Prosím o kontrolu - Kosmetický problém Win7 Vyřešeno

[Honza97]

Omlouvám se a zde tedy ještě jednou posílám ComboFix

ComboFix 16-03-14.01 - Honza 14.03.2016 19:10:27.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2821 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-14 do 2016-03-14 )))))))))))))))))))))))))))))))
.
.
2016-03-14 18:14 . 2016-03-14 18:14 -------- d-----w- c:\users\Zdeněk\AppData\Local\temp
2016-03-14 18:14 . 2016-03-14 18:14 -------- d-----w- c:\users\Ivana\AppData\Local\temp
2016-03-14 18:14 . 2016-03-14 18:14 -------- d-----w- c:\users\Honza\AppData\Local\temp
2016-03-14 18:14 . 2016-03-14 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-11 21:46 . 2016-03-11 21:46 -------- d-----w- c:\users\Ivana\AppData\Local\Adobe
2016-03-11 18:31 . 2016-03-11 18:31 -------- d-----w- c:\users\Zdeněk\AppData\Local\CrashDumps
2016-03-11 16:52 . 2016-03-11 16:52 -------- d-----w- c:\users\Zdeněk\AppData\Local\Adobe
2016-03-11 16:06 . 2016-03-11 16:06 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-11 16:05 . 2016-03-11 20:27 -------- d-----w- c:\programdata\RogueKiller
2016-03-11 14:50 . 2016-03-12 21:24 -------- d-----w- c:\users\Honza\AppData\Local\Adobe
2016-03-10 20:13 . 2016-03-10 20:13 -------- d-----w- c:\programdata\Malwarebytes
2016-03-10 19:40 . 2016-03-08 10:07 213952 ----a-w- c:\windows\system32\OpenCL.dll
2016-03-10 19:40 . 2016-03-08 10:07 201664 ----a-w- c:\windows\SysWow64\OpenCL.dll
2016-03-10 17:20 . 2016-03-10 17:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-03-10 17:20 . 2016-03-10 17:20 -------- d-----w- c:\users\Honza\.oracle_jre_usage
2016-03-10 17:20 . 2016-03-10 17:20 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-03-10 17:20 . 2015-09-21 18:10 108008 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-03-10 17:19 . 2016-03-10 17:19 -------- d-----w- c:\program files (x86)\Java
2016-03-09 14:47 . 2016-02-03 18:58 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-03-09 14:46 . 2016-02-05 01:19 381440 ----a-w- c:\windows\system32\mfds.dll
2016-03-09 14:45 . 2015-11-19 14:07 994760 ----a-w- c:\windows\system32\ucrtbase.dll
2016-03-09 14:44 . 2016-02-19 14:07 1373184 ----a-w- c:\windows\system32\appraiser.dll
2016-03-09 14:44 . 2016-02-19 19:02 38336 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-03-09 14:44 . 2016-02-19 18:54 1168896 ----a-w- c:\windows\system32\aeinv.dll
2016-03-09 14:44 . 2016-02-11 14:07 689152 ----a-w- c:\windows\system32\generaltel.dll
2016-03-09 14:44 . 2016-02-05 14:07 696832 ----a-w- c:\windows\system32\invagent.dll
2016-03-09 14:44 . 2016-02-05 14:07 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-09 14:44 . 2016-02-05 14:07 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-09 14:44 . 2016-01-08 19:20 1683904 ----a-w- c:\windows\system32\drivers\ntfs.sys
2016-03-06 08:07 . 2016-03-06 08:07 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Acapela Group
2016-03-05 22:39 . 2016-03-05 22:39 -------- d-----w- c:\users\Honza\AppData\Roaming\Acapela Group
2016-02-26 18:30 . 2016-02-26 18:30 -------- d-----w- c:\windows\system32\GWX
2016-02-21 20:41 . 2016-02-21 20:41 -------- d-----w- c:\users\Ivana\Tracing
2016-02-21 08:20 . 2016-02-21 08:22 -------- d-----w- c:\program files (x86)\WinSCP
2016-02-20 09:57 . 2016-02-20 09:57 -------- d-----w- c:\users\Honza\AppData\Roaming\theHunter
2016-02-20 09:57 . 2016-02-20 09:57 -------- d-----w- c:\users\Honza\AppData\Local\theHunter
2016-02-20 09:53 . 2016-02-20 09:53 -------- d-----w- c:\programdata\Hunter
2016-02-18 13:06 . 2016-02-18 13:06 3074296 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1029\MSOINTL.DLL
2016-02-17 13:37 . 2016-02-17 13:37 26904832 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2016-02-17 13:31 . 2016-02-17 13:31 663792 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2016-02-17 13:31 . 2016-02-17 13:31 37502720 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2016-02-17 12:42 . 2016-02-17 12:42 -------- d-----w- c:\users\Honza\AppData\Roaming\KeePass
2016-02-14 08:39 . 2016-02-14 08:39 -------- d-----w- c:\users\Ivana\AppData\Local\Opera Software
2016-02-14 08:39 . 2016-02-14 08:39 -------- d-----w- c:\users\Ivana\AppData\Roaming\Opera Software
2016-02-14 01:47 . 2016-02-14 01:47 125720 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-3-0.dll
2016-02-14 01:46 . 2016-02-14 01:46 126232 ----a-w- c:\windows\system32\vulkan-1-1-0-3-0.dll
2016-02-14 01:45 . 2016-02-14 01:45 42264 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
2016-02-14 01:45 . 2016-02-14 01:45 45848 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-3-0.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-11 17:48 . 2015-09-22 16:42 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-11 17:48 . 2015-09-22 16:42 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-09 14:49 . 2015-09-20 09:46 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-02-10 18:54 . 2016-03-09 14:47 344064 ----a-w- c:\windows\system32\schannel.dll
