Vysoký ping v cs go Vyřešeno

[mople71]

Ano, bordel, nečekaně, když crackuješ. Naposledy...


Aplikuj fixlist pro FRST:

Na Ploše (musí na ní být umístěn FRST) vytvoř textový soubor s názvem fixlist, do něj zkopíruj následujcí skript a ulož.

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

Task: {1AF93DCD-097F-4F12-9083-AAA7B646D112} - System32\Tasks\{D5187969-78CA-4E24-BEB6-B6EB4B8944D7} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe" -c -runfromtemp -l0x0005 -removeonly
Task: {77ECFDCA-1BF7-4AE6-AE52-5B8243C7CB03} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-06-15] ()
C:\Windows\AutoKMS
Task: {5346D01D-93E4-44DA-A62E-34244C3DEFA6} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
C:\Program Files\IObit
Task: {FACF9D81-755A-46E7-81CE-941CF8D7AF32} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
C:\Windows\Tasks\*.job

HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [RestrictRun] 0

HKU\S-1-5-21-1830440610-1908763506-3238583907-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1830440610-1908763506-3238583907-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

S3 catchme; \??\C:\Users\ALOMOU~1\AppData\Local\Temp\catchme.sys [X]
S1 MpKsl87f5419b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23AC6BDE-3662-44B8-B9FD-35012108D678}\MpKsl87f5419b.sys [X]

CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog

EmptyTemp:
End

Poté otevři FRST jako správce a klikni na tlačítko >Fix<. Po restartu PC se na Ploše objeví fixlog, jeho obsah prosím vlož do dalšího příspěvku.

---------------------------------------------------------

Stáhni si ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypni trvale antivir! V průběhu skenu neotevírej žádná okna!

Ulož na Plochu. Zavři všechny okna, spusť jako správce, vše odsouhlas a nech CF pracovat.

Po dokončení skenu proběhne restart (nemusí) a log bude zde: C:\ComboFix.txt

Jeho obsah sem prosím vlož.

[Reklama]

[keslíček]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-04-2015 02
Ran by šalomoun at 2015-04-24 16:58:54 Run:3
Running from C:\Users\šalomoun\Desktop
Loaded Profiles: šalomoun (Available profiles: šalomoun & Administrator & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Task: {1AF93DCD-097F-4F12-9083-AAA7B646D112} - System32\Tasks\{D5187969-78CA-4E24-BEB6-B6EB4B8944D7} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe" -c -runfromtemp -l0x0005 -removeonly
Task: {77ECFDCA-1BF7-4AE6-AE52-5B8243C7CB03} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-06-15] ()
C:\Windows\AutoKMS
Task: {5346D01D-93E4-44DA-A62E-34244C3DEFA6} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
C:\Program Files\IObit
Task: {FACF9D81-755A-46E7-81CE-941CF8D7AF32} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
C:\Windows\Tasks\*.job

HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [RestrictRun] 0

HKU\S-1-5-21-1830440610-1908763506-3238583907-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1830440610-1908763506-3238583907-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

S3 catchme; \??\C:\Users\ALOMOU~1\AppData\Local\Temp\catchme.sys [X]
S1 MpKsl87f5419b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23AC6BDE-3662-44B8-B9FD-35012108D678}\MpKsl87f5419b.sys [X]

CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog

EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AF93DCD-097F-4F12-9083-AAA7B646D112}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AF93DCD-097F-4F12-9083-AAA7B646D112}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D5187969-78CA-4E24-BEB6-B6EB4B8944D7} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D5187969-78CA-4E24-BEB6-B6EB4B8944D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{77ECFDCA-1BF7-4AE6-AE52-5B8243C7CB03}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77ECFDCA-1BF7-4AE6-AE52-5B8243C7CB03}" => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\Windows\AutoKMS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5346D01D-93E4-44DA-A62E-34244C3DEFA6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5346D01D-93E4-44DA-A62E-34244C3DEFA6}" => Key deleted successfully.
C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key deleted successfully.
"C:\Program Files\IObit" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FACF9D81-755A-46E7-81CE-941CF8D7AF32}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FACF9D81-755A-46E7-81CE-941CF8D7AF32}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan" => Key deleted successfully.
C:\Windows\Tasks\*.job => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\LogMeIn Hamachi Ui => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => value deleted successfully.
"HKU\S-1-5-21-1830440610-1908763506-3238583907-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-21-1830440610-1908763506-3238583907-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
"HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0" => Key deleted successfully.
C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0" => Key deleted successfully.
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) not found.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
catchme => Service deleted successfully.
MpKsl87f5419b => Service deleted successfully.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {AE7570CA-01D1-4732-B2C4-65E0CC079AA8}.
Unable to cancel {DB3FFF9C-C6AA-40F0-90DE-82834EB64511}.
0 out of 2 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Katalog Winsock byl �sp��n� resetov�n.
K dokon�en� resetov�n� je nutn� restartovat po��ta�.


========= End of CMD: =========

EmptyTemp: => Removed 830.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:59:40 ====

[keslíček]

