Email rozesílá spamy

Tholus · Příspěvekod **Tholus** » 29 kvě 2015 17:12

Ahoj, přítelkyně má problém s emailem. Přihlašuje se normálně přes nejnovější Firefox na seznam.cz a při posledním přihlášení jí to napsalo, že si musí změnit heslo, protože je z jejího emailu rozesílán spam. Po přihlášení na email vyjelo cca 15 emailů od Mailer Daemon, že email byl nedoručený na adresu XXX. Nevím odkud by se tam mohl vzít ten vir, jelikož má Avast a stahuje jen filmy, hudbu a obrázky. Přikládám log z HiJackThis. Díky moc za pomoc.

-----------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:03:48, on 29.5.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Emily Dark Rose\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8078 bytes

Reklama

Příspěvekod **jerabina** » 29 kvě 2015 17:43

Podíváme se na to + to přesunu do sekce HiJackThis.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Tholus · Příspěvekod **Tholus** » 30 kvě 2015 22:34

Díky. Byl jsem členem skupiny registrovaní_no_hjt, takže jsem kategorii o HJT neviděl. Zde jsou logy:

-------------------------------------------------

# AdwCleaner v4.205 - Log vytvořen 30/05/2015 v 17:13:38
# Aktualizováno 21/05/2015 by Xplode
# Databáze : 2015-05-25.3 [Server]
# Operační system : Windows 7 Ultimate Service Pack 1 (x64)
# Uživatelské jméno : Emily Dark Rose - EMILYDARKROSE
# Spuštěno z : C:\Users\Emily Dark Rose\Desktop\AdwCleaner.exe
# Nastavení : Sken

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Program Files (x86)\DeviceVM
Složka Nalezeno : C:\ProgramData\DeviceVM
Složka Nalezeno : C:\Users\Emily Dark Rose\AppData\Roaming\DeviceVM

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Klíč Nalezeno : HKLM\SOFTWARE\Classes\S

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17801

-\\ Mozilla Firefox v38.0.1 (x86 cs)

*************************

AdwCleaner[R0].txt - [849 bytů] - [30/05/2015 17:13:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [906 bytů] ##########

-------------------------------------------------

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 30.5.2015
Čas skenování: 17:18:02
Protokol:
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.05.30.02
Databáze rootkitů: v2015.05.24.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Emily Dark Rose

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 443219
Uplynulý čas: 1 hod, 5 min, 59 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **jerabina** » 30 kvě 2015 23:11

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Tholus · Příspěvekod **Tholus** » 13 čer 2015 16:43

# AdwCleaner v4.206 - Log vytvořen 13/06/2015 v 15:30:39
# Aktualizováno 01/06/2015 by Xplode
# Databáze : 2015-06-09.1 [Server]
# Operační system : Windows 7 Ultimate Service Pack 1 (x64)
# Uživatelské jméno : Emily Dark Rose - EMILYDARKROSE
# Spuštěno z : C:\Users\Emily Dark Rose\Desktop\adwcleaner_4.206.exe
# Nastavení : Čištění

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\DeviceVM
Složka Smazáno : C:\Program Files (x86)\DeviceVM
Složka Smazáno : C:\Users\Emily Dark Rose\AppData\Roaming\DeviceVM

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Classes\S

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v38.0.5 (x86 cs)

*************************

AdwCleaner[R0].txt - [983 bytů] - [30/05/2015 17:13:38]
AdwCleaner[R1].txt - [1046 bytů] - [13/06/2015 15:29:20]
AdwCleaner[S0].txt - [969 bytů] - [13/06/2015 15:30:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1026 bytů] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.3 (06.13.2015:1)
OS: Windows 7 Ultimate x64
Ran by Emily Dark Rose on so 13.06.2015 at 15:36:26,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 13.06.2015 at 15:38:56,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V10.8.2.0 (x64) [Jun 9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Emily Dark Rose [Práva správce]
Started from : C:\Users\Emily Dark Rose\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 06/13/2015 15:54:02

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A30B8B49-A91C-4F10-9063-A047E34866A5} | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A30B8B49-A91C-4F10-9063-A047E34866A5} | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A30B8B49-A91C-4F10-9063-A047E34866A5} | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 7e4035f6cda96f2d3dff438c354dbebc
[BSP] cf61342f770622a60e83f55d7ce45b26 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **jaro3** » 13 čer 2015 17:47