2016-02-10 18:54 . 2016-03-09 14:47 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-02-10 18:28 . 2016-03-09 14:47 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-02-10 18:28 . 2016-03-09 14:47 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-02-10 18:24 . 2016-03-09 14:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-01-22 06:28 . 2016-02-10 13:48 14186496 ----a-w- c:\windows\system32\shell32.dll
2016-01-22 06:28 . 2016-02-10 13:48 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-01-22 06:28 . 2016-02-10 13:48 1942016 ----a-w- c:\windows\system32\authui.dll
2016-01-22 06:18 . 2016-02-10 13:48 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-01-22 06:18 . 2016-02-10 13:48 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-01-22 06:17 . 2016-02-10 13:48 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-01-22 06:07 . 2016-02-10 13:48 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-01-22 06:07 . 2016-02-10 13:48 1806848 ----a-w- c:\windows\SysWow64\authui.dll
2016-01-22 06:04 . 2016-02-10 13:48 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-01-22 06:04 . 2016-02-10 13:48 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-01-22 06:02 . 2016-02-10 13:48 114176 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-01-22 06:02 . 2016-02-10 13:48 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-01-22 05:19 . 2016-02-10 13:48 3231232 ----a-w- c:\windows\explorer.exe
2016-01-22 05:12 . 2016-02-10 13:48 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-01-16 19:01 . 2016-02-10 13:49 2085888 ----a-w- c:\windows\system32\ole32.dll
2016-01-16 18:36 . 2016-02-10 13:49 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2016-01-07 19:12 . 2016-02-10 13:50 263680 ----a-w- c:\windows\system32\WebClnt.dll
2016-01-07 19:05 . 2016-02-10 13:50 108544 ----a-w- c:\windows\system32\davclnt.dll
2016-01-07 18:59 . 2016-02-10 13:50 208896 ----a-w- c:\windows\SysWow64\WebClnt.dll
2016-01-07 18:50 . 2016-02-10 13:50 87040 ----a-w- c:\windows\SysWow64\davclnt.dll
2016-01-07 17:49 . 2016-02-10 13:50 142336 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-01-06 19:02 . 2016-02-10 13:51 24576 ----a-w- c:\windows\system32\jnwmon.dll
2016-01-06 19:02 . 2016-02-10 13:51 275456 ----a-w- c:\windows\system32\InkEd.dll
2016-01-06 18:41 . 2016-02-10 13:51 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-12-20 18:50 . 2016-02-10 13:50 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-12-20 18:50 . 2016-02-10 13:50 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-12-20 14:08 . 2016-02-10 13:50 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-12-16 18:55 . 2016-02-10 15:17 69120 ----a-w- c:\windows\system32\nlsbres.dll
2015-12-16 18:53 . 2016-02-10 15:17 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2015-12-16 18:53 . 2016-02-10 15:17 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2015-12-16 18:53 . 2016-02-10 15:17 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2015-12-16 18:48 . 2016-02-10 15:17 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2015-12-16 18:48 . 2016-02-10 15:17 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2015-12-16 18:47 . 2016-02-10 15:17 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\users\Honza\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
.
c:\users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MEGAsync.lnk - c:\programdata\MEGAsync\MEGAsync.exe [2015-9-3 4701928]
Seznam Pošťák.lnk - c:\users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe [2015-9-20 47816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FileZillaServer;FileZillaServer;d:\programy\xampp\filezillaftp\filezillaserver.exe;d:\programy\xampp\filezillaftp\filezillaserver.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 KbFilter_Kb_FlexDef3x;HID Keyboard(FlexDef3x) Driver Service;c:\windows\system32\DRIVERS\KbFilter_FlexDef3x.sys;c:\windows\SYSNATIVE\DRIVERS\KbFilter_FlexDef3x.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 Apache2.4;Apache2.4;d:\programy\xampp\apache\bin\httpd.exe;d:\programy\xampp\apache\bin\httpd.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2016-03-12 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe [2016-03-11 17:48]
.
2016-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22 17:48]
.
2016-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640519043-2333854476-3255271765-1001Core.job
- c:\users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-06 16:24]
.
2016-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640519043-2333854476-3255271765-1001UA.job
- c:\users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-06 16:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-07-08 5595848]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-09-19 557768]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do Microsoft Excelu - d:\programy\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.96.161.2 212.96.161.6
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-03-14 19:16:40
ComboFix-quarantined-files.txt 2016-03-14 18:16
.
Před spuštěním: Volných bajtů: 44 351 418 368
Po spuštění: Volných bajtů: 44 328 902 656
.
- - End Of File - - 7391A0EDC4B348BD600244B86441076F
A36C5E4F47E84449FF07ED3517B43A31