ComboFix 15-04-19.01 - šalomoun 24.04.2015 17:06:41.11.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3327.2227 [GMT 2:00]
Spuštěný z: c:\users\Üalomoun\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
c:\windows\system32\DEBUG.log
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-24 do 2015-04-24 )))))))))))))))))))))))))))))))
.
.
2015-04-24 15:15 . 2015-04-24 15:17 -------- d-----w- c:\users\šalomoun\AppData\Local\temp
2015-04-24 15:15 . 2015-04-24 15:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-04-24 15:15 . 2015-04-24 15:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-24 15:15 . 2015-04-24 15:15 -------- d-----w- c:\users\hedev\AppData\Local\temp
2015-04-24 15:15 . 2015-04-24 15:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-04-24 15:15 . 2015-04-24 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-24 15:15 . 2015-04-24 15:15 -------- d-----w- c:\users\çalomoun\AppData\Local\temp
2015-04-24 15:15 . 2015-04-24 15:15 -------- d-----w- c:\users\ALOMOU~3\AppData\Local\temp
2015-04-24 15:15 . 2015-04-24 15:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-04-24 15:15 . 2015-04-24 15:15 -------- d-----w- c:\users\aalomoun\AppData\Local\temp
2015-04-24 12:20 . 2015-04-24 12:20 -------- d-----w- C:\RegBackup
2015-04-23 17:50 . 2015-04-23 17:34 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-23 17:50 . 2015-04-23 17:50 -------- d-----w-lomoun c:\users\?alomoun
2015-04-17 20:40 . 2015-04-17 20:40 -------- d-----w- c:\users\Üalomoun
2015-04-17 20:15 . 2015-04-23 17:48 -------- d-----w- C:\zoek_backup
2015-04-12 18:40 . 2015-04-12 18:40 -------- d-----w- c:\users\šalomoun\AppData\Roaming\Wargaming.net
2015-04-11 15:18 . 2015-04-11 15:18 -------- d-----w- c:\programdata\VS Revo Group
2015-04-11 15:18 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-04-08 19:47 . 2015-04-01 17:04 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-03 10:58 . 2015-04-08 19:32 -------- d-----w- c:\programdata\RogueKiller
2015-04-01 17:04 . 2015-04-01 17:04 26096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-04-01 17:04 . 2015-04-01 17:04 43112 ----a-w- c:\windows\avastSS.scr
2015-03-31 14:16 . 2015-04-08 20:04 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-24 12:14 . 2014-06-15 11:38 151552 ----a-w- c:\windows\KMSEmulator.exe
2015-04-24 11:12 . 2014-06-19 19:36 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-15 17:43 . 2012-07-23 14:03 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-15 17:43 . 2012-07-23 14:03 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-01 17:04 . 2015-01-02 16:47 208024 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-01 17:04 . 2015-01-02 16:47 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-01 17:04 . 2015-01-02 16:47 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-01 17:04 . 2015-01-02 16:47 427736 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-01 17:04 . 2015-01-02 16:47 73440 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-01 17:04 . 2015-01-02 16:47 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-01 17:04 . 2015-01-02 16:47 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-01 17:04 . 2015-01-02 16:47 788272 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-30 13:25 . 2012-07-23 14:50 26176 ---ha-w- c:\windows\system32\hamachi.sys
2015-03-12 22:11 . 2014-05-29 12:48 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-02 16:47 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2015-04-13 2889408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-30 5227648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^šalomoun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\šalomoun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 11:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update]
2014-08-26 16:20 3468240 ----a-w- c:\program files\MSI\Live Update\Live Update.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 16:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