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Tholus · Příspěvekod **Tholus** » 13 čer 2015 19:45

RogueKiller V10.8.2.0 (x64) [Jun 9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Emily Dark Rose [Práva správce]
Started from : C:\Users\Emily Dark Rose\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 06/13/2015 18:41:12

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A30B8B49-A91C-4F10-9063-A047E34866A5} | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A30B8B49-A91C-4F10-9063-A047E34866A5} | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A30B8B49-A91C-4F10-9063-A047E34866A5} | DhcpNameServer : 213.46.172.37 213.46.172.36 [-][CZECH REPUBLIC (CZ)] -> Nahrazeno ()

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FIREFX:Addon] tyblo6v3.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
[FIREFX:Addon] tyblo6v3.default : Avast Online Security [wrc@avast.com] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 7e4035f6cda96f2d3dff438c354dbebc
[BSP] cf61342f770622a60e83f55d7ce45b26 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_06132015_155402.log - RKreport_SCN_06132015_183955.log

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Emily Dark Rose on so 13.06.2015 at 18:44:26,67.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Emily Dark Rose\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13.6.2015 18:59:35 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\Users\Emily Dark Rose\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Emily Dark Rose\AppData\Local\EmieSiteList deleted successfully
C:\Users\Emily Dark Rose\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\Users\Emily Dark Rose\AppData\Roaming\IMVUClient deleted
C:\Users\Emily Dark Rose\AppData\Roaming\cdr.ini deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [17.03.2015 17:50]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17.03.2015 17:50]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Old Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Old Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Emily Dark Rose\AppData\Local\Mozilla\Firefox\Profiles\tyblo6v3.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1513 folders=53 241406403 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Emily Dark Rose\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\EMILYD~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 13.06.2015 at 19:13:13,54 ======================