---

Chtěl bych se ještě zeptat, po odinstalování ComboFixu mám na disku složku Boot, která má v sobě kromě složek s jazyky i soubor memtest.exe. Pokud dobře tuším, není to žádná složka, ze které Windows bootuje, ale mohu ji teda smazat? Nebo spíše, co je to za složku?

[Reklama]

[jerabina]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::

Folder::
c:\programdata\RogueKiller
c:\program files (x86)\Skype\Updater
c:\users\Honza\AppData\Local\Google\Update

File::
c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640519043-2333854476-3255271765-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640519043-2333854476-3255271765-1001UA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-

Driver::
SkypeUpdate

DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu, klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Honza97]

Combofix

ComboFix 16-03-14.01 - Honza 15.03.2016 17:15:27.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.1546 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Honza\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640519043-2333854476-3255271765-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640519043-2333854476-3255271765-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\RogueKiller
c:\programdata\RogueKiller\config.ini
c:\programdata\RogueKiller\Logs\RKreport_DEL_03112016_212702.json
c:\programdata\RogueKiller\Logs\RKreport_SCN_03112016_210130.json
c:\programdata\RogueKiller\vt.cache
c:\users\Honza\AppData\Local\Google\Update
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\GoogleCrashHandler.exe
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\GoogleUpdate.exe
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateBroker.exe
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateComRegisterShell64.exe
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateHelper.msi
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateSetup.exe
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateWebPlugin.exe
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdate.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_am.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_ar.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_bg.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_bn.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_ca.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_cs.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_da.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_de.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_el.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_en-GB.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_en.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_es-419.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_es.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_et.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_fa.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_fi.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_fil.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_fr.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_gu.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_hi.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_hr.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_hu.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_id.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_is.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_it.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_iw.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_ja.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_kn.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_ko.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_lt.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_lv.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_ml.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_mr.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_ms.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_nl.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_no.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_pl.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_pt-BR.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_pt-PT.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_ro.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_ru.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_sk.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_sl.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_sr.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_sv.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_sw.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_ta.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_te.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_th.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_tr.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_uk.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_ur.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_vi.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_zh-CN.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\goopdateres_zh-TW.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\psmachine.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\psmachine_64.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\psuser.dll
