Občasné zahryznutí počítače, kontrola logu.

Zpráva

robert333 · #31 Příspěvek od **robert333** » 27 kvě 2015 19:13

Hledal jsem, co je to za problém, a zjistil jsem, že se s tím na zdejším fóru už také někdo setkal

.
Teď s PC momentálně pracuji, žádné sekání se neobjevilo

.
Sken v OTL provedu doufám ještě dnes

.

robert333 · #32 Příspěvek od **robert333** » 27 kvě 2015 19:43

No tak před chvílí jsem byl na facebooku a PC se zase zahryzl

Spuštěná byla Mozilla Firefox, Prohlížeč obrázků a MPC-BE, v němž jsem však nic nepřehrával.
Chvíli po zaseknutí se stal počítač mírně hlasitější, ale rozhodně to nebyl žádný hluk.
Počítač se zasekl tak na 20 sekund a v prohlížeči událostí jsem zase nic nenašel.
Logy z OTL jsou v příloze.

#33 Příspěvek od **Márty84** » 28 kvě 2015 09:07

Vypnete antivir, at nebrani programu v praci.

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1808696115-1385625353-2641224543-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
O4:[b]64bit:[/b] - HKLM..\RunOnce: [*EmptyTemp] cmd /c rd /q/s C:\FRST\Temp File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1808696115-1385625353-2641224543-1182..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[15 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[10 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\171d611b\c38c21ba\*.tmp files -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\171d611b\c38c21ba\*.tmp -> ]
[1 C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\5a986016\4eaf4397\*.tmp files -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\5a986016\4eaf4397\*.tmp -> ]
[1 C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\6ec7abdc\a37f1fe5\*.tmp files -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\6ec7abdc\a37f1fe5\*.tmp -> ]
[1 C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\cd95b07c\699c4fa6\*.tmp files -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\cd95b07c\699c4fa6\*.tmp -> ]
[1 C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\d0b9ff13\dcc5135e\*.tmp files -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\d0b9ff13\dcc5135e\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0e2956b1d7b18dc8f467b7ddc709ca77\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0e2956b1d7b18dc8f467b7ddc709ca77\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\d17fe9d13a2877e577dc69d812697910\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d17fe9d13a2877e577dc69d812697910\*.tmp -> ]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

robert333 · #34 Příspěvek od **robert333** » 28 kvě 2015 15:39

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: ACER
->Temp folder emptied: 2489209 bytes
->Temporary Internet Files folder emptied: 34287392 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 374459621 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1494 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Správce
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 47267 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2060 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 392,00 mb

[EMPTYFLASH]

User: ACER
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: Správce
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1808696115-1385625353-2641224543-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1808696115-1385625353-2641224543-1182\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP231.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA015.tmp\Microsoft.SqlServer.Management.Sdk.Sfc.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA015.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB5AD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP312D.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP333F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3A15.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3AEF.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4CE7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7C12.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA64C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPABC1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC01B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEC16.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEDAE.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF0B7.tmp folder deleted successfully.
C:\Windows\Installer\MSI2C9D.tmp- folder deleted successfully.
C:\Windows\Installer\MSI4829.tmp deleted successfully.
C:\Windows\Installer\MSI4898.tmp deleted successfully.
C:\Windows\Installer\MSI56AB.tmp- folder deleted successfully.
C:\Windows\Installer\MSI6290.tmp- folder deleted successfully.
C:\Windows\Installer\MSI67AC.tmp- folder deleted successfully.
C:\Windows\Installer\MSI74A8.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB2F2.tmp- folder deleted successfully.
C:\Windows\Installer\MSIC047.tmp- folder deleted successfully.
C:\Windows\Installer\MSICB8F.tmp- folder deleted successfully.
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\171d611b\c38c21ba\qges22be.tmp deleted successfully.
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\5a986016\4eaf4397\42lybkaj.tmp deleted successfully.
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\6ec7abdc\a37f1fe5\shiz1ojh.tmp deleted successfully.
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\cd95b07c\699c4fa6\uftcvywx.tmp deleted successfully.
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\d0b9ff13\dcc5135e\zevjmbfe.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\0e2956b1d7b18dc8f467b7ddc709ca77\BIT33CB.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\d17fe9d13a2877e577dc69d812697910\BIT4F03.tmp deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 05282015_162549

