Prosím o kontrolu logu Vyřešeno

[Orcus]

F8 nefunguje? Pokud ne, přeskočíme RK.


Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.

[Reklama]

[divine]

F8 nejde...

Tak tady je ten LOG z ComboFixu:

ComboFix 14-01-08.03 - Michal 12.01.2014 11:27:44.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8172.6327 [GMT 1:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\Left 4 Dead 2.url
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-12 do 2014-01-12 )))))))))))))))))))))))))))))))
.
.
2014-01-12 10:31 . 2014-01-12 10:31 -------- d-----w- c:\users\hp\AppData\Local\temp
2014-01-12 10:31 . 2014-01-12 10:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-11 12:33 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0456FC8-8870-46F2-9F21-23BBD62E9B8C}\mpengine.dll
2014-01-08 16:31 . 2014-01-08 16:31 950128 ----a-w- c:\windows\system32\drivers\ndis.sys.bak
2014-01-08 16:24 . 2014-01-08 16:24 -------- d-----w- c:\windows\ERUNT
2014-01-08 14:03 . 2014-01-08 16:16 -------- d-----w- C:\AdwCleaner
2014-01-07 20:52 . 2014-01-07 20:52 388096 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-07 20:52 . 2014-01-07 20:52 -------- d-----w- c:\program files (x86)\Trend Micro
2014-01-07 20:30 . 2014-01-07 20:30 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2014-01-07 20:30 . 2014-01-07 20:30 -------- d-----w- c:\programdata\Malwarebytes
2014-01-07 20:30 . 2014-01-07 20:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-07 20:30 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-07 16:01 . 2014-01-07 16:01 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-07 14:31 . 2014-01-07 14:31 -------- d-----w- c:\windows\SysWow64\xlive
2014-01-07 14:31 . 2014-01-07 14:31 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-01-07 14:30 . 2014-01-07 14:30 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-01-04 14:29 . 2014-01-04 14:29 -------- d-----w- c:\program files\2K Games
2014-01-03 15:54 . 2014-01-03 15:54 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-12-30 18:13 . 2013-12-30 18:13 -------- d-----w- c:\users\Michal\AppData\Local\Microsoft Games
2013-12-25 14:08 . 2013-12-25 14:08 -------- d-----w- c:\windows\Migration
2013-12-25 14:07 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-12-25 14:07 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-12-25 14:07 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-12-25 14:07 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-12-25 14:07 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-12-25 14:07 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-12-25 14:07 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-12-17 11:41 . 2013-12-17 11:41 -------- d-----w- c:\users\Michal\AppData\Local\CrashRpt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-07 16:01 . 2013-08-08 12:45 422216 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-01-07 16:01 . 2013-08-08 12:45 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 16:01 . 2013-08-08 12:45 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-07 16:01 . 2013-08-08 12:45 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-07 16:01 . 2013-08-08 12:45 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-07 16:01 . 2013-08-08 12:44 43152 ----a-w- c:\windows\avastSS.scr
2014-01-03 15:52 . 2013-08-13 10:08 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-01-03 15:52 . 2013-08-13 10:08 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-01-03 15:52 . 2013-08-13 10:08 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-12-30 10:38 . 2013-08-13 10:15 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-28 09:36 . 2013-08-13 10:08 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-14 21:17 . 2013-08-08 13:52 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 08:41 . 2013-08-08 12:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 08:41 . 2013-08-08 12:41 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 11:54 . 2013-12-12 21:33 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 21:33 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 21:33 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 21:33 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 21:33 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 21:33 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 21:33 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 21:33 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 21:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 21:33 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 21:33 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 21:33 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 21:33 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 21:33 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 21:33 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 21:33 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 21:33 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 21:33 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 21:33 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 21:33 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 21:33 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 21:33 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 21:33 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 21:33 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 19:49 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 19:49 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 11:17 . 2013-11-19 11:17 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-19 11:17 . 2013-11-19 11:17 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-19 11:17 . 2013-11-19 11:17 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-19 11:17 . 2013-11-19 11:17 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-19 11:17 . 2013-11-19 11:17 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-19 11:17 . 2013-11-19 11:17 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-19 11:17 . 2013-11-19 11:17 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-19 11:17 . 2013-11-19 11:17 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-19 11:17 . 2013-11-19 11:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-19 11:17 . 2013-11-19 11:17 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-19 11:17 . 2013-11-19 11:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-19 11:17 . 2013-11-19 11:17 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-19 11:17 . 2013-11-19 11:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-19 11:17 . 2013-11-19 11:17 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-19 11:17 . 2013-11-19 11:17 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-19 11:17 . 2013-11-19 11:17 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-19 11:17 . 2013-11-19 11:17 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-19 11:17 . 2013-11-19 11:17 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-19 11:17 . 2013-11-19 11:17 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-19 11:17 . 2013-11-19 11:17 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-19 11:17 . 2013-11-19 11:17 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-19 11:17 . 2013-11-19 11:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-19 11:17 . 2013-11-19 11:17 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-19 11:17 . 2013-11-19 11:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-19 11:17 . 2013-11-19 11:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-19 11:17 . 2013-11-19 11:17 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-19 11:17 . 2013-11-19 11:17 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-19 11:17 . 2013-11-19 11:17 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-19 11:17 . 2013-11-19 11:17 413696 ----a-w- c:\windows\system32\html.iec
2013-11-19 11:17 . 2013-11-19 11:17 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 11:17 . 2013-11-19 11:17 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-19 11:17 . 2013-11-19 11:17 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-19 11:17 . 2013-11-19 11:17 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-19 11:17 . 2013-11-19 11:17 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-19 11:17 . 2013-11-19 11:17 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-19 11:17 . 2013-11-19 11:17 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-19 11:17 . 2013-11-19 11:17 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-19 11:17 . 2013-11-19 11:17 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-19 11:17 . 2013-11-19 11:17 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-19 11:17 . 2013-11-19 11:17 235520 ----a-w- c:\windows\system32\url.dll
2013-11-19 11:17 . 2013-11-19 11:17 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-19 11:17 . 2013-11-19 11:17 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-19 11:17 . 2013-11-19 11:17 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-19 11:17 . 2013-11-19 11:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-19 11:17 . 2013-11-19 11:17 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-19 11:17 . 2013-11-19 11:17 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-19 11:17 . 2013-11-19 11:17 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-19 11:17 . 2013-11-19 11:17 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-19 11:17 . 2013-11-19 11:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-19 11:17 . 2013-11-19 11:17 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-19 11:17 . 2013-11-19 11:17 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-19 11:17 . 2013-11-19 11:17 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-19 11:17 . 2013-11-19 11:17 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-19 11:17 . 2013-11-19 11:17 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-19 11:17 . 2013-11-19 11:17 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-19 11:17 . 2013-11-19 11:17 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-19 11:17 . 2013-11-19 11:17 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-19 11:17 . 2013-11-19 11:17 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-19 11:17 . 2013-11-19 11:17 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-19 02:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-01-07 1815464]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-11-21 3551576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-02-10 61112]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-07 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 hcwD3bda_dvbt;Hauppauge MSi2500 DVBT Service;c:\windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe;c:\windows\SYSNATIVE\hauppauge\hcwD3dvb\DVBT\DVBService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 hcwD3bda;Driver for WinTV DVB-T (Model 133xxx);c:\windows\system32\DRIVERS\hcwD3bda64.sys;c:\windows\SYSNATIVE\DRIVERS\hcwD3bda64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-08 00:09 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-08 08:41]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-08 12:45]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-08 12:45]
.
2014-01-11 c:\windows\Tasks\HPCeeScheduleForMichal.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-07 16:01 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-24 1425408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-12-12 21720]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com?pc=HPDTDF
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\anp6zoq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-01-12 11:33:11
ComboFix-quarantined-files.txt 2014-01-12 10:33
.
Před spuštěním: Volných bajtů: 782 502 088 704
Po spuštění: Volných bajtů: 782 102 175 744
.
- - End Of File - - B400EF54221066068B3B1C8F54F51636