c:\users\Honza\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll
c:\users\Honza\AppData\Local\Google\Update\Download\{D0AB2EBC-931B-4013-9FEB-C9C4C2225C8C}\5.41.3.0\googletalkpluginaccel.msi
c:\users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-15 do 2016-03-15 )))))))))))))))))))))))))))))))
.
.
2016-03-15 16:20 . 2016-03-15 16:23 -------- d-----w- c:\users\Honza\AppData\Local\temp
2016-03-15 16:20 . 2016-03-15 16:20 -------- d-----w- c:\users\Zdeněk\AppData\Local\temp
2016-03-15 16:20 . 2016-03-15 16:20 -------- d-----w- c:\users\Ivana\AppData\Local\temp
2016-03-15 16:20 . 2016-03-15 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-15 16:11 . 2016-03-02 14:59 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F52347A3-9617-47E3-86F1-A57C95EE0997}\mpengine.dll
2016-03-12 21:24 . 2016-03-12 21:24 -------- d-----w- c:\users\Honza\AppData\Roaming\NVIDIA
2016-03-12 12:58 . 2016-03-12 12:58 -------- d-----w- c:\users\Honza\AppData\Local\CrashDumps
2016-03-11 21:46 . 2016-03-11 21:46 -------- d-----w- c:\users\Ivana\AppData\Local\Adobe
2016-03-11 18:31 . 2016-03-11 18:31 -------- d-----w- c:\users\Zdeněk\AppData\Local\CrashDumps
2016-03-11 16:52 . 2016-03-11 16:52 -------- d-----w- c:\users\Zdeněk\AppData\Local\Adobe
2016-03-11 16:06 . 2016-03-11 16:06 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-11 14:50 . 2016-03-12 21:24 -------- d-----w- c:\users\Honza\AppData\Local\Adobe
2016-03-10 20:13 . 2016-03-10 20:13 -------- d-----w- c:\programdata\Malwarebytes
2016-03-10 19:40 . 2016-03-08 10:07 213952 ----a-w- c:\windows\system32\OpenCL.dll
2016-03-10 19:40 . 2016-03-08 10:07 201664 ----a-w- c:\windows\SysWow64\OpenCL.dll
2016-03-10 17:20 . 2016-03-10 17:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-03-10 17:20 . 2016-03-10 17:20 -------- d-----w- c:\users\Honza\.oracle_jre_usage
2016-03-10 17:20 . 2016-03-10 17:20 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-03-10 17:20 . 2015-09-21 18:10 108008 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-03-10 17:19 . 2016-03-10 17:19 -------- d-----w- c:\program files (x86)\Java
2016-03-09 14:47 . 2016-02-03 18:58 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-03-09 14:46 . 2016-02-05 01:19 381440 ----a-w- c:\windows\system32\mfds.dll
2016-03-09 14:45 . 2015-11-19 14:07 994760 ----a-w- c:\windows\system32\ucrtbase.dll
2016-03-09 14:44 . 2016-02-19 14:07 1373184 ----a-w- c:\windows\system32\appraiser.dll
2016-03-09 14:44 . 2016-02-19 19:02 38336 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-03-09 14:44 . 2016-02-19 18:54 1168896 ----a-w- c:\windows\system32\aeinv.dll
2016-03-09 14:44 . 2016-02-11 14:07 689152 ----a-w- c:\windows\system32\generaltel.dll
2016-03-09 14:44 . 2016-02-05 14:07 696832 ----a-w- c:\windows\system32\invagent.dll
2016-03-09 14:44 . 2016-02-05 14:07 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-09 14:44 . 2016-02-05 14:07 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-09 14:44 . 2016-01-08 19:20 1683904 ----a-w- c:\windows\system32\drivers\ntfs.sys
2016-03-06 08:07 . 2016-03-06 08:07 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Acapela Group
2016-03-05 22:39 . 2016-03-05 22:39 -------- d-----w- c:\users\Honza\AppData\Roaming\Acapela Group
2016-02-26 18:30 . 2016-02-26 18:30 -------- d-----w- c:\windows\system32\GWX
2016-02-21 20:41 . 2016-02-21 20:41 -------- d-----w- c:\users\Ivana\Tracing
2016-02-21 08:20 . 2016-02-21 08:22 -------- d-----w- c:\program files (x86)\WinSCP
2016-02-20 09:57 . 2016-02-20 09:57 -------- d-----w- c:\users\Honza\AppData\Roaming\theHunter
2016-02-20 09:57 . 2016-02-20 09:57 -------- d-----w- c:\users\Honza\AppData\Local\theHunter
2016-02-20 09:53 . 2016-02-20 09:53 -------- d-----w- c:\programdata\Hunter
2016-02-18 13:06 . 2016-02-18 13:06 3074296 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1029\MSOINTL.DLL
2016-02-17 13:37 . 2016-02-17 13:37 26904832 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2016-02-17 13:31 . 2016-02-17 13:31 663792 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2016-02-17 13:31 . 2016-02-17 13:31 37502720 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2016-02-17 12:42 . 2016-02-17 12:42 -------- d-----w- c:\users\Honza\AppData\Roaming\KeePass
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-11 17:48 . 2015-09-22 16:42 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-11 17:48 . 2015-09-22 16:42 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-09 14:49 . 2015-09-20 09:46 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-02-14 01:47 . 2016-02-14 01:47 125720 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-3-0.dll
2016-02-14 01:46 . 2016-02-14 01:46 126232 ----a-w- c:\windows\system32\vulkan-1-1-0-3-0.dll
2016-02-14 01:45 . 2016-02-14 01:45 42264 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
