\Facebook\Update

Driver::
SkypeUpdate

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mncdroywsSrv"=-

RegLock::
[HKEY_USERS\S-1-5-21-2573665497-3606081175-3667947770-1000\Software\SecuROM\License information*]
"datasecu"=hex:2e,90,05,97,1f,c8,3b,80,2a,24,f3,c1,c9,55,53,10,59,34,bb,24,b3,
 2c,d2,1b,e7,5c,1a,b5,af,4b,c6,82,da,de,14,74,b4,f4,f9,ce,a1,15,2a,c8,d8,b4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[petrzezulka]

ComboFix 14-03-13.01 - PC 15.03.2014 6:42.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.8190.6916 [GMT 1:00]
Spuštěný z: c:\users\PC\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\PC\Desktop\CFScript.txt.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\SysWow64\mncdroyws.vbe"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2573665497-3606081175-3667947770-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2573665497-3606081175-3667947770-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\ClientCount.bin
c:\programdata\Spybot - Search & Destroy\Logs\Firewall.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.140311-1333.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.140311-1335.txt
c:\programdata\Spybot - Search & Destroy\Logs\RootkitQuickScan.log
c:\programdata\Spybot - Search & Destroy\Logs\Rootkits.140311-1335.log
c:\programdata\Spybot - Search & Destroy\Logs\Rootkits.140311-1351.log
c:\programdata\Spybot - Search & Destroy\Logs\Scanner.log
c:\programdata\Spybot - Search & Destroy\Logs\Updates.log
c:\users\PC\AppData\Local\Facebook\Update
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\PC\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2573665497-3606081175-3667947770-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2573665497-3606081175-3667947770-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-15 do 2014-03-15 )))))))))))))))))))))))))))))))
.
.
2014-03-12 22:14 . 2014-03-12 22:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server
2014-03-12 19:39 . 2014-03-12 19:39 -------- d-----w- c:\program files\HWiNFO64
2014-03-12 18:45 . 2014-03-12 18:45 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-03-12 18:44 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-12 18:43 . 2014-03-04 13:05 2558808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-12 18:43 . 2014-03-04 13:05 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-12 05:31 . 2014-03-12 05:31 -------- d-----w- c:\windows\ERUNT
2014-03-11 14:40 . 2014-03-12 05:28 -------- d-----w- C:\AdwCleaner
2014-03-11 14:33 . 2014-03-11 14:33 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes
2014-03-11 14:33 . 2014-03-11 14:33 -------- d-----w- c:\programdata\Malwarebytes
2014-03-11 08:00 . 2014-03-11 08:00 -------- d-----w- C:\rsit
2014-03-11 08:00 . 2014-03-11 08:00 -------- d-----w- c:\program files\trend micro
2014-03-08 12:28 . 2014-03-08 12:28 -------- d-----w- c:\windows\SysWow64\bitstreams
2014-03-08 12:28 . 2013-10-26 19:30 538126 --s-a-w- c:\windows\SysWow64\libcurl-4.dll
2014-03-08 12:28 . 2013-10-26 19:30 364544 --s-a-w- c:\windows\SysWow64\ssleay32.dll
2014-03-08 12:28 . 2013-10-26 19:30 192512 --s-a-w- c:\windows\SysWow64\libidn-11.dll
2014-03-08 12:28 . 2013-10-26 19:30 171008 --s-a-w- c:\windows\SysWow64\libssh2.dll
2014-03-08 12:28 . 2013-10-26 19:30 1704448 --s-a-w- c:\windows\SysWow64\libeay32.dll
2014-03-08 12:28 . 2013-10-26 19:30 133632 --s-a-w- c:\windows\SysWow64\librtmp.dll
2014-03-08 12:28 . 2013-06-12 14:15 119888 --s-a-w- c:\windows\SysWow64\pthreadGC2.dll
2014-03-08 12:28 . 2013-06-12 14:15 100864 --s-a-w- c:\windows\SysWow64\zlib1.dll
2014-03-08 12:28 . 2012-09-25 22:46 472424 --s-a-w- c:\windows\SysWow64\cudart32_50_35.dll
2014-03-08 12:28 . 2012-05-27 00:36 55808 --s-a-w- c:\windows\SysWow64\pthreadVC2.dll
2014-03-06 17:02 . 2014-03-06 17:02 -------- d-----w- c:\program files\CPUID
2014-03-06 16:43 . 2014-03-06 16:59 -------- d-----w- c:\program files (x86)\CPU-M Benchmark
2014-03-06 16:30 . 2014-03-12 20:14 31648 ----a-w- c:\windows\system32\drivers\HWiNFO64A.SYS
2014-03-02 22:14 . 2014-03-02 22:14 -------- d-----w- c:\users\PC\AppData\Roaming\Battlefield 3
2014-03-02 19:36 . 2014-03-02 19:36 -------- d-----w- c:\users\PC\AppData\Local\Game Updater
2014-03-02 19:22 . 2014-03-02 19:22 -------- d-----w- c:\users\PC\AppData\Local\Setup Integrity Check
2014-02-25 08:59 . 2014-02-25 08:59 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-02-16 14:09 . 2014-02-16 14:09 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 06:21 . 2013-07-09 12:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 06:21 . 2013-07-09 12:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2011-05-24 21:44 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2011-05-24 21:44 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-04 13:06 . 2013-11-18 10:08 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2013-11-18 10:08 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2013-11-18 10:08 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2013-11-18 10:08 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2013-11-18 10:08 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-05 09:31 . 2013-11-18 08:31 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2013-11-18 08:31 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-27 18:42 . 2013-11-18 08:28 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-12-19 20:33 . 2014-01-12 16:37 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-12 16:37 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll
2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-08-08 . 8D0F86272C524052236761CABF6E7AFE . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2013-08-08 . E01EBE6A0C7B306763667FDC60A0B25A . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSStp"="c:\windows\inf\msstp.vbe" [2014-03-05 1584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-09 06:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-10-30 8151040]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.1.1 8.8.8.8
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2573665497-3606081175-3667947770-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,cc,2c,2f,2b,b9,ea,f7,76,20,26,a6,77,75,76,2b,a2,fb,88,a5,a2,fa,69,
2d,24,ac,bf,ab,65,3e,0a,60,56,ad,90,6c,d2,ce,b3,ad,53,c4,d7,da,d6,50,34,0c,\
"??"=hex:33,0f,17,9c,e5,6f,cd,2f,48,2e,16,05,f9,c6,91,09
.
[HKEY_USERS\S-1-5-21-2573665497-3606081175-3667947770-1000\Software\SecuROM\License information*]
"datasecu"=hex:2e,90,05,97,1f,c8,3b,80,2a,24,f3,c1,c9,55,53,10,59,34,bb,24,b3,
2c,d2,1b,e7,5c,1a,b5,af,4b,c6,82,da,de,14,74,b4,f4,f9,ce,a1,15,2a,c8,d8,b4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2014-03-15 06:50:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-15 05:50
ComboFix2.txt 2014-03-14 08:42
ComboFix3.txt 2014-03-13 18:40
.
Před spuštěním: Volných bajtů: 60 554 190 848
Po spuštění: Volných bajtů: 60 277 350 400
.
- - End Of File - - 1D10C432A0742E5738A1419117973D8F
A36C5E4F47E84449FF07ED3517B43A31