2014-08-20 01:36 55568 ----a-w- c:\progra~1\Raptr\raptrstub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2014-04-17 20:38 748256 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-04-13 23:44 2889408 ----a-w- c:\program files\Steam\Steam.exe
.
R2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [2012-09-20 136648]
R2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R3 BRDriver;BRDriver;c:\programdata\BitRaider\BRDriver.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-04-24 114904]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-02 1343400]
R4 HiSuiteOuc.exe;HiSuiteOuc.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc.exe [2013-07-11 116032]
R4 HuaweiHiSuiteService.exe;HuaweiHiSuiteService.exe;c:\programdata\HandSetService\HuaweiHiSuiteService.exe [2013-05-02 158208]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-04-01 26096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-01 788272]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-04-01 427736]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-09-14 28776]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-04-18 208896]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-04-17 276992]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\AMD\OverDrive\i386\AODDriver2.sys [2012-09-20 48296]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2014-02-11 50400]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-01 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-01 73440]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-01 106912]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2015-03-30 1848168]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-03-30 411920]
S2 MSI_LiveUpdate_Service;MSI_LiveUpdate_Service;c:\program files\MSI\Live Update\MSI_LiveUpdate_Service.exe [2014-08-26 1722320]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-01-02 218192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-12-19 77824]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-01-02 3192344]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update\NTIOLib.sys [2010-10-20 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-11-26 683736]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NTIOLIB_1_0_4
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-18 08:05 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: Interfaces\{EE928C34-4B07-41BE-A09A-893F11660DF4}: NameServer = 172.16.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BitRaider Web Client - c:\programdata\BitRaider\brwc.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1830440610-1908763506-3238583907-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:70,27,5f,6f,f3,42,ec,98,02,b3,09,14,c7,f9,8b,80,e5,a1,f1,38,e0,47,aa,
7d,e5,5f,70,02,3e,6b,8b,42,e7,89,69,3e,0d,79,cc,d4,47,43,3f,27,3e,ed,68,45,\
"??"=hex:c0,7d,f4,35,72,ee,56,39,2c,b1,78,d0,ac,9f,a2,b5
.
[HKEY_USERS\S-1-5-21-1830440610-1908763506-3238583907-1000\Software\SecuROM\License information*]
"datasecu"=hex:d0,09,4d,fa,40,3c,61,45,2a,7a,2e,7a,c0,bc,ba,49,20,1c,39,c1,a2,
f4,d3,26,e4,4d,99,88,63,26,ca,fb,a1,2e,19,bf,66,06,5c,94,93,4e,41,f0,76,44,\
"rkeysecu"=hex:5c,0f,6e,1a,2b,66,5f,ac,89,57,ae,90,a8,d8,d1,77
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4088)
c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\MSI\NetworkGenie\NetworkGenie.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\vssvc.exe
c:\windows\system32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Celkový čas: 2015-04-24 17:20:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-04-24 15:20
ComboFix2.txt 2015-02-03 17:44
ComboFix3.txt 2015-01-03 11:11
ComboFix4.txt 2014-09-11 09:36
ComboFix5.txt 2015-04-24 15:04
.
Před spuštěním: Volných bajtů: 32 658 423 808
Po spuštění: Volných bajtů: 32 588 517 376
.
- - End Of File - - 75799E6B980102AB1D117EB6B9DBD1E5
A36C5E4F47E84449FF07ED3517B43A31

