Prosím o kontrolu logu - pomalý notebook Vyřešeno

[flowem]

ComboFix 15-06-30.01 - Jiříček 03.07.2015 15:56:09.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2927.1894 [GMT 2:00]
Spuštěný z: c:\users\Ji°ÝŔek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ji°ÝŔek\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 3
.
/wow section - STAGE 4
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jirícek\AppData\Roaming\64dlls.exe
c:\users\Jirícek\AppData\Roaming\intel64.exe
c:\users\Jirícek\AppData\Roaming\Kernel32.exe
c:\users\Jirícek\AppData\Roaming\localsys64.exe
c:\users\Jirícek\AppData\Roaming\ntos.exe
c:\users\Jirícek\AppData\Roaming\oembios.exe
c:\users\Jirícek\AppData\Roaming\sdra64.exe
c:\users\Jirícek\AppData\Roaming\sdra73.exe
c:\users\Jirícek\AppData\Roaming\swin32.exe
c:\users\Jirícek\AppData\Roaming\twex.exe
c:\users\Jirícek\AppData\Roaming\twext.exe
c:\users\Jirícek\AppData\Roaming\win32avs.exe
c:\users\Jirícek\AppData\Roaming\wsnpoema.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-03 do 2015-07-03 )))))))))))))))))))))))))))))))
.
.
2015-07-03 14:14 . 2015-07-03 15:17 -------- d-----w- c:\users\Jiříček\AppData\Local\temp
2015-07-03 14:14 . 2015-07-03 14:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-07-03 14:14 . 2015-07-03 14:14 -------- d-----w- c:\users\Draha\AppData\Local\temp
2015-07-03 14:14 . 2015-07-03 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-03 14:14 . 2015-07-03 14:14 -------- d-----w- c:\users\Banka2\AppData\Local\temp
2015-07-03 14:14 . 2015-07-03 14:14 -------- d-----w- c:\users\banka\AppData\Local\temp
2015-07-03 10:59 . 2015-07-03 10:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80C80D04-3A1B-4CC1-B246-ABD2F2947C4C}\offreg.3576.dll
2015-07-03 08:22 . 2015-07-03 08:22 -------- d-----w- c:\program files\CrystalDiskInfo
2015-07-03 08:22 . 2015-06-12 07:54 9252600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80C80D04-3A1B-4CC1-B246-ABD2F2947C4C}\mpengine.dll
2015-07-02 21:09 . 2015-07-02 19:25 24064 ----a-w- c:\windows\zoek-delete.exe
2015-07-02 11:51 . 2015-07-02 19:09 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-02 11:51 . 2015-07-02 12:10 -------- d-----w- c:\programdata\RogueKiller
2015-06-16 16:28 . 2015-06-16 16:28 -------- d-----w- c:\users\Jiříček\AppData\Local\Skype
2015-06-14 14:53 . 2015-06-14 14:53 -------- d-----w- c:\users\Jiříček\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2015-06-14 14:48 . 2015-06-14 14:49 -------- d-----w- c:\program files\OCCTPT
2015-06-14 14:47 . 2015-06-14 14:57 -------- d-----w- c:\program files\CPUID
2015-06-13 15:03 . 2015-06-13 15:03 -------- d-----w- c:\users\Jiříček\AppData\Local\GWX
2015-06-12 08:43 . 2015-05-22 18:03 571392 ----a-w- c:\windows\system32\generaltel.dll
2015-06-12 08:43 . 2015-05-22 18:02 621568 ----a-w- c:\windows\system32\invagent.dll
2015-06-12 08:43 . 2015-05-22 18:02 879104 ----a-w- c:\windows\system32\appraiser.dll
2015-06-12 08:43 . 2015-05-22 17:58 901120 ----a-w- c:\windows\system32\aeinv.dll
2015-06-12 08:43 . 2015-05-21 13:20 163840 ----a-w- c:\windows\system32\aepic.dll
2015-06-12 08:43 . 2015-05-22 18:02 333824 ----a-w- c:\windows\system32\devinv.dll
2015-06-12 08:43 . 2015-05-22 18:02 37888 ----a-w- c:\windows\system32\acmigration.dll
2015-06-12 08:43 . 2015-05-22 18:02 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-06-12 08:43 . 2015-05-25 17:00 2384384 ----a-w- c:\windows\system32\win32k.sys
2015-06-12 08:43 . 2015-04-11 03:07 54656 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-12 08:41 . 2015-05-25 18:01 43008 ----a-w- c:\windows\system32\srclient.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-02 11:18 . 2014-11-16 11:33 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-29 09:21 . 2013-01-06 15:39 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-06-29 09:21 . 2013-01-06 15:39 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-18 06:41 . 2014-11-16 11:32 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-11-16 11:32 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-11-16 11:32 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-02 16:41 . 2015-06-02 16:41 68280 ----a-w- c:\windows\system32\drivers\RapportHades.sys
2015-06-02 16:41 . 2015-06-02 16:41 218264 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2015-05-25 18:01 . 2015-06-12 08:42 248832 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-12 08:42 92160 ----a-w- c:\windows\system32\sechost.dll
2015-05-01 13:16 . 2015-05-18 06:32 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 02:56 . 2015-05-18 05:42 909312 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-18 05:42 1250816 ----a-w- c:\windows\system32\DWrite.dll
2015-04-18 02:56 . 2015-05-18 05:43 342016 ----a-w- c:\windows\system32\certcli.dll
2015-04-13 03:19 . 2015-05-18 05:43 259072 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:14 . 2015-05-18 05:41 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:14 . 2015-05-18 05:41 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-04-08 03:14 . 2015-05-18 05:41 19968 ----a-w- c:\windows\system32\jnwmon.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-16 12:26 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 142656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 177472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 177984]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-17 5227648]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-08 495708]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Draha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Draha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
2012-09-13 13:24 1009288 ----a-w- c:\users\Draha\AppData\Roaming\Seznam.cz\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
2013-01-22 12:54 92152 ----a-w- c:\users\Draha\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-07-03 13:16 3673184 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
2009-11-18 18:06 518656 ----a-w- c:\program files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-08-14 11:28 138096 ----atw- c:\users\Jiříček\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
2009-12-12 01:57 11265536 ----a-w- c:\program files\Hewlett-Packard\File Sanitizer\coreshredder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2009-09-29 23:26 1685048 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPPowerAssistant]
2009-12-16 22:48 1690680 ----a-w- c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
2009-12-16 22:51 8192 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-25 16:57 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-09-17 11:55 663552 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-12-21 16:56 1090040 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2013-12-07 21:20 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-10-23 19:52 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
2010-01-05 03:35 254520 ----a-w- c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2012-09-13 13:24 1009288 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam.chromeUpdatePref]
2013-02-13 14:16 942080 ----a-w- c:\users\Draha\AppData\Roaming\Seznam.cz\bin\chromeUpdatePref.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 09:20 30877280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 11:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 MpKsl429bbab5;MpKsl429bbab5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB7384B1-3F74-4090-A12F-457514DA69DA}\MpKsl429bbab5.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-17 362040]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-05-23 102912]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-20 249888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-28 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 RapportHades;RapportHades;c:\windows\System32\Drivers\RapportHades.sys [2015-06-02 68280]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2015-06-02 218264]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-12-14 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-12-14 423784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-10 243128]
S1 RapportCerberus_1412112;RapportCerberus_1412112;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [2015-06-29 531416]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2015-06-02 280088]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2015-06-02 337176]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-11-16 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-16 70384]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-11-16 91496]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2015-06-02 244392]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-01-07 81920]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-12-10 251448]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-05 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-06-02 2222360]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2011-07-05 19:21 6337128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-29 08:07 990024 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 09:21]
.
2015-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-28 11:34]
.
2015-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-28 11:34]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(5996)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2015-07-03 17:22:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-07-03 15:22
ComboFix2.txt 2015-07-03 11:09
.
Před spuštěním: Volných bajtů: 232 562 094 080
Po spuštění: Volných bajtů: 232 518 057 984
.
- - End Of File - - D2A806A2E6A6776C3B99ABC4D7FE9A06
A36C5E4F47E84449FF07ED3517B43A31