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[divine]

ComboFix 14-01-08.03 - Michal 14.01.2014 12:26:56.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8172.5981 [GMT 1:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.22.3\goopdate.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.22.3\psmachine.dll
c:\program files (x86)\Google\Update\1.3.22.3\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.3\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.72\32.0.1700.72_chrome_installer.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-14 do 2014-01-14 )))))))))))))))))))))))))))))))
.
.
2014-01-14 11:32 . 2014-01-14 11:32 -------- d-----w- c:\users\hp\AppData\Local\temp
2014-01-14 11:32 . 2014-01-14 11:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-14 11:23 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBB4B76B-AB50-4810-A1E7-1F597393F850}\mpengine.dll
2014-01-13 09:57 . 2014-01-13 09:57 -------- d-----w- c:\users\Michal\AppData\Local\My Games
2014-01-13 09:49 . 2014-01-13 09:49 -------- d-----w- c:\programdata\Orbit
2014-01-13 09:40 . 2014-01-13 09:40 -------- d-----w- c:\program files (x86)\Far Cry 3
2014-01-12 19:44 . 2014-01-12 19:44 -------- d-----w- c:\users\Michal\AppData\Local\CrashDumps
2014-01-08 16:31 . 2014-01-08 16:31 950128 ----a-w- c:\windows\system32\drivers\ndis.sys.bak
2014-01-08 16:24 . 2014-01-08 16:24 -------- d-----w- c:\windows\ERUNT
2014-01-08 14:03 . 2014-01-08 16:16 -------- d-----w- C:\AdwCleaner
2014-01-07 20:52 . 2014-01-07 20:52 388096 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-07 20:52 . 2014-01-07 20:52 -------- d-----w- c:\program files (x86)\Trend Micro
2014-01-07 20:30 . 2014-01-07 20:30 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2014-01-07 20:30 . 2014-01-07 20:30 -------- d-----w- c:\programdata\Malwarebytes
2014-01-07 20:30 . 2014-01-07 20:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-07 20:30 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-07 16:01 . 2014-01-07 16:01 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-07 14:31 . 2014-01-07 14:31 -------- d-----w- c:\windows\SysWow64\xlive
2014-01-07 14:31 . 2014-01-07 14:31 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-01-07 14:30 . 2014-01-07 14:30 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-01-04 14:29 . 2014-01-04 14:29 -------- d-----w- c:\program files\2K Games
2014-01-03 15:54 . 2014-01-03 15:54 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-12-30 18:13 . 2013-12-30 18:13 -------- d-----w- c:\users\Michal\AppData\Local\Microsoft Games
2013-12-25 14:08 . 2013-12-25 14:08 -------- d-----w- c:\windows\Migration
2013-12-25 14:07 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-12-25 14:07 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-12-25 14:07 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-12-25 14:07 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-12-25 14:07 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-12-25 14:07 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-12-25 14:07 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-12-17 11:41 . 2013-12-17 11:41 -------- d-----w- c:\users\Michal\AppData\Local\CrashRpt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-07 16:01 . 2013-08-08 12:45 422216 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-01-07 16:01 . 2013-08-08 12:45 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 16:01 . 2013-08-08 12:45 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-07 16:01 . 2013-08-08 12:45 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-07 16:01 . 2013-08-08 12:45 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-07 16:01 . 2013-08-08 12:44 43152 ----a-w- c:\windows\avastSS.scr
2014-01-03 15:52 . 2013-08-13 10:08 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-01-03 15:52 . 2013-08-13 10:08 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-01-03 15:52 . 2013-08-13 10:08 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-12-30 10:38 . 2013-08-13 10:15 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-28 09:36 . 2013-08-13 10:08 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-14 21:17 . 2013-08-08 13:52 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 08:41 . 2013-08-08 12:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 08:41 . 2013-08-08 12:41 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 11:54 . 2013-12-12 21:33 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 21:33 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 21:33 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 21:33 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 21:33 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 21:33 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 21:33 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 21:33 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 21:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 21:33 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 21:33 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 21:33 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 21:33 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 21:33 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 21:33 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 21:33 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 21:33 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 21:33 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 21:33 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 21:33 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 21:33 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 21:33 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 21:33 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 21:33 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 19:49 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 19:49 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 11:17 . 2013-11-19 11:17 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-19 11:17 . 