[petrzezulka]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-15 06:51:31
-----------------------------
06:51:31.616 OS Version: Windows x64 6.1.7600
06:51:31.616 Number of processors: 4 586 0x503
06:51:31.618 ComputerName: PC-PC UserName: PC
06:51:39.826 Initialize success
06:51:43.596 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
06:51:43.601 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
06:51:43.716 Disk 0 MBR read successfully
06:51:43.722 Disk 0 MBR scan
06:51:43.727 Disk 0 Windows 7 default MBR code
06:51:43.734 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 153503 MB offset 208845
06:51:43.757 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 323331 MB offset 314584830
06:51:43.772 Disk 0 scanning C:\Windows\system32\drivers
06:51:48.505 Service scanning
06:52:02.494 Modules scanning
06:52:02.510 Disk 0 trace - called modules:
06:52:02.544 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
06:52:02.548 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b5f060]
06:52:02.558 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> [0xfffffa8007a9e9b0]
06:52:02.910 5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8007b67060]
06:52:02.922 Scan finished successfully
06:52:24.477 Disk 0 MBR has been saved successfully to "C:\Users\PC\Desktop\MBR.dat"
06:52:24.488 The log file has been saved successfully to "C:\Users\PC\Desktop\aswMBR.txt"

[Orcus]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy? + nový log z HJT

[petrzezulka]

zatím ok,když byl ten vir aktivní a těžil (nebo co dělal..) tak zatěžoval HW že to bylo jasný na první pohled..teď už se to neděje.. mncdroyws.vbe - tohle sem včera smazal i ručně, ale od doby co se to projelo MBAM se už ani jednou neaktivoval a tohle byl asi nějakej zbytek. CCleaner používám pravidelně.Hodim sem ještě log z toho DelFixu :)

[petrzezulka]

# DelFix v10.6 - Logfile created 15/03/2014 at 09:16:56
# Updated 11/11/2013 by Xplode
# Username : PC - PC-PC
# Operating System : Windows 7 Ultimate (64 bits)

~ Removing disinfection tools ...

Deleted : C:\RSIT
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Users\PC\Desktop\aswMBR.txt
Deleted : C:\Users\PC\Desktop\MBR.dat
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Error when deleting (1) : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\aswMBR

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
nespouštěj ko!

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\windows\inf\msstp.vbe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MSStp"=-

RegLock::
[HKEY_USERS\S-1-5-21-2573665497-3606081175-3667947770-1000\Software\SecuROM\License information*]
"datasecu"=hex:2e,90,05,97,1f,c8,3b,80,2a,24,f3,c1,c9,55,53,10,59,34,bb,24,b3,
 2c,d2,1b,e7,5c,1a,b5,af,4b,c6,82,da,de,14,74,b4,f4,f9,ce,a1,15,2a,c8,d8,b4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.