[Reklama]

[jerabina]

Vypni trvale Windows Defender a udělej ten ComboFix ještě jednou a v nouzovém režimu, protože se skript neprovedl

[flowem]

Udělal jsem to v nouz. režimu a vypl jsem defender.

ComboFix 15-06-30.01 - Jiříček 03.07.2015 18:09:07.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2927.1376 [GMT 2:00]
Spuštěný z: c:\users\Ji°ÝŔek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ji°ÝŔek\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
/wow section - STAGE 33
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Přístup byl odepřen.
Přístup byl odepřen.
SED: can't read VList02: No such file or directory
SED: can't read VList02: No such file or directory
Systém nemůže spustit určený program.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jirícek\AppData\Roaming\64dlls.exe
c:\users\Jirícek\AppData\Roaming\intel64.exe
c:\users\Jirícek\AppData\Roaming\Kernel32.exe
c:\users\Jirícek\AppData\Roaming\localsys64.exe
c:\users\Jirícek\AppData\Roaming\ntos.exe
c:\users\Jirícek\AppData\Roaming\oembios.exe
c:\users\Jirícek\AppData\Roaming\sdra64.exe
c:\users\Jirícek\AppData\Roaming\sdra73.exe
c:\users\Jirícek\AppData\Roaming\swin32.exe
c:\users\Jirícek\AppData\Roaming\twex.exe
c:\users\Jirícek\AppData\Roaming\twext.exe
c:\users\Jirícek\AppData\Roaming\win32avs.exe
c:\users\Jirícek\AppData\Roaming\wsnpoema.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-03 do 2015-07-03 )))))))))))))))))))))))))))))))
.
.
2015-07-03 16:35 . 2015-07-03 16:38 -------- d-----w- c:\users\Jiříček\AppData\Local\temp
2015-07-03 16:35 . 2015-07-03 16:35 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-07-03 16:35 . 2015-07-03 16:35 -------- d-----w- c:\users\Draha\AppData\Local\temp
2015-07-03 16:35 . 2015-07-03 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-03 16:35 . 2015-07-03 16:35 -------- d-----w- c:\users\Banka2\AppData\Local\temp
2015-07-03 16:35 . 2015-07-03 16:35 -------- d-----w- c:\users\banka\AppData\Local\temp
2015-07-03 16:21 . 2015-07-03 16:21 -------- d-----w- c:\windows\system32\vbox
2015-07-03 15:37 . 2015-07-03 15:37 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-07-03 15:37 . 2015-07-03 15:37 43112 ----a-w- c:\windows\avastSS.scr
2015-07-03 10:59 . 2015-07-03 10:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80C80D04-3A1B-4CC1-B246-ABD2F2947C4C}\offreg.3576.dll
2015-07-03 08:22 . 2015-07-03 08:22 -------- d-----w- c:\program files\CrystalDiskInfo
2015-07-03 08:22 . 2015-06-12 07:54 9252600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80C80D04-3A1B-4CC1-B246-ABD2F2947C4C}\mpengine.dll
2015-07-02 21:09 . 2015-07-02 19:25 24064 ----a-w- c:\windows\zoek-delete.exe
2015-07-02 11:51 . 2015-07-02 19:09 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-02 11:51 . 2015-07-02 12:10 -------- d-----w- c:\programdata\RogueKiller
2015-06-16 16:28 . 2015-06-16 16:28 -------- d-----w- c:\users\Jiříček\AppData\Local\Skype
2015-06-14 14:53 . 2015-06-14 14:53 -------- d-----w- c:\users\Jiříček\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2015-06-14 14:48 . 2015-06-14 14:49 -------- d-----w- c:\program files\OCCTPT
2015-06-14 14:47 . 2015-06-14 14:57 -------- d-----w- c:\program files\CPUID
2015-06-13 15:03 . 2015-06-13 15:03 -------- d-----w- c:\users\Jiříček\AppData\Local\GWX
2015-06-12 08:43 . 2015-05-22 18:03 571392 ----a-w- c:\windows\system32\generaltel.dll
2015-06-12 08:43 . 2015-05-22 18:02 621568 ----a-w- c:\windows\system32\invagent.dll
2015-06-12 08:43 . 2015-05-22 18:02 879104 ----a-w- c:\windows\system32\appraiser.dll
2015-06-12 08:43 . 2015-05-22 17:58 901120 ----a-w- c:\windows\system32\aeinv.dll
2015-06-12 08:43 . 2015-05-21 13:20 163840 ----a-w- c:\windows\system32\aepic.dll
2015-06-12 08:43 . 2015-05-22 18:02 333824 ----a-w- c:\windows\system32\devinv.dll
2015-06-12 08:43 . 2015-05-22 18:02 37888 ----a-w- c:\windows\system32\acmigration.dll
2015-06-12 08:43 . 2015-05-22 18:02 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-06-12 08:43 . 2015-05-25 17:00 2384384 ----a-w- c:\windows\system32\win32k.sys
2015-06-12 08:43 . 2015-04-11 03:07 54656 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-12 08:41 . 2015-05-25 18:01 43008 ----a-w- c:\windows\system32\srclient.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-03 15:37 . 2014-11-16 12:27 428120 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-07-03 15:37 . 2014-11-16 12:27 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-03 15:37 . 2014-11-16 12:27 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-03 15:37 . 2014-11-16 12:27 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-03 15:37 . 2014-11-16 12:27 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-03 15:37 . 2014-11-16 12:27 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-03 15:37 . 2014-11-16 12:27 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-03 15:37 . 2014-11-16 12:27 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-02 11:18 . 2014-11-16 11:33 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-29 09:21 . 2013-01-06 15:39 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-06-29 09:21 . 2013-01-06 15:39 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-18 06:41 . 2014-11-16 11:32 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-11-16 11:32 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-11-16 11:32 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-02 16:41 . 2015-06-02 16:41 68280 ----a-w- c:\windows\system32\drivers\RapportHades.sys