2013-11-19 11:17 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-19 11:17 . 2013-11-19 11:17 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-19 11:17 . 2013-11-19 11:17 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-19 11:17 . 2013-11-19 11:17 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-19 11:17 . 2013-11-19 11:17 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-19 11:17 . 2013-11-19 11:17 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-19 11:17 . 2013-11-19 11:17 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-19 11:17 . 2013-11-19 11:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-19 11:17 . 2013-11-19 11:17 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-19 11:17 . 2013-11-19 11:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-19 11:17 . 2013-11-19 11:17 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-19 11:17 . 2013-11-19 11:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-19 11:17 . 2013-11-19 11:17 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-19 11:17 . 2013-11-19 11:17 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-19 11:17 . 2013-11-19 11:17 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-19 11:17 . 2013-11-19 11:17 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-19 11:17 . 2013-11-19 11:17 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-19 11:17 . 2013-11-19 11:17 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-19 11:17 . 2013-11-19 11:17 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-19 11:17 . 2013-11-19 11:17 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-19 11:17 . 2013-11-19 11:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-19 11:17 . 2013-11-19 11:17 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-19 11:17 . 2013-11-19 11:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-19 11:17 . 2013-11-19 11:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-19 11:17 . 2013-11-19 11:17 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-19 11:17 . 2013-11-19 11:17 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-19 11:17 . 2013-11-19 11:17 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-19 11:17 . 2013-11-19 11:17 413696 ----a-w- c:\windows\system32\html.iec
2013-11-19 11:17 . 2013-11-19 11:17 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 11:17 . 2013-11-19 11:17 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-19 11:17 . 2013-11-19 11:17 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-19 11:17 . 2013-11-19 11:17 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-19 11:17 . 2013-11-19 11:17 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-19 11:17 . 2013-11-19 11:17 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-19 11:17 . 2013-11-19 11:17 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-19 11:17 . 2013-11-19 11:17 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-19 11:17 . 2013-11-19 11:17 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-19 11:17 . 2013-11-19 11:17 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-19 11:17 . 2013-11-19 11:17 235520 ----a-w- c:\windows\system32\url.dll
2013-11-19 11:17 . 2013-11-19 11:17 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-19 11:17 . 2013-11-19 11:17 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-19 11:17 . 2013-11-19 11:17 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-19 11:17 . 2013-11-19 11:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-19 11:17 . 2013-11-19 11:17 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-19 11:17 . 2013-11-19 11:17 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-19 11:17 . 2013-11-19 11:17 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-19 11:17 . 2013-11-19 11:17 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-19 11:17 . 2013-11-19 11:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-19 11:17 . 2013-11-19 11:17 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-19 11:17 . 2013-11-19 11:17 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-19 11:17 . 2013-11-19 11:17 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-19 11:17 . 2013-11-19 11:17 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-19 11:17 . 2013-11-19 11:17 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-19 11:17 . 2013-11-19 11:17 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-19 11:17 . 2013-11-19 11:17 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-19 11:17 . 2013-11-19 11:17 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-19 11:17 . 2013-11-19 11:17 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-19 11:17 . 2013-11-19 11:17 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-19 02:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-01-07 1815464]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-11-21 3551576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-02-10 61112]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-07 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 hcwD3bda_dvbt;Hauppauge MSi2500 DVBT Service;c:\windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe;c:\windows\SYSNATIVE\hauppauge\hcwD3dvb\DVBT\DVBService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 hcwD3bda;Driver for WinTV DVB-T (Model 133xxx);c:\windows\system32\DRIVERS\hcwD3bda64.sys;c:\windows\SYSNATIVE\DRIVERS\hcwD3bda64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-08 00:09 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-08 08:41]
.
2014-01-11 c:\windows\Tasks\HPCeeScheduleForMichal.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-07 16:01 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-24 1425408]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com?pc=HPDTDF
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\anp6zoq2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-01-14 12:37:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-01-14 11:37
ComboFix2.txt 2014-01-12 10:33
.
Před spuštěním: Volných bajtů: 764 555 522 048
Po spuštění: Volných bajtů: 763 960 770 560
.
- - End Of File - - 410B2D5187A006921A4B31445A537408