2016-02-14 01:45 . 2016-02-14 01:45 45848 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-3-0.exe
2016-02-10 18:54 . 2016-03-09 14:47 344064 ----a-w- c:\windows\system32\schannel.dll
2016-02-10 18:54 . 2016-03-09 14:47 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-02-10 18:28 . 2016-03-09 14:47 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-02-10 18:28 . 2016-03-09 14:47 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-02-10 18:24 . 2016-03-09 14:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-01-22 06:28 . 2016-02-10 13:48 14186496 ----a-w- c:\windows\system32\shell32.dll
2016-01-22 06:28 . 2016-02-10 13:48 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-01-22 06:28 . 2016-02-10 13:48 1942016 ----a-w- c:\windows\system32\authui.dll
2016-01-22 06:18 . 2016-02-10 13:48 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-01-22 06:18 . 2016-02-10 13:48 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-01-22 06:17 . 2016-02-10 13:48 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-01-22 06:07 . 2016-02-10 13:48 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-01-22 06:07 . 2016-02-10 13:48 1806848 ----a-w- c:\windows\SysWow64\authui.dll
2016-01-22 06:04 . 2016-02-10 13:48 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-01-22 06:04 . 2016-02-10 13:48 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-01-22 06:02 . 2016-02-10 13:48 114176 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-01-22 06:02 . 2016-02-10 13:48 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-01-22 05:19 . 2016-02-10 13:48 3231232 ----a-w- c:\windows\explorer.exe
2016-01-22 05:12 . 2016-02-10 13:48 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-01-16 19:01 . 2016-02-10 13:49 2085888 ----a-w- c:\windows\system32\ole32.dll
2016-01-16 18:36 . 2016-02-10 13:49 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2016-01-07 19:12 . 2016-02-10 13:50 263680 ----a-w- c:\windows\system32\WebClnt.dll
2016-01-07 19:05 . 2016-02-10 13:50 108544 ----a-w- c:\windows\system32\davclnt.dll
2016-01-07 18:59 . 2016-02-10 13:50 208896 ----a-w- c:\windows\SysWow64\WebClnt.dll
2016-01-07 18:50 . 2016-02-10 13:50 87040 ----a-w- c:\windows\SysWow64\davclnt.dll
2016-01-07 17:49 . 2016-02-10 13:50 142336 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-01-06 19:02 . 2016-02-10 13:51 24576 ----a-w- c:\windows\system32\jnwmon.dll
2016-01-06 19:02 . 2016-02-10 13:51 275456 ----a-w- c:\windows\system32\InkEd.dll
2016-01-06 18:41 . 2016-02-10 13:51 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-12-20 18:50 . 2016-02-10 13:50 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-12-20 18:50 . 2016-02-10 13:50 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-12-20 14:08 . 2016-02-10 13:50 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-12-16 18:55 . 2016-02-10 15:17 69120 ----a-w- c:\windows\system32\nlsbres.dll
2015-12-16 18:53 . 2016-02-10 15:17 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2015-12-16 18:53 . 2016-02-10 15:17 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2015-12-16 18:53 . 2016-02-10 15:17 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2015-12-16 18:48 . 2016-02-10 15:17 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2015-12-16 18:48 . 2016-02-10 15:17 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2015-12-16 18:47 . 2016-02-10 15:17 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
.
c:\users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MEGAsync.lnk - c:\programdata\MEGAsync\MEGAsync.exe [2015-9-3 4701928]
Seznam Pošťák.lnk - c:\users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe [2015-9-20 47816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FileZillaServer;FileZillaServer;d:\programy\xampp\filezillaftp\filezillaserver.exe;d:\programy\xampp\filezillaftp\filezillaserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 KbFilter_Kb_FlexDef3x;HID Keyboard(FlexDef3x) Driver Service;c:\windows\system32\DRIVERS\KbFilter_FlexDef3x.sys;c:\windows\SYSNATIVE\DRIVERS\KbFilter_FlexDef3x.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 Apache2.4;Apache2.4;d:\programy\xampp\apache\bin\httpd.exe;d:\programy\xampp\apache\bin\httpd.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2016-03-12 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe [2016-03-11 17:48]
.
2016-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22 17:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-07-08 5595848]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do Microsoft Excelu - d:\programy\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.96.161.2 212.96.161.6
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\users\Honza\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
d:\programy\TeamViewer\TeamViewer_Service.exe
.
**************************************************************************
.
Celkový čas: 2016-03-15 17:26:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-03-15 16:26
.
Před spuštěním: Volných bajtů: 45 525 491 712
Po spuštění: Volných bajtů: 45 203 632 128
.
- - End Of File - - EF891E04DFA883DE523412E8F0C2DFEB
A36C5E4F47E84449FF07ED3517B43A31