2015-06-02 16:41 . 2015-06-02 16:41 218264 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2015-05-25 18:01 . 2015-06-12 08:42 248832 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-12 08:42 92160 ----a-w- c:\windows\system32\sechost.dll
2015-05-01 13:16 . 2015-05-18 06:32 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 02:56 . 2015-05-18 05:42 909312 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-18 05:42 1250816 ----a-w- c:\windows\system32\DWrite.dll
2015-04-18 02:56 . 2015-05-18 05:43 342016 ----a-w- c:\windows\system32\certcli.dll
2015-04-13 03:19 . 2015-05-18 05:43 259072 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:14 . 2015-05-18 05:41 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:14 . 2015-05-18 05:41 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-04-08 03:14 . 2015-05-18 05:41 19968 ----a-w- c:\windows\system32\jnwmon.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-03 15:37 645144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 142656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 177472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 177984]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-03 5515496]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-08 495708]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Draha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Draha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
2012-09-13 13:24 1009288 ----a-w- c:\users\Draha\AppData\Roaming\Seznam.cz\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
2013-01-22 12:54 92152 ----a-w- c:\users\Draha\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-07-03 13:16 3673184 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
2009-11-18 18:06 518656 ----a-w- c:\program files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-08-14 11:28 138096 ----atw- c:\users\Jiříček\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
2009-12-12 01:57 11265536 ----a-w- c:\program files\Hewlett-Packard\File Sanitizer\coreshredder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2009-09-29 23:26 1685048 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPPowerAssistant]
2009-12-16 22:48 1690680 ----a-w- c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
2009-12-16 22:51 8192 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-25 16:57 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-09-17 11:55 663552 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-12-21 16:56 1090040 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2013-12-07 21:20 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-10-23 19:52 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
2010-01-05 03:35 254520 ----a-w- c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2012-09-13 13:24 1009288 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam.chromeUpdatePref]
2013-02-13 14:16 942080 ----a-w- c:\users\Draha\AppData\Roaming\Seznam.cz\bin\chromeUpdatePref.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 09:20 30877280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 11:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 MpKsl429bbab5;MpKsl429bbab5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB7384B1-3F74-4090-A12F-457514DA69DA}\MpKsl429bbab5.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-17 362040]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-05-23 102912]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-20 249888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-28 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 RapportHades;RapportHades;c:\windows\System32\Drivers\RapportHades.sys [2015-06-02 68280]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2015-06-02 218264]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-07-03 787760]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-07-03 428120]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-10 243128]
S1 RapportCerberus_1412112;RapportCerberus_1412112;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [2015-06-29 531416]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2015-06-02 280088]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2015-06-02 337176]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-07-03 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-07-03 74976]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-07-03 106912]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2015-06-02 244392]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-01-07 81920]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-12-10 251448]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-05 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-06-02 2222360]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-07-03 220752]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-07-03 3207800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2011-07-05 19:21 6337128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-29 08:07 990024 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 09:21]
.
2015-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-28 11:34]
.
2015-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-28 11:34]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(4456)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2015-07-03 18:42:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-07-03 16:42
ComboFix2.txt 2015-07-03 15:22
ComboFix3.txt 2015-07-03 11:09
.
Před spuštěním: Volných bajtů: 232 276 668 416
Po spuštění: Volných bajtů: 228 952 997 888
.
- - End Of File - - F6C977A0ABC4967D6DC85E4365AA6998
A36C5E4F47E84449FF07ED3517B43A31