ComboFix 15-06-09.01 - Emily Dark Rose 13.06.2015 19:31:58.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2760 [GMT 2:00]
Spuštěný z: c:\users\Emily Dark Rose\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile0.txt
c:\users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile1.txt
c:\users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile2.txt
c:\users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile3.txt
c:\users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile4.txt
c:\users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile5.txt
c:\users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile6.txt
c:\users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile7.txt
c:\users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile8.txt
c:\users\Emily Dark Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempfile9.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-13 do 2015-06-13 )))))))))))))))))))))))))))))))
.
.
2015-06-13 17:41 . 2015-06-13 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-13 17:39 . 2015-06-13 17:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36D9D216-AA28-40D7-952F-AF4C3CF4773B}\offreg.4588.dll
2015-06-13 17:11 . 2015-06-13 17:41 -------- d-----w- c:\users\Emily Dark Rose\AppData\Local\Temp
2015-06-13 17:11 . 2015-06-13 16:44 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-13 16:44 . 2015-06-13 17:09 -------- d-----w- C:\zoek_backup
2015-06-13 13:47 . 2015-06-13 16:36 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-13 13:47 . 2015-06-13 13:47 -------- d-----w- c:\programdata\RogueKiller
2015-06-13 13:36 . 2015-06-13 13:36 -------- d-----w- C:\RegBackup
2015-06-13 08:47 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36D9D216-AA28-40D7-952F-AF4C3CF4773B}\mpengine.dll
2015-06-10 09:21 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-08 13:24 . 2015-06-12 22:25 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-06-05 20:49 . 2015-06-05 20:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-06-02 09:28 . 2015-06-02 09:28 -------- d-----w- c:\users\Emily Dark Rose\AppData\Local\GWX
2015-05-31 12:30 . 2015-05-31 12:30 -------- d-----w- c:\users\Emily Dark Rose\AppData\Local\Adobe
2015-05-30 15:17 . 2015-05-30 15:17 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-30 15:17 . 2015-05-30 15:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-30 15:17 . 2015-05-30 15:17 -------- d-----w- c:\programdata\Malwarebytes
2015-05-30 15:17 . 2015-04-14 07:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-30 15:17 . 2015-04-14 07:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-30 15:17 . 2015-04-14 07:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-30 15:16 . 2015-05-30 15:16 -------- d-----w- c:\users\Emily Dark Rose\AppData\Local\Programs
2015-05-30 15:13 . 2015-06-13 13:30 -------- d-----w- C:\AdwCleaner
2015-05-29 18:22 . 2015-05-29 18:22 -------- d-----w- c:\users\Emily Dark Rose\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-10 19:34 . 2015-03-16 16:46 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-10 16:49 . 2015-03-21 15:47 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-10 16:49 . 2015-03-21 15:47 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-05 20:48 . 2015-03-21 11:41 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-25 18:19 . 2015-06-10 09:22 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 09:22 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-10 09:22 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 09:22 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 09:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-12 23:08 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-12 23:08 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-12 20:39 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-12 20:39 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-12 20:39 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-12 20:40 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-12 20:40 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-12 20:40 328704 ----a-w- c:\windows\system32\services.exe
2015-04-11 21:26 . 2015-04-11 18:42 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2015-04-11 21:25 . 2015-04-11 20:08 347464 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-04-11 21:25 . 2015-04-11 18:42 347464 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-04-11 20:08 . 2015-04-11 18:42 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-04-08 03:29 . 2015-05-12 20:39 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-12 20:39 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-12 20:39 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-03-25 03:24 . 2015-04-15 14:11 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 14:11 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 14:11 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 14:11 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 14:11 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 14:11 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 14:11 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 14:11 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 14:11 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 14:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 14:11 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 14:11 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 14:11 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 14:11 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 14:11 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 14:11 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-21 16:18 . 2015-03-21 16:18 16896 ----a-w- c:\windows\AsTaskSched.dll