#35 Příspěvek od **Márty84** » 28 kvě 2015 19:32

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

robert333 · #36 Příspěvek od **robert333** » 29 kvě 2015 13:17

Mám zmatek v tom, z jakého umístění mám pouštět programy, které mám spustit jako správce. Na PC má 2 účty, jeden správce a pak normální, který používám. Když jsem v tom normálním tak nevím, zda-li mám ty programy uložit na Plochu správci, nebo sobě. Například když jsem uložil FRST sobě na plochu a spustil ho jako správce, nechtělo fungovat. Když jsm jej však přesunul na plochu správci a spustil jej jako správce, normálně fungovalo. ComboFix jsem stáhl na svou plochu, ale během skenu se mi jaksi změnila tapeta a po skenu i ikony. Pak mi došlo, že mě ComboFix z neznámého důvodu přehodil na správcovský účet

. Doufám, že jsem něco nezkazil, konzoli pro zotavení mi to nenabídlo, nikam jsem během skenu neklikal, tak snad by to mělo být v pohodě

Log z ComboFixu zde:

ComboFix 15-05-28.01 - Správce 29.05.2015 13:51:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4061.2629 [GMT 2:00]
Spuštěný z: c:\users\ACER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ACER\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-28 do 2015-05-29 )))))))))))))))))))))))))))))))
.
.
2015-05-29 12:00 . 2015-05-29 12:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-05-29 12:00 . 2015-05-29 12:00 -------- d-----w- c:\users\Správce\AppData\Local\temp
2015-05-29 12:00 . 2015-05-29 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-28 14:25 . 2015-05-28 14:25 -------- d-----w- C:\_OTL
2015-05-22 12:41 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{56E375E9-79BB-4E8D-9EA7-A251D95AE2DD}\mpengine.dll
2015-05-13 20:59 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 20:59 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:37 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-13 12:36 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-05-06 13:29 . 2015-05-18 13:57 -------- d-----w- c:\program files (x86)\Firefox Developer Edition
2015-05-04 14:30 . 2015-05-04 14:30 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-04 14:30 . 2015-05-04 14:30 43112 ----a-w- c:\windows\avastSS.scr
2015-04-30 14:04 . 2015-05-01 19:58 -------- d-----w- c:\users\ACER\AppData\Roaming\.purple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 21:02 . 2013-02-27 08:08 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 01:29 . 2015-05-13 12:39 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 12:39 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-04 14:30 . 2014-05-07 10:24 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-04 14:30 . 2014-01-07 17:03 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-05-04 14:30 . 2013-03-09 15:20 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-04 14:30 . 2013-03-09 15:20 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-04 14:30 . 2013-02-27 11:06 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-04 14:30 . 2013-02-27 11:06 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-04 14:30 . 2013-02-27 11:06 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-04 14:30 . 2013-02-27 11:06 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-27 19:23 . 2015-05-13 12:37 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05 . 2015-05-13 12:37 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:04 . 2015-05-13 12:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-15 18:45 . 2013-02-27 11:24 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 18:45 . 2013-02-27 11:24 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 18:45 . 2015-04-15 17:45 18178736 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-03-25 03:24 . 2015-04-15 12:35 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 12:35 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 12:35 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 12:35 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 12:35 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 12:35 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 12:35 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 12:35 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 12:35 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 12:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 12:35 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 12:35 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 12:35 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 12:35 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 12:35 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 12:35 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 12:34 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 12:34 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 12:34 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 12:34 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 12:34 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 12:34 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-15 12:34 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-15 12:34 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-17 16:50 . 2015-03-17 16:50 416384 ----a-r- c:\users\ACER\AppData\Roaming\Microsoft\Installer\{2F91AA28-D518-4BE4-AB15-14A8F66740C7}\ARPPRODUCTICON.exe
2015-03-17 16:50 . 2014-06-19 14:24 8704 ----a-w- c:\users\ACER\AppData\Local\RemoveTresoritTemp.exe
2015-03-10 03:25 . 2015-04-15 12:34 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 12:34 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 12:34 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 12:34 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 12:34 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 12:34 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 12:31 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 12:31 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 12:36 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 12:36 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 12:31 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 12:36 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 12:36 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 12:36 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-12 5515496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"20150107"="c:\program files\AVAST Software\Avast\setup\emupdate\e3834c07-98d0-42d1-a586-982168cce72c.exe" [2015-05-25 183232]
"OTL"="c:\users\ACER\Desktop\OTL.exe" [2015-05-27 602112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-04 14:30 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*EmptyTemp"="rd" [X]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
mSearch Bar =
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\ijs4ep1w.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1808696115-1385625353-2641224543-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-05-29 14:05:14
ComboFix-quarantined-files.txt 2015-05-29 12:05
.
Před spuštěním: Volných bajtů: 330 525 585 408
Po spuštění: Volných bajtů: 330 100 248 576
.
- - End Of File - - 694B876991516D1A4B013EAC2753EAF7
A36C5E4F47E84449FF07ED3517B43A31