[jerabina]

Zajímavé, něco brání fungování ComboFixu ..

Stáhni si Malwarebytes Anti-Rootkit

Soubor po stažení Spusť a extrahuj na Plochu
Spusť a proveď aktualizaci dle pokynů
Zkontroluj jestli jsou zaškrtnuté všechny 3 možnosti
Klikni na Scan a pokud budou nálezy, všechny označ a klikni na Cleanup, poté nech počítač restartovat
Potom prosím dej log, najdeš ho na Ploše ve složce mbar

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu, klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Stáhni si RKill na plochu
Zavři všechny ostatní aplikace
Spusťte program jako Správce
Na ploše je log Rkill.txt, jeho obsah mi sem prosím vložte
Od teď až po ukončení aplikace ComboFixu(další krok) nevypínejte počítač! RKill by ztratil smysl!

Poté proveď ComboFix znovu v nouzovém režimu.

[flowem]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17843

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 3069632512, free: 1882693632

Downloaded database version: v2015.07.03.05
Downloaded database version: v2015.07.03.01
Downloaded database version: v2015.07.01.02
=======================================
Initializing...
------------ Kernel report ------------
07/03/2015 19:33:14
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\System32\Drivers\SbAlg.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\SbFsLock.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SafeBoot.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKELL.sys
\SystemRoot\System32\Drivers\RapportHades.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\mfetdik.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\RsvLock.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\ArcSoftVCapture.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_SbHiber.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.07.03.05
rootkit: v2015.07.03.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87f913e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87f910c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87f92020, DeviceName: Unknown, DriverName: \Driver\SafeBoot\
DevicePointer: 0xffffffff87f913e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87f91b00, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffffff874da660, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87505028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SafeBoot\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\SafeBoot.sys (0x00000020)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 58054A99

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 614400
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 616448 Numsec = 588873728

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 589490176 Numsec = 31457280

Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 620947456 Numsec = 4192256

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

[flowem]

program aswMBR vždycky přestane pracovat.. Zkoušel jsem to 2x i v nouz. režimu

[jerabina]

Tak pokračuj RKillem a ComboFixem.

[flowem]

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/03/2015 09:11:44 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 07/03/2015 09:14:17 PM
Execution time: 0 hours(s), 2 minute(s), and 33 seconds(s)

[jerabina]

Tak co ten ComboFix po použití RKillu?

PS: pouštíš ho jako správce přes pravé kliknutí?

[flowem]

Tak snad už..