[keslíček]

po posledních operacích začal ping zase lítat až na 300

[keslíček]

cs go zase nehratelné 200ping i více

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
ClearJavaCache::
KillAll::
File::
c:\windows\KMSEmulator.exe

RegLock::
[HKEY_USERS\S-1-5-21-1830440610-1908763506-3238583907-1000\Software\SecuROM\License information*]
"datasecu"=hex:d0,09,4d,fa,40,3c,61,45,2a,7a,2e,7a,c0,bc,ba,49,20,1c,39,c1,a2,
 f4,d3,26,e4,4d,99,88,63,26,ca,fb,a1,2e,19,bf,66,06,5c,94,93,4e,41,f0,76,44,\
"rkeysecu"=hex:5c,0f,6e,1a,2b,66,5f,ac,89,57,ae,90,a8,d8,d1,77
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Zlegalizuj si systém!!

[keslíček]

ComboFix 15-04-19.01 - šalomoun 26.04.2015 17:41:36.12.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3327.2502 [GMT 2:00]
Spuštěný z: c:\users\Üalomoun\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Üalomoun\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-26 do 2015-04-26 )))))))))))))))))))))))))))))))
.
.
2015-04-26 15:49 . 2015-04-26 15:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-04-26 15:49 . 2015-04-26 15:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-23 17:50 . 2015-04-23 17:50 -------- d-----w-lomoun c:\users\?alomoun
2015-04-17 20:40 . 2015-04-17 20:40 -------- d-----w- c:\users\Üalomoun
2015-04-17 20:15 . 2015-04-23 17:48 -------- d-----w- C:\zoek_backup
2015-04-12 18:40 . 2015-04-12 18:40 -------- d-----w- c:\users\šalomoun\AppData\Roaming\Wargaming.net
2015-04-11 15:18 . 2015-04-11 15:18 -------- d-----w- c:\programdata\VS Revo Group
2015-04-11 15:18 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-04-08 19:47 . 2015-04-01 17:04 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-03 10:58 . 2015-04-08 19:32 -------- d-----w- c:\programdata\RogueKiller
2015-04-01 17:04 . 2015-04-01 17:04 26096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-04-01 17:04 . 2015-04-01 17:04 43112 ----a-w- c:\windows\avastSS.scr
2015-03-31 14:16 . 2015-04-08 20:04 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-24 12:14 . 2014-06-15 11:38 151552 ----a-w- c:\windows\KMSEmulator.exe
2015-04-24 11:12 . 2014-06-19 19:36 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-15 17:43 . 2012-07-23 14:03 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-15 17:43 . 2012-07-23 14:03 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-01 17:04 . 2015-01-02 16:47 208024 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-01 17:04 . 2015-01-02 16:47 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-01 17:04 . 2015-01-02 16:47 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-01 17:04 . 2015-01-02 16:47 427736 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-01 17:04 . 2015-01-02 16:47 73440 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-01 17:04 . 2015-01-02 16:47 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-01 17:04 . 2015-01-02 16:47 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-01 17:04 . 2015-01-02 16:47 788272 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-30 13:25 . 2012-07-23 14:50 26176 ---ha-w- c:\windows\system32\hamachi.sys
2015-03-12 22:11 . 2014-05-29 12:48 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-02 16:47 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2015-04-13 2889408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-30 5227648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^šalomoun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\šalomoun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 11:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update]
2014-08-26 16:20 3468240 ----a-w- c:\program files\MSI\Live Update\Live Update.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 16:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
2014-08-20 01:36 55568 ----a-w- c:\progra~1\Raptr\raptrstub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2014-04-17 20:38 748256 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-04-13 23:44 2889408 ----a-w- c:\program files\Steam\Steam.exe
.
R2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [2012-09-20 136648]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-01 106912]
R2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R3 BRDriver;BRDriver;c:\programdata\BitRaider\BRDriver.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-04-24 114904]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-02 1343400]
R4 HiSuiteOuc.exe;HiSuiteOuc.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc.exe [2013-07-11 116032]
R4 HuaweiHiSuiteService.exe;HuaweiHiSuiteService.exe;c:\programdata\HandSetService\HuaweiHiSuiteService.exe [2013-05-02 158208]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-04-01 26096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-01 788272]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-04-01 427736]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-09-14 28776]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-04-18 208896]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-04-17 276992]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\AMD\OverDrive\i386\AODDriver2.sys [2012-09-20 48296]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2014-02-11 50400]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-01 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-01 73440]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2015-03-30 1848168]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-03-30 411920]
S2 MSI_LiveUpdate_Service;MSI_LiveUpdate_Service;c:\program files\MSI\Live Update\MSI_LiveUpdate_Service.exe [2014-08-26 1722320]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-01-02 218192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-12-19 77824]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-01-02 3192344]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update\NTIOLib.sys [2010-10-20 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-11-26 683736]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NTIOLIB_1_0_4
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-18 08:05 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: Interfaces\{EE928C34-4B07-41BE-A09A-893F11660DF4}: NameServer = 172.16.0.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1830440610-1908763506-3238583907-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:70,27,5f,6f,f3,42,ec,98,02,b3,09,14,c7,f9,8b,80,e5,a1,f1,38,e0,47,aa,
7d,e5,5f,70,02,3e,6b,8b,42,e7,89,69,3e,0d,79,cc,d4,47,43,3f,27,3e,ed,68,45,\
"??"=hex:c0,7d,f4,35,72,ee,56,39,2c,b1,78,d0,ac,9f,a2,b5
.
[HKEY_USERS\S-1-5-21-1830440610-1908763506-3238583907-1000\Software\SecuROM\License information*]
"datasecu"=hex:d0,09,4d,fa,40,3c,61,45,2a,7a,2e,7a,c0,bc,ba,49,20,1c,39,c1,a2,
f4,d3,26,e4,4d,99,88,63,26,ca,fb,a1,2e,19,bf,66,06,5c,94,93,4e,41,f0,76,44,\
"rkeysecu"=hex:5c,0f,6e,1a,2b,66,5f,ac,89,57,ae,90,a8,d8,d1,77
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2015-04-26 17:50:49
ComboFix-quarantined-files.txt 2015-04-26 15:50
ComboFix2.txt 2015-04-24 15:20
ComboFix3.txt 2015-02-03 17:44
ComboFix4.txt 2015-01-03 11:11
ComboFix5.txt 2015-04-26 15:40
.
Před spuštěním: Volných bajtů: 31 312 265 216
Po spuštění: Volných bajtů: 31 402 635 264
.
- - End Of File - - C86542A33C90DD54E8D2B37B6EA8F1B6
A36C5E4F47E84449FF07ED3517B43A31