[divine]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-14 12:43:12
-----------------------------
12:43:12.975 OS Version: Windows x64 6.1.7601 Service Pack 1
12:43:12.975 Number of processors: 8 586 0x2A07
12:43:12.975 ComputerName: MICHAL-HP UserName: Michal
12:43:20.915 Initialize success
12:43:24.347 AVAST engine defs: 14011400
12:43:34.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:43:34.659 Disk 0 Vendor: ST1000DM HP16 Size: 953869MB BusType: 3
12:43:34.768 Disk 0 MBR read successfully
12:43:34.768 Disk 0 MBR scan
12:43:34.768 Disk 0 unknown MBR code
12:43:34.768 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:43:34.783 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 940740 MB offset 206911
12:43:34.830 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13026 MB offset 1926844416
12:43:34.893 Disk 0 scanning C:\Windows\system32\drivers
12:43:54.705 Service scanning
12:44:05.266 Modules scanning
12:44:05.266 Disk 0 trace - called modules:
12:44:05.281 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:44:05.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800936c790]
12:44:05.781 3 CLASSPNP.SYS[fffff880013bf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008170050]
12:44:10.866 AVAST engine scan C:\Windows
12:44:16.529 AVAST engine scan C:\Windows\system32
12:46:01.954 AVAST engine scan C:\Windows\system32\drivers
12:46:28.162 AVAST engine scan C:\Users\Michal
12:47:42.871 File: C:\Users\Michal\Downloads\Crysis-3-CZ,-Cestina,-ISO\Crysis 3 CZ, Cestina\Bin32\CryEA.dll **INFECTED** Win32:Xpaj-gen
12:48:15.459 AVAST engine scan C:\ProgramData
12:49:07.095 Scan finished successfully
12:52:49.037 Disk 0 MBR has been saved successfully to "C:\Users\Michal\Desktop\MBR.dat"
12:52:49.037 The log file has been saved successfully to "C:\Users\Michal\Desktop\aswMBR.txt"

[Orcus]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Nabootuj z instalačního DVD Windows a zadej příkazy bootrec.exe /fixmbr a potom bootrec.exe /fixboot.

[divine]

Ted tomu nejak nerozumim. Nabootuju Windows jako pri klasicke instalaci, ale kdy a kam pak zadam ty prikazy?

[Orcus]

http://support.microsoft.com/kb/927392/cs

[divine]

Diky. Zitra se na to snad vrhnu.

[Orcus]

OK.

[divine]

Vubec se nemuzu dostat tam, kam chci. S Win od HP muzu bud opravit nebo vratit PC do tovarniho nastaveni.

[jaro3]

Popiš problémy.