ComboFix 15-06-30.01 - Jiříček 04.07.2015 9:48.4.4 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2927.2253 [GMT 2:00]
Spuštěný z: c:\users\Jiříček\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jiříček\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\users\Jirícek\AppData\Roaming\64dlls.exe
c:\users\Jirícek\AppData\Roaming\intel64.exe
c:\users\Jirícek\AppData\Roaming\Kernel32.exe
c:\users\Jirícek\AppData\Roaming\localsys64.exe
c:\users\Jirícek\AppData\Roaming\ntos.exe
c:\users\Jirícek\AppData\Roaming\oembios.exe
c:\users\Jirícek\AppData\Roaming\sdra64.exe
c:\users\Jirícek\AppData\Roaming\sdra73.exe
c:\users\Jirícek\AppData\Roaming\swin32.exe
c:\users\Jirícek\AppData\Roaming\twex.exe
c:\users\Jirícek\AppData\Roaming\twext.exe
c:\users\Jirícek\AppData\Roaming\win32avs.exe
c:\users\Jirícek\AppData\Roaming\wsnpoema.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-04 do 2015-07-04 )))))))))))))))))))))))))))))))
.
.
2015-07-04 07:57 . 2015-07-04 07:59 -------- d-----w- c:\users\Jiříček\AppData\Local\temp
2015-07-04 07:57 . 2015-07-04 07:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-07-04 07:57 . 2015-07-04 07:57 -------- d-----w- c:\users\Draha\AppData\Local\temp
2015-07-04 07:57 . 2015-07-04 07:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-04 07:57 . 2015-07-04 07:57 -------- d-----w- c:\users\Banka2\AppData\Local\temp
2015-07-04 07:57 . 2015-07-04 07:57 -------- d-----w- c:\users\banka\AppData\Local\temp
2015-07-03 18:12 . 2015-07-03 18:41 -------- d-----w- c:\users\Jiříček\AppData\Local\CrashDumps
2015-07-03 17:33 . 2015-07-03 18:08 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-07-03 16:21 . 2015-07-03 16:21 -------- d-----w- c:\windows\system32\vbox
2015-07-03 15:37 . 2015-07-03 15:37 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-07-03 15:37 . 2015-07-03 15:37 43112 ----a-w- c:\windows\avastSS.scr
2015-07-03 08:22 . 2015-07-03 08:22 -------- d-----w- c:\program files\CrystalDiskInfo
2015-07-02 21:09 . 2015-07-02 19:25 24064 ----a-w- c:\windows\zoek-delete.exe
2015-07-02 11:51 . 2015-07-02 19:09 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-02 11:51 . 2015-07-02 12:10 -------- d-----w- c:\programdata\RogueKiller
2015-06-16 16:28 . 2015-06-16 16:28 -------- d-----w- c:\users\Jiříček\AppData\Local\Skype
2015-06-14 14:53 . 2015-06-14 14:53 -------- d-----w- c:\users\Jiříček\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2015-06-14 14:48 . 2015-06-14 14:49 -------- d-----w- c:\program files\OCCTPT
2015-06-14 14:47 . 2015-06-14 14:57 -------- d-----w- c:\program files\CPUID
2015-06-13 15:03 . 2015-06-13 15:03 -------- d-----w- c:\users\Jiříček\AppData\Local\GWX
2015-06-12 08:43 . 2015-05-22 18:03 571392 ----a-w- c:\windows\system32\generaltel.dll
2015-06-12 08:43 . 2015-05-22 18:02 621568 ----a-w- c:\windows\system32\invagent.dll
2015-06-12 08:43 . 2015-05-22 18:02 879104 ----a-w- c:\windows\system32\appraiser.dll
2015-06-12 08:43 . 2015-05-22 17:58 901120 ----a-w- c:\windows\system32\aeinv.dll
2015-06-12 08:43 . 2015-05-21 13:20 163840 ----a-w- c:\windows\system32\aepic.dll
2015-06-12 08:43 . 2015-05-22 18:02 333824 ----a-w- c:\windows\system32\devinv.dll
2015-06-12 08:43 . 2015-05-22 18:02 37888 ----a-w- c:\windows\system32\acmigration.dll
2015-06-12 08:43 . 2015-05-22 18:02 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-06-12 08:43 . 2015-05-25 17:00 2384384 ----a-w- c:\windows\system32\win32k.sys
2015-06-12 08:43 . 2015-04-11 03:07 54656 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-12 08:41 . 2015-05-25 18:01 43008 ----a-w- c:\windows\system32\srclient.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-03 17:33 . 2014-11-16 11:33 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-03 17:32 . 2014-11-16 11:32 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-03 15:37 . 2014-11-16 12:27 428120 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-07-03 15:37 . 2014-11-16 12:27 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-03 15:37 . 2014-11-16 12:27 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-03 15:37 . 2014-11-16 12:27 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-03 15:37 . 2014-11-16 12:27 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-03 15:37 . 2014-11-16 12:27 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-03 15:37 . 2014-11-16 12:27 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-03 15:37 . 2014-11-16 12:27 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-03 10:59 . 2015-07-03 10:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80C80D04-3A1B-4CC1-B246-ABD2F2947C4C}\offreg.3576.dll
2015-06-29 09:21 . 2013-01-06 15:39 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-06-29 09:21 . 2013-01-06 15:39 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-18 06:41 . 2014-11-16 11:32 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-11-16 11:32 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-12 07:54 . 2015-07-03 08:22 9252600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80C80D04-3A1B-4CC1-B246-ABD2F2947C4C}\mpengine.dll
2015-06-02 16:41 . 2015-06-02 16:41 68280 ----a-w- c:\windows\system32\drivers\RapportHades.sys