2015-03-21 16:15 . 2009-08-24 05:55 16440 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2015-03-21 16:14 . 2011-03-29 09:04 27760 ----a-w- c:\windows\system32\ViakaraokeSrv.exe
2015-03-21 16:14 . 2011-03-29 09:04 116848 ----a-w- c:\windows\system32\ViaKaraokePropPageExt.dll
2015-03-21 16:14 . 2011-03-29 09:04 1161328 ----a-w- c:\windows\system32\ViaKaraokeApo.dll
2015-03-21 16:14 . 2007-12-04 10:28 86016 ----a-w- c:\windows\system32\nQPropPageExt.dll
2015-03-21 16:14 . 2007-12-04 10:28 82432 ----a-w- c:\windows\system32\nQAPO.dll
2015-03-21 16:14 . 2015-03-21 16:17 414632 ------w- c:\windows\difxapi.dll
2015-03-21 12:44 . 2015-03-21 12:44 30352 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2015-03-21 11:47 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-03-17 15:50 . 2015-03-17 15:50 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-03-17 15:50 . 2015-03-17 15:50 268640 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-03-17 15:50 . 2015-03-17 15:50 441728 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-03-17 15:50 . 2015-03-17 15:50 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-03-17 15:50 . 2015-03-17 15:50 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-03-17 15:50 . 2015-03-17 15:50 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-03-17 15:50 . 2015-03-17 15:50 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-03-17 15:50 . 2015-03-17 15:50 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-03-17 15:50 . 2015-03-17 15:50 43112 ----a-w- c:\windows\avastSS.scr
2015-03-17 15:50 . 2015-03-17 15:50 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-16 20:48 . 2015-03-16 20:48 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-03-16 20:48 . 2015-03-16 20:48 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-03-16 20:48 . 2015-03-16 20:48 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-03-16 20:48 . 2015-03-16 20:48 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-03-16 20:48 . 2015-03-16 20:48 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-03-16 20:48 . 2015-03-16 20:48 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-03-16 20:48 . 2015-03-16 20:48 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-03-16 20:48 . 2015-03-16 20:48 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-03-16 20:48 . 2015-03-16 20:48 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-03-16 20:48 . 2015-03-16 20:48 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-03-16 20:48 . 2015-03-16 20:48 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-03-16 20:48 . 2015-03-16 20:48 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-03-16 20:48 . 2015-03-16 20:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-03-16 20:48 . 2015-03-16 20:48 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-03-16 20:48 . 2015-03-16 20:48 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-03-16 20:48 . 2015-03-16 20:48 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-03-16 20:48 . 2015-03-16 20:48 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-03-16 20:48 . 2015-03-16 20:48 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-03-16 20:48 . 2015-03-16 20:48 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-03-16 20:48 . 2015-03-16 20:48 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-03-16 20:48 . 2015-03-16 20:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-03-16 20:48 . 2015-03-16 20:48 247808 ----a-w- c:\windows\system32\msls31.dll
2015-03-16 20:48 . 2015-03-16 20:48 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-03-16 20:48 . 2015-03-16 20:48 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-03-16 20:48 . 2015-03-16 20:48 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-03-16 20:48 . 2015-03-16 20:48 81408 ----a-w- c:\windows\system32\icardie.dll
2015-03-16 20:48 . 2015-03-16 20:48 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-03-16 20:48 . 2015-03-16 20:48 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-03-16 20:48 . 2015-03-16 20:48 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-03-16 20:48 . 2015-03-16 20:48 235520 ----a-w- c:\windows\system32\url.dll
2015-03-16 20:48 . 2015-03-16 20:48 101376 ----a-w- c:\windows\system32\inseng.dll
2015-03-16 20:48 . 2015-03-16 20:48 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-03-16 20:48 . 2015-03-16 20:48 143872 ----a-w- c:\windows\system32\wextract.exe
2015-03-16 20:48 . 2015-03-16 20:48 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-03-16 20:48 . 2015-03-16 20:48 147968 ----a-w- c:\windows\system32\occache.dll
2015-03-16 20:48 . 2015-03-16 20:48 13824 ----a-w- c:\windows\system32\mshta.exe
2015-03-16 20:48 . 2015-03-16 20:48 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-03-16 20:48 . 2015-03-16 20:48 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-03-16 17:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-03-16 17:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-02-26 5583120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-19 5511352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-21 16:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-17 15:50 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-13 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-13 1514528]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\Emily Dark Rose\AppData\Roaming\Mozilla\Firefox\Profiles\tyblo6v3.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-IMVU Avatar chat client software BETA - c:\users\Emily Dark Rose\AppData\Roaming\IMVUClient\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-06-13 19:43:42
ComboFix-quarantined-files.txt 2015-06-13 17:43
.
Před spuštěním: Volných bajtů: 295 580 995 584
Po spuštění: Volných bajtů: 295 042 138 112
.
- - End Of File - - AF3C79B75134CAB03B326BC50D08C690
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 13 čer 2015 21:53