[keslíček]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:53:44, on 26.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\MSI\NetworkGenie\NetworkGenie.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\šalomoun\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE928C34-4B07-41BE-A09A-893F11660DF4}: NameServer = 172.16.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - Unknown owner - C:\Program Files\AVAST Software\Avast\afwServ.exe (file missing)
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - Unknown owner - C:\ProgramData\BitRaider\BRSptSvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MSI_LiveUpdate_Service - Micro-Star International - C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6184 bytes

[Orcus]

CF skript prosím znovu, ale v nouzovém režimu, protože se neprovedl.

[keslíček]

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2015-04-26 17:55:14
-----------------------------
17:55:14.356 OS Version: Windows 6.1.7601 Service Pack 1
17:55:14.356 Number of processors: 2 586 0x603
17:55:14.356 ComputerName: ŠALOMOUN-PC UserName: šalomoun
17:55:15.419 Initialize success
17:55:15.419 VM: initialized successfully
17:55:15.434 VM: Amd CPU supported
17:55:18.178 VM: not used
17:55:22.646 AVAST engine defs: 15042600
17:55:23.974 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:55:23.974 Disk 0 Vendor: ST3320413AS JC45 Size: 146585MB BusType: 3
17:55:24.006 Disk 0 MBR read successfully
17:55:24.021 Disk 0 MBR scan
17:55:24.053 Disk 0 Windows 7 default MBR code
17:55:24.068 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 146577 MB offset 63
17:55:24.084 Disk 0 Boot: NTFS code=2
17:55:24.131 Disk 0 scanning sectors +300190590
17:55:24.178 Disk 0 scanning C:\Windows\system32\drivers
17:55:36.599 Service scanning
17:55:56.099 Modules scanning
17:56:04.084 Disk 0 trace - called modules:
17:56:04.115 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x861331f8]<<
17:56:04.131 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f513b0]
17:56:04.131 3 CLASSPNP.SYS[8cc1f59e] -> nt!IofCallDriver -> [0x86a77918]
17:56:04.131 5 ACPI.sys[8c4f63d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86182610]
17:56:04.146 \Driver\atapi[0x86aa8da8] -> IRP_MJ_CREATE -> 0x861331f8
17:56:08.287 AVAST engine scan C:\Windows
17:56:14.474 AVAST engine scan C:\Windows\system32
17:58:40.162 AVAST engine scan C:\Windows\system32\drivers
17:58:53.483 AVAST engine scan C:\Users\šalomoun
17:59:23.598 Disk 0 MBR has been saved successfully to "C:\Users\šalomoun\Downloads\MBR.dat"
17:59:23.598 The log file has been saved successfully to "C:\Users\šalomoun\Downloads\fffgh.txt"
18:02:46.365 AVAST engine scan C:\ProgramData
18:04:08.818 Scan finished successfully
18:08:44.381 Disk 0 MBR has been saved successfully to "C:\Users\šalomoun\Downloads\MBR.dat"
18:08:44.381 The log file has been saved successfully to "C:\Users\šalomoun\Downloads\ppp.txt"

[Orcus]

CF skript prosím znovu, ale v nouzovém režimu, protože se neprovedl.

Zlegalizuj si systém!!

[keslíček]