2015-06-02 16:41 . 2015-06-02 16:41 218264 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2015-05-25 18:01 . 2015-06-12 08:42 248832 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-12 08:42 92160 ----a-w- c:\windows\system32\sechost.dll
2015-05-01 13:16 . 2015-05-18 06:32 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 02:56 . 2015-05-18 05:42 909312 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-18 05:42 1250816 ----a-w- c:\windows\system32\DWrite.dll
2015-04-18 02:56 . 2015-05-18 05:43 342016 ----a-w- c:\windows\system32\certcli.dll
2015-04-13 03:19 . 2015-05-18 05:43 259072 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:14 . 2015-05-18 05:41 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:14 . 2015-05-18 05:41 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-04-08 03:14 . 2015-05-18 05:41 19968 ----a-w- c:\windows\system32\jnwmon.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-03 15:37 645144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 142656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 177472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 177984]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-03 5515496]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-08 495708]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Draha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Draha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
2013-01-22 12:54 92152 ----a-w- c:\users\Draha\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
2009-11-18 18:06 518656 ----a-w- c:\program files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
2009-12-12 01:57 11265536 ----a-w- c:\program files\Hewlett-Packard\File Sanitizer\coreshredder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2009-09-29 23:26 1685048 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPPowerAssistant]
2009-12-16 22:48 1690680 ----a-w- c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
2009-12-16 22:51 8192 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-25 16:57 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-09-17 11:55 663552 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-12-21 16:56 1090040 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2013-12-07 21:20 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-10-23 19:52 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
2010-01-05 03:35 254520 ----a-w- c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 09:20 30877280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R1 MpKsl429bbab5;MpKsl429bbab5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB7384B1-3F74-4090-A12F-457514DA69DA}\MpKsl429bbab5.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R3 aswVmm;avast! VM Monitor;c:\users\JIEK~1\AppData\Local\Temp\aswVmm.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-17 362040]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-05-23 102912]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-20 249888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-28 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert; [x]
S0 RapportHades;RapportHades;c:\windows\System32\Drivers\RapportHades.sys [2015-06-02 68280]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2015-06-02 218264]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-07-03 787760]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-07-03 428120]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-10 243128]
S1 RapportCerberus_1412112;RapportCerberus_1412112;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [2015-06-29 531416]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2015-06-02 280088]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2015-06-02 337176]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-07-03 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-07-03 74976]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-07-03 106912]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2015-06-02 244392]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-01-07 81920]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-12-10 251448]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-05 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-06-02 2222360]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-07-03 220752]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-07-03 3207800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2011-07-05 19:21 6337128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-29 08:07 990024 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 09:21]
.
2015-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-28 11:34]
.
2015-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-28 11:34]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(5564)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2015-07-04 10:06:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-07-04 08:06
ComboFix2.txt 2015-07-03 16:42
ComboFix3.txt 2015-07-03 15:22
ComboFix4.txt 2015-07-03 11:09
.
Před spuštěním: Volných bajtů: 228 429 402 112
Po spuštění: Volných bajtů: 228 279 095 296
.
- - End Of File - - 4D03196A4CAF2B9BB508967CB01D59FF
A36C5E4F47E84449FF07ED3517B43A31