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Tholus · Příspěvekod **Tholus** » 14 čer 2015 02:12

ComboFix 15-06-09.01 - Emily Dark Rose 13.06.2015 23:07:47.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2616 [GMT 2:00]
Spuštěný z: c:\users\Emily Dark Rose\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Emily Dark Rose\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Emily Dark Rose\AppData\Local\Temp\INS_59f64a92.TMP
c:\users\Emily Dark Rose\AppData\Local\Temp\INS_5e7f8fb1.TMP
c:\users\Emily Dark Rose\AppData\Local\Temp\INS_8d3796c0.TMP
c:\users\EMILYD~1\AppData\Local\Temp\INS_59f64a92.TMP
c:\users\EMILYD~1\AppData\Local\Temp\INS_5e7f8fb1.TMP
c:\users\EMILYD~1\AppData\Local\Temp\INS_8d3796c0.TMP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-13 do 2015-06-13 )))))))))))))))))))))))))))))))
.
.
2015-06-13 21:19 . 2015-06-13 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-13 20:57 . 2015-05-28 03:52 571024 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-06-13 20:57 . 2015-06-13 21:20 -------- d-----w- c:\programdata\NVIDIA
2015-06-13 20:57 . 2015-05-28 04:15 937288 ----a-w- c:\windows\system32\nvvsvc.exe
2015-06-13 20:57 . 2015-05-28 04:15 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-06-13 20:57 . 2015-05-28 04:15 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-06-13 20:57 . 2015-05-28 04:15 3491984 ----a-w- c:\windows\system32\nvsvc64.dll
2015-06-13 20:57 . 2015-05-28 04:15 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2015-06-13 20:57 . 2015-05-28 04:15 6872904 ----a-w- c:\windows\system32\nvcpl.dll
2015-06-13 20:57 . 2015-05-27 10:48 4408727 ----a-w- c:\windows\system32\nvcoproc.bin
2015-06-13 20:57 . 2015-05-28 07:04 112968 ----a-w- c:\windows\system32\OpenCL.dll
2015-06-13 20:57 . 2015-05-28 07:04 105288 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-06-13 20:13 . 2015-06-13 20:13 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36D9D216-AA28-40D7-952F-AF4C3CF4773B}\offreg.2492.dll
2015-06-13 20:05 . 2015-06-13 20:05 -------- d-----w- c:\programdata\boost_interprocess
2015-06-13 20:05 . 2015-05-19 03:29 46768 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-06-13 20:05 . 2015-05-19 03:14 57520 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-06-13 17:39 . 2015-06-13 17:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36D9D216-AA28-40D7-952F-AF4C3CF4773B}\offreg.4588.dll
2015-06-13 17:11 . 2015-06-13 21:22 -------- d-----w- c:\users\Emily Dark Rose\AppData\Local\Temp
2015-06-13 17:11 . 2015-06-13 16:44 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-13 16:44 . 2015-06-13 17:09 -------- d-----w- C:\zoek_backup
2015-06-13 13:47 . 2015-06-13 16:36 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-13 13:47 . 2015-06-13 13:47 -------- d-----w- c:\programdata\RogueKiller
2015-06-13 13:36 . 2015-06-13 13:36 -------- d-----w- C:\RegBackup
2015-06-13 08:47 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36D9D216-AA28-40D7-952F-AF4C3CF4773B}\mpengine.dll
2015-06-10 09:21 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-08 13:24 . 2015-06-12 22:25 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-06-05 20:49 . 2015-06-05 20:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-06-02 09:28 . 2015-06-02 09:28 -------- d-----w- c:\users\Emily Dark Rose\AppData\Local\GWX
2015-05-31 12:30 . 2015-05-31 12:30 -------- d-----w- c:\users\Emily Dark Rose\AppData\Local\Adobe
2015-05-30 15:17 . 2015-05-30 15:17 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-30 15:17 . 2015-05-30 15:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-30 15:17 . 2015-05-30 15:17 -------- d-----w- c:\programdata\Malwarebytes
2015-05-30 15:17 . 2015-04-14 07:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-30 15:17 . 2015-04-14 07:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-30 15:17 . 2015-04-14 07:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-30 15:16 . 2015-05-30 15:16 -------- d-----w- c:\users\Emily Dark Rose\AppData\Local\Programs
2015-05-30 15:13 . 2015-06-13 13:30 -------- d-----w- C:\AdwCleaner
2015-05-29 18:22 . 2015-05-29 18:22 -------- d-----w- c:\users\Emily Dark Rose\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-10 19:34 . 2015-03-16 16:46 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-10 16:49 . 2015-03-21 15:47 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-10 16:49 . 2015-03-21 15:47 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-05 20:48 . 2015-03-21 11:41 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-03 21:04 . 2015-03-21 17:14 1320304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-06-03 21:04 . 2015-03-21 17:14 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-06-03 21:04 . 2015-03-21 17:14 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-06-03 21:04 . 2015-03-21 17:14 1571696 ----a-w- c:\windows\system32\nvspcap64.dll
2015-05-25 18:19 . 2015-06-10 09:22 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 09:22 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-10 09:22 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 09:22 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 09:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-19 03:14 . 2015-03-21 17:10 61616 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-05-01 13:17 . 2015-05-12 23:08 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-12 23:08 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-12 20:39 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-12 20:39 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-12 20:39 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-12 20:40 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-12 20:40 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-12 20:40 328704 ----a-w- c:\windows\system32\services.exe