---

aswMBR
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-03-15 17:27:32
-----------------------------
17:27:32.186 OS Version: Windows x64 6.1.7601 Service Pack 1
17:27:32.186 Number of processors: 2 586 0x170A
17:27:32.186 ComputerName: HONZA-PC UserName: Honza
17:27:32.685 Initialize success
17:27:32.717 VM: initialized successfully
17:27:32.717 VM: Intel CPU supported
17:27:37.622 VM: supported disk I/O iaStorV.sys
17:28:06.199 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:28:06.215 Disk 0 Vendor: WDC_WD75 15.0 Size: 715403MB BusType: 8
17:28:06.215 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-2
17:28:06.215 Disk 1 Vendor: WDC_WD1600AAJS-00L7A0 01.03E01 Size: 152627MB BusType: 3
17:28:06.324 VM: Disk 0 MBR read successfully
17:28:06.340 Disk 0 MBR scan
17:28:06.340 Disk 0 Windows 7 default MBR code
17:28:06.355 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102350 MB offset 206848
17:28:06.355 Disk 0 Boot: NTFS code=2
17:28:06.371 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 612951 MB offset 209819648
17:28:06.402 Disk 0 scanning C:\Windows\system32\drivers
17:28:10.084 Service scanning
17:28:13.360 Service ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys **LOCKED** 5
17:28:13.485 Service epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys **LOCKED** 5
17:28:20.193 Modules scanning
17:28:20.193 Disk 0 trace - called modules:
17:28:20.208 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
17:28:20.208 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005220790]
17:28:20.208 3 CLASSPNP.SYS[fffff880013b243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004101050]
17:28:20.224 Disk 0 statistics 85577/0/18 @ 12,88 MB/s
17:28:20.224 Scan finished successfully
17:29:49.815 Disk 0 MBR has been saved successfully to "C:\Users\Honza\Desktop\MBR.dat"
17:29:49.830 The log file has been saved successfully to "C:\Users\Honza\Desktop\aswMBR.txt"

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Vlož nový log z HJT + informuj o problémech.