[jerabina]

Už to zafungovalo, každopádně je tam pořád hromada havěti.

Stáhni si prosím Powelikscleaner (ESET)

a ulož jej na plochu. Poklepáním spusť nástroj. Přečti si podmínky licenční smlouvy s koncovým uživatelem a klepni na tlačítko „Agree“(Souhlasím)
- Nástroj se spustí automaticky. Když cleaner najde infekci Poweliks, stiskni klávesu „Y“ na klávesnici k jejímu odstranění.
- Zobrazí se , že detekovaná hrozba "Win32 / Poweliks byla úspěšně odstraněna ze systému".
("Win32/Poweliks was successfully removed from your system")

Stisknutím libovolné klávesy ukončete nástroj a restartujte počítač.
- Nástroj vytvoří protokol ve stejném adresáři z kterého byl nástroj spuštěn.
- Zprávu zkopíruj a vlož sem.

====================================================

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Pokud se log nevejde do jedné zprávy, rozděl jej na více částí.

====================================================

Stáhni Kaspersky VRT
na svojí plochu.
Spusť program Kaspersky VRT, .Program se nainstaluje.
Potvrď licenci a klikni na „Start“ . Pokud program nabídne aktualizaci , klikni dole na na „Download Now“.
- Klikni na ozubené kolečko v pravém horním rohu. V okně vyber kromě již zatržených, svojí jednotku disku , pokud jich máš víc, můžeš zatrhnout všechny.
- zvol „Automatic Scan“ nahoře vlevo. a stiskni tlačítko „Start Scanning“
- Program začne skenovat zatržené jednotky

Zaškrtnuté :
Hidden startup objects
System Memory
Disk boot sectors
Počítač
Místní disk C

Nezašrkrtnuté:
Dokumenty
My email
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Disketová jednotka
A jiné , např. Flash disky , které máš připojeny.