2015-04-11 21:26 . 2015-04-11 18:42 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2015-04-11 21:25 . 2015-04-11 20:08 347464 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-04-11 21:25 . 2015-04-11 18:42 347464 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-04-11 20:08 . 2015-04-11 18:42 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-04-08 03:29 . 2015-05-12 20:39 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-12 20:39 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-12 20:39 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-03-25 03:24 . 2015-04-15 14:11 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 14:11 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 14:11 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 14:11 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 14:11 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 14:11 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 14:11 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 14:11 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 14:11 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 14:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 14:11 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 14:11 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 14:11 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 14:11 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 14:11 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 14:11 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-21 16:18 . 2015-03-21 16:18 16896 ----a-w- c:\windows\AsTaskSched.dll
2015-03-21 16:15 . 2009-08-24 05:55 16440 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2015-03-21 16:14 . 2011-03-29 09:04 27760 ----a-w- c:\windows\system32\ViakaraokeSrv.exe
2015-03-21 16:14 . 2011-03-29 09:04 116848 ----a-w- c:\windows\system32\ViaKaraokePropPageExt.dll
2015-03-21 16:14 . 2011-03-29 09:04 1161328 ----a-w- c:\windows\system32\ViaKaraokeApo.dll
2015-03-21 16:14 . 2007-12-04 10:28 86016 ----a-w- c:\windows\system32\nQPropPageExt.dll
2015-03-21 16:14 . 2007-12-04 10:28 82432 ----a-w- c:\windows\system32\nQAPO.dll
2015-03-21 16:14 . 2015-03-21 16:17 414632 ------w- c:\windows\difxapi.dll
2015-03-21 12:44 . 2015-03-21 12:44 30352 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2015-03-21 11:47 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-03-17 15:50 . 2015-03-17 15:50 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-03-17 15:50 . 2015-03-17 15:50 268640 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-03-17 15:50 . 2015-03-17 15:50 441728 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-03-17 15:50 . 2015-03-17 15:50 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-03-17 15:50 . 2015-03-17 15:50 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-03-17 15:50 . 2015-03-17 15:50 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-03-17 15:50 . 2015-03-17 15:50 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-03-17 15:50 . 2015-03-17 15:50 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-03-17 15:50 . 2015-03-17 15:50 43112 ----a-w- c:\windows\avastSS.scr
2015-03-17 15:50 . 2015-03-17 15:50 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-16 20:48 . 2015-03-16 20:48 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-03-16 20:48 . 2015-03-16 20:48 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-03-16 20:48 . 2015-03-16 20:48 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-03-16 20:48 . 2015-03-16 20:48 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-03-16 20:48 . 2015-03-16 20:48 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-03-16 20:48 . 2015-03-16 20:48 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-03-16 20:48 . 2015-03-16 20:48 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-03-16 20:48 . 2015-03-16 20:48 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-03-16 20:48 . 2015-03-16 20:48 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-03-16 20:48 . 2015-03-16 20:48 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-03-16 20:48 . 2015-03-16 20:48 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-03-16 20:48 . 2015-03-16 20:48 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-03-16 20:48 . 2015-03-16 20:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-03-16 20:48 . 2015-03-16 20:48 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-03-16 20:48 . 2015-03-16 20:48 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-03-16 20:48 . 2015-03-16 20:48 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-03-16 20:48 . 2015-03-16 20:48 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-03-16 20:48 . 2015-03-16 20:48 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-03-16 20:48 . 2015-03-16 20:48 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-03-16 20:48 . 2015-03-16 20:48 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-03-16 20:48 . 2015-03-16 20:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-03-16 20:48 . 2015-03-16 20:48 247808 ----a-w- c:\windows\system32\msls31.dll
2015-03-16 20:48 . 2015-03-16 20:48 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-03-16 20:48 . 2015-03-16 20:48 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-03-16 20:48 . 2015-03-16 20:48 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-03-16 20:48 . 2015-03-16 20:48 81408 ----a-w- c:\windows\system32\icardie.dll
2015-03-16 20:48 . 2015-03-16 20:48 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-03-16 20:48 . 2015-03-16 20:48 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-03-16 20:48 . 2015-03-16 20:48 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-03-16 20:48 . 2015-03-16 20:48 235520 ----a-w- c:\windows\system32\url.dll
2015-03-16 20:48 . 2015-03-16 20:48 101376 ----a-w- c:\windows\system32\inseng.dll
2015-03-16 20:48 . 2015-03-16 20:48 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-03-16 20:48 . 2015-03-16 20:48 143872 ----a-w- c:\windows\system32\wextract.exe
2015-03-16 20:48 . 2015-03-16 20:48 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-03-16 20:48 . 2015-03-16 20:48 147968 ----a-w- c:\windows\system32\occache.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-02-26 5583120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-19 5511352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NVSTREAMKMS
.
Obsah adresáře 'Naplánované úlohy'
.
2015-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-21 16:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-17 15:50 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-06-03 2754704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-06-03 1571696]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\Emily Dark Rose\AppData\Roaming\Mozilla\Firefox\Profiles\tyblo6v3.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2015-06-13 23:26:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-06-13 21:26
ComboFix2.txt 2015-06-13 17:43
.
Před spuštěním: Volných bajtů: 293 794 750 464
Po spuštění: Volných bajtů: 294 236 585 984
.
- - End Of File - - 12BF706E29467D0C279972C1A6E8C8C6
A36C5E4F47E84449FF07ED3517B43A31