[Honza97]

HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:19:18, on 16.3.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18231)
Boot mode: Normal

Running processes:
C:\ProgramData\MEGAsync\MEGAsync.exe
C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
C:\Program Files (x86)\Opera\35.0.2066.92\opera_crashreporter.exe
C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
D:\Stahování\Stahování - Opera\hijackthis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O4 - Startup: MEGAsync.lnk = C:\ProgramData\MEGAsync\MEGAsync.exe
O4 - Startup: Seznam Pošťák.lnk = Honza\AppData\Roaming\Seznam.cz\bin\postak.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://D:\Programy\MICROS~1\Office15\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2.4 - Apache Software Foundation - D:\programy\xampp\apache\bin\httpd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: FileZillaServer - FileZilla Project - D:\programy\xampp\filezillaftp\filezillaserver.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - D:\Programy\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6716 bytes

---

Po provedení posledního čištění se vady eliminovali. Nyní se už "děje" jen první problém, který popisuji zde: viewtopic.php?f=46&t=171698

Chtěl bych se ještě zeptat, po odinstalování ComboFixu mám na disku složku Boot, která má v sobě kromě složek s jazyky i soubor memtest.exe. Pokud dobře tuším, není to žádná složka, ze které Windows bootuje, ale mohu ji teda smazat? Nebo spíše, co je to za složku?

[jerabina]

Můžeš vyfotit obsah té složky?

Ověříme integritu a úplnost všech systémových souborů:
- Zmáčkni Win + R najednou
- vepiš do spuštění "cmd" bez úvozovek. a stiskni Enter.
- do příkazového řádku vepiš "sfc /scannow" bez úvozovek a stiskni Enter.
- Po dokončení skenu udělej screenshot obrazovky, vlož ho sem a restartuj počítač.

[Honza97]

Zde zasílám screen z provedené kontroly integrity souborů:

CBS.log jsem z důvody velikosti nahrál na mega: https://mega.nz/#!wp9WiLbA!Fdjz2gxMqqYj ... oZ3_lzZn54

Dále přidám obsah složky Boot:

Nyní jsem ještě zjistil důležitou informaci, a to tu, že přechody na tlačítku start a ikonách na hlavním panelu nefungují pouze na mém administrátorském profilu.

[jaro3]

s tím prvním problémem zkus zadat téma do sekce windows.

boot: http://answers.microsoft.com/en-us/wind ... bf5?auth=1

CBS.log: https://support.microsoft.com/cs-cz/kb/928228

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

[Honza97]

Z důvodu velkého počtu znaků jsem logy nahrál na leteckou poštu:

Extras.txt - http://leteckaposta.cz/653128292
OTL.txt - http://leteckaposta.cz/232185762

[jerabina]

Příště to prosím rozlož do více příspěvků, mnohem lépe se to čte.

Poklepej na ikonu OTL na ploše. Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2015.12.04 23:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Extensions
[2016.03.05 23:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\kh8n8u5r.default\extensions
O4 - HKCU..\Run: [cz.seznam.software.szndesktop] C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:FB6A21E3

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp
C:\ProgramData\DP45977C.lfl
C:\ProgramData\TEMP:FB6A21E3

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
""=""%1" %*"

:commands
[Purity]
[Emptytemp]
[Emptyjava]
[Emptyflash]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[Honza97]

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Honza\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\kh8n8u5r.default\extensions\adapter@gingersoftware.com\chrome\skin folder moved successfully.
C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\kh8n8u5r.default\extensions\adapter@gingersoftware.com\chrome\content folder moved successfully.
C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\kh8n8u5r.default\extensions\adapter@gingersoftware.com\chrome folder moved successfully.
C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\kh8n8u5r.default\extensions\adapter@gingersoftware.com folder moved successfully.
C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\kh8n8u5r.default\extensions folder moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\TEMP:FB6A21E3 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job moved successfully.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Program Files\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
C:\ProgramData\DP45977C.lfl moved successfully.
File\Folder C:\ProgramData\TEMP:FB6A21E3 not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Honza
->Temp folder emptied: 43871294 bytes
->Temporary Internet Files folder emptied: 30537940 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 234 bytes

User: Ivana
->Temp folder emptied: 20480 bytes
->Temporary Internet Files folder emptied: 4414951 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Zdeněk
->Temp folder emptied: 42119 bytes
->Temporary Internet Files folder emptied: 42509572 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 153882429 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 263,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Honza
->Java cache emptied: 0 bytes

User: Ivana

User: Public

User: Zdeněk
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Honza
->Flash cache emptied: 0 bytes

User: Ivana

User: Public

User: Zdeněk

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03182016_155521

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[jerabina]

Co problémy?