- povol programu Virus Removal Tool odstranit všechny nalezené infekce
- jakmile sken skončí ,zvol záložku „Report“ , vpravo nahoře (vedle ozubeného kolečka)
- klikni na „Detected Threads“ a klikni na obrázek diskety („Save“)
- ulož do počítače zprávu a vložit ji sem do příspěvku

[flowem]

Snad je to ono

[2015.07.04 13:27:39.162] - Begin
[2015.07.04 13:27:39.164] -
[2015.07.04 13:27:39.165] - ....................................
[2015.07.04 13:27:39.166] - ..::::::::::::::::::....................
[2015.07.04 13:27:39.168] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Poweliks
[2015.07.04 13:27:39.170] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.0.0.5
[2015.07.04 13:27:39.174] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Jun 30 2015
[2015.07.04 13:27:39.178] - .::EE:::::::::::::SS:.EE..........TT......
[2015.07.04 13:27:39.182] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright (c) ESET, spol. s r.o.
[2015.07.04 13:27:39.182] - ..::::::::::::::::::.................... 1992-2015. All rights reserved.
[2015.07.04 13:27:39.183] - ....................................
[2015.07.04 13:27:39.184] -
[2015.07.04 13:27:39.184] - --------------------------------------------------------------------------------
[2015.07.04 13:27:39.185] -
[2015.07.04 13:27:39.187] - INFO: OS: 6.1.7601 SP1
[2015.07.04 13:27:39.188] - INFO: Product Type: Workstation
[2015.07.04 13:27:39.189] - INFO: WoW64: False
[2015.07.04 13:27:39.190] - INFO: Machine guid: FD6FBBBD-8955-47A3-907B-42B047281F3A
[2015.07.04 13:27:39.191] -
[2015.07.04 13:27:39.195] - INFO: Scanning for system infection...
[2015.07.04 13:27:39.195] - --------------------------------------------------------------------------------
[2015.07.04 13:27:39.196] -
[2015.07.04 13:27:39.196] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2015.07.04 13:27:39.196] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2015.07.04 13:27:39.197] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2015.07.04 13:27:39.198] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2015.07.04 13:27:39.198] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2015.07.04 13:27:39.199] - INFO: SPTE201 - 0x00000000
[2015.07.04 13:27:39.200] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2015.07.04 13:27:39.200] - INFO: Processing classes...
[2015.07.04 13:27:39.200] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}]
[2015.07.04 13:27:39.200] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}]
[2015.07.04 13:27:39.200] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[2015.07.04 13:27:39.200] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}]
[2015.07.04 13:27:39.200] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBB}]
[2015.07.04 13:27:39.200] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC}]
[2015.07.04 13:27:39.200] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
[2015.07.04 13:27:39.200] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[2015.07.04 13:27:39.201] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}]
[2015.07.04 13:27:39.201] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}]
[2015.07.04 13:27:39.201] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}]
[2015.07.04 13:27:39.201] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[2015.07.04 13:27:39.201] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}]
[2015.07.04 13:27:39.202] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBB}]
[2015.07.04 13:27:39.202] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC}]
[2015.07.04 13:27:39.202] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
[2015.07.04 13:27:39.202] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[2015.07.04 13:27:39.202] - INFO: Processing clsid [\Registry\User\S-1-5-21-2773443163-1413056139-2955013918-1006\SOFTWARE\Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}]
[2015.07.04 13:27:39.202] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.07.04 13:27:39.202] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.07.04 13:27:39.202] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.07.04 13:27:39.202] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.07.04 13:27:39.202] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.07.04 13:27:39.202] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.07.04 13:27:39.202] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.07.04 13:27:39.202] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.07.04 13:27:39.203] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.07.04 13:27:39.203] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2015.07.04 13:27:39.203] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2015.07.04 13:27:39.203] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2015.07.04 13:27:39.203] - INFO: (XSW) Scanning for XSW variant...
[2015.07.04 13:27:39.211] - INFO: (XSW) Processing users subkeys...
[2015.07.04 13:27:39.215] - INFO: Win32/Poweliks not found
[2015.07.04 13:29:00.515] - End