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-06-13 23:47:37
-----------------------------
23:47:37.373 OS Version: Windows x64 6.1.7601 Service Pack 1
23:47:37.373 Number of processors: 4 586 0x403
23:47:37.373 ComputerName: EMILYDARKROSE UserName:
23:47:38.090 Initialize success
23:47:38.184 VM: initialized successfully
23:47:38.199 VM: Amd CPU BiosDisabled
23:47:41.709 AVAST engine defs: 15061301
23:47:49.463 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:47:49.478 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ100E5 Size: 476940MB BusType: 3
23:47:49.744 Disk 0 MBR read successfully
23:47:49.744 Disk 0 MBR scan
23:47:49.744 Disk 0 Windows 7 default MBR code
23:47:49.775 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:47:49.790 Disk 0 Boot: NTFS code=2
23:47:49.806 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
23:47:49.884 Disk 0 scanning C:\Windows\system32\drivers
23:47:57.403 Service scanning
23:48:12.644 Modules scanning
23:48:12.660 Disk 0 trace - called modules:
23:48:12.691 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:48:12.707 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ac9790]
23:48:12.707 3 CLASSPNP.SYS[fffff88000dcc43f] -> nt!IofCallDriver -> [0xfffffa80049889b0]
23:48:12.722 5 ACPI.sys[fffff88000fa57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a53060]
23:48:13.315 AVAST engine scan C:\Windows
23:48:17.278 AVAST engine scan C:\Windows\system32
23:50:21.220 AVAST engine scan C:\Windows\system32\drivers
23:50:29.878 AVAST engine scan C:\Users\Emily Dark Rose
01:46:19.793 AVAST engine scan C:\ProgramData
01:47:31.235 Disk 0 statistics 5120251/0/0 @ 0,38 MB/s
01:47:31.252 Scan finished successfully
02:08:38.145 Disk 0 MBR has been saved successfully to "C:\Users\Emily Dark Rose\Desktop\MBR.dat"
02:08:38.261 The log file has been saved successfully to "C:\Users\Emily Dark Rose\Desktop\aswMBR.txt"

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:09:57, on 14.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Emily Dark Rose\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7370 bytes

Příspěvekod **jaro3** » 14 čer 2015 09:25

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

stáhni SuperAntiSpyware
aktualizuj databázi , proveď sken a následně nákazy smaž

Pak napiš , co problémy.

Tholus · Příspěvekod **Tholus** » 14 čer 2015 15:44

Tak vše provedeno, email se zdá být už v pořádku. Jen se objevil nový problém a to ten, že se jednou za 5-10 minut zasekne Firefox, zkusil jsem ho tedy přeinstalovat i s Javou a Flashem, tak uvidíme. Jinak moc děkuji za pomoc.

Příspěvekod **Orcus** » 14 čer 2015 16:36

Email rozesílá spamy

Email rozesílá spamy

Re: Email rozesílá spamy

Re: Email rozesílá spamy

Re: Email rozesílá spamy

Re: Email rozesílá spamy

Re: Email rozesílá spamy

Re: Email rozesílá spamy

Re: Email rozesílá spamy

Re: Email rozesílá spamy

Re: Email rozesílá spamy

Re: Email rozesílá spamy

Re: Email rozesílá spamy

Kdo je online