ComboFix 15-04-19.01 - šalomoun 26.04.2015 18:29:25.13.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3327.2327 [GMT 2:00]
Spuštěný z: c:\users\Üalomoun\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Üalomoun\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-26 do 2015-04-26 )))))))))))))))))))))))))))))))
.
.
2015-04-24 12:20 . 2015-04-24 12:20 -------- d-----w- C:\RegBackup
2015-04-23 17:50 . 2015-04-23 17:34 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-23 17:50 . 2015-04-23 17:50 -------- d-----w-lomoun c:\users\?alomoun
2015-04-17 20:40 . 2015-04-17 20:40 -------- d-----w- c:\users\Üalomoun
2015-04-17 20:15 . 2015-04-23 17:48 -------- d-----w- C:\zoek_backup
2015-04-12 18:40 . 2015-04-12 18:40 -------- d-----w- c:\users\šalomoun\AppData\Roaming\Wargaming.net
2015-04-11 15:18 . 2015-04-11 15:18 -------- d-----w- c:\programdata\VS Revo Group
2015-04-11 15:18 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-04-08 19:47 . 2015-04-01 17:04 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-03 10:58 . 2015-04-08 19:32 -------- d-----w- c:\programdata\RogueKiller
2015-04-01 17:04 . 2015-04-01 17:04 26096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-04-01 17:04 . 2015-04-01 17:04 43112 ----a-w- c:\windows\avastSS.scr
2015-03-31 14:16 . 2015-04-08 20:04 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-24 12:14 . 2014-06-15 11:38 151552 ----a-w- c:\windows\KMSEmulator.exe
2015-04-24 11:12 . 2014-06-19 19:36 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-15 17:43 . 2012-07-23 14:03 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-15 17:43 . 2012-07-23 14:03 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-01 17:04 . 2015-01-02 16:47 208024 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-01 17:04 . 2015-01-02 16:47 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-01 17:04 . 2015-01-02 16:47 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-01 17:04 . 2015-01-02 16:47 427736 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-01 17:04 . 2015-01-02 16:47 73440 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-01 17:04 . 2015-01-02 16:47 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-01 17:04 . 2015-01-02 16:47 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-01 17:04 . 2015-01-02 16:47 788272 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-30 13:25 . 2012-07-23 14:50 26176 ---ha-w- c:\windows\system32\hamachi.sys
2015-03-12 22:11 . 2014-05-29 12:48 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-02 16:47 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2015-04-13 2889408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-30 5227648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^šalomoun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\šalomoun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 11:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update]
2014-08-26 16:20 3468240 ----a-w- c:\program files\MSI\Live Update\Live Update.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 16:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
2014-08-20 01:36 55568 ----a-w- c:\progra~1\Raptr\raptrstub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2014-04-17 20:38 748256 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-04-13 23:44 2889408 ----a-w- c:\program files\Steam\Steam.exe
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-01 788272]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-04-01 427736]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-04-18 208896]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-04-17 276992]
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\AMD\OverDrive\i386\AODDriver2.sys [2012-09-20 48296]
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2014-02-11 50400]
R2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [2012-09-20 136648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-01 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-01 73440]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-01 106912]
R2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-03-30 411920]
R2 MSI_LiveUpdate_Service;MSI_LiveUpdate_Service;c:\program files\MSI\Live Update\MSI_LiveUpdate_Service.exe [2014-08-26 1722320]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-01-02 218192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-12-19 77824]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-01-02 3192344]
R3 BRDriver;BRDriver;c:\programdata\BitRaider\BRDriver.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-04-24 114904]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update\NTIOLib.sys [2010-10-20 7680]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-02 1343400]
R4 HiSuiteOuc.exe;HiSuiteOuc.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc.exe [2013-07-11 116032]
R4 HuaweiHiSuiteService.exe;HuaweiHiSuiteService.exe;c:\programdata\HandSetService\HuaweiHiSuiteService.exe [2013-05-02 158208]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-04-01 26096]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-09-14 28776]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2015-03-30 1848168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-11-26 683736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-18 08:05 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: Interfaces\{EE928C34-4B07-41BE-A09A-893F11660DF4}: NameServer = 172.16.0.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1830440610-1908763506-3238583907-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:70,27,5f,6f,f3,42,ec,98,02,b3,09,14,c7,f9,8b,80,e5,a1,f1,38,e0,47,aa,
7d,e5,5f,70,02,3e,6b,8b,42,e7,89,69,3e,0d,79,cc,d4,47,43,3f,27,3e,ed,68,45,\
"??"=hex:c0,7d,f4,35,72,ee,56,39,2c,b1,78,d0,ac,9f,a2,b5
.
[HKEY_USERS\S-1-5-21-1830440610-1908763506-3238583907-1000\Software\SecuROM\License information*]
"datasecu"=hex:d0,09,4d,fa,40,3c,61,45,2a,7a,2e,7a,c0,bc,ba,49,20,1c,39,c1,a2,
f4,d3,26,e4,4d,99,88,63,26,ca,fb,a1,2e,19,bf,66,06,5c,94,93,4e,41,f0,76,44,\
"rkeysecu"=hex:5c,0f,6e,1a,2b,66,5f,ac,89,57,ae,90,a8,d8,d1,77
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2015-04-26 18:36:47
ComboFix-quarantined-files.txt 2015-04-26 16:36
ComboFix2.txt 2015-04-26 15:50
ComboFix3.txt 2015-04-24 15:20
ComboFix4.txt 2015-02-03 17:44
ComboFix5.txt 2015-04-26 16:28
.
Před spuštěním: Volných bajtů: 31 729 770 496
Po spuštění: Volných bajtů: 31 687 262 208
.
- - End Of File - - 82C50CE2E410FD89D553052F22853072
A36C5E4F47E84449FF07ED3517B43A31