#37 Příspěvek od **Márty84** » 29 kvě 2015 14:55

Pri cisteni pc byste mel byt vzdycky prihlaseny v uctu s Admin pravy a i v nem spoustet aplikace jako spravce, pro jistotu

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*EmptyTemp"=-

RegLock::
[HKEY_USERS\S-1-5-21-1808696115-1385625353-2641224543-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

robert333 · #38 Příspěvek od **robert333** » 29 kvě 2015 15:22

Děkuji za odpověď

.
Jak to mám ale udělat teď? Kdybych přesunul ten textový soubor na ComboFix, nespustím ho přeci jako správce.
Mám to tedy udělat:
1.) Přihlásit se na Správce, přes tento účet vejít na plochu mého účtu, tam vytvořit CFScript a přesunout na Combofix.
2.) Přihlásit se na Správce, ComboFix přesunout z mé plochy na sprácovu plochu, tam vytvořit CFScript a přesunout na Combofix.
nebo
3.) Mám to vše udělat na své ploše, na ploše účty bez práv správce.
Předem děkuji za objasnění

.

#39 Příspěvek od **Márty84** » 29 kvě 2015 15:57

Zkuste to takto

robert333 píše:2.) Přihlásit se na Správce, ComboFix přesunout z mé plochy na sprácovu plochu, tam vytvořit CFScript a přesunout na Combofix.

robert333 · #40 Příspěvek od **robert333** » 29 kvě 2015 16:45

Udělal jsem podle bodu 2, podle slova Reboot:: na konci vašeho kódu jsem čekal restart, který se však nekonal

To ale nevadí.
CF vyhodil tento log:

ComboFix 15-05-28.01 - Správce 29.05.2015 17:25:33.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4061.2585 [GMT 2:00]
Spuštěný z: c:\users\Sprßvce\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Sprßvce\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-28 do 2015-05-29 )))))))))))))))))))))))))))))))
.
.
2015-05-29 15:34 . 2015-05-29 15:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-05-29 15:34 . 2015-05-29 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-29 15:34 . 2015-05-29 15:34 -------- d-----w- c:\users\ACER\AppData\Local\temp
2015-05-29 15:18 . 2015-05-29 15:18 -------- d-sh--w- c:\users\Správce\AppData\Local\EmieBrowserModeList
2015-05-29 15:17 . 2015-05-29 15:17 -------- d-----w- c:\users\Správce\AppData\Local\GHISLER
2015-05-29 15:16 . 2015-05-29 15:16 -------- d-----w- c:\users\Správce\AppData\Roaming\GHISLER
2015-05-29 12:05 . 2015-05-29 15:34 -------- d-----w- c:\users\Správce\AppData\Local\temp
2015-05-28 14:25 . 2015-05-28 14:25 -------- d-----w- C:\_OTL
2015-05-22 12:41 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{56E375E9-79BB-4E8D-9EA7-A251D95AE2DD}\mpengine.dll
2015-05-13 20:59 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 20:59 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:37 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-13 12:36 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-05-06 13:29 . 2015-05-18 13:57 -------- d-----w- c:\program files (x86)\Firefox Developer Edition
2015-05-04 14:30 . 2015-05-04 14:30 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-04 14:30 . 2015-05-04 14:30 43112 ----a-w- c:\windows\avastSS.scr
2015-04-30 14:04 . 2015-05-01 19:58 -------- d-----w- c:\users\ACER\AppData\Roaming\.purple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 21:02 . 2013-02-27 08:08 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 01:29 . 2015-05-13 12:39 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 12:39 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-04 14:30 . 2014-05-07 10:24 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-04 14:30 . 2014-01-07 17:03 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-05-04 14:30 . 2013-03-09 15:20 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-04 14:30 . 2013-03-09 15:20 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-04 14:30 . 2013-02-27 11:06 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-04 14:30 . 2013-02-27 11:06 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-04 14:30 . 2013-02-27 11:06 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-04 14:30 . 2013-02-27 11:06 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-27 19:23 . 2015-05-13 12:37 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05 . 2015-05-13 12:37 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:04 . 2015-05-13 12:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-15 18:45 . 2013-02-27 11:24 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 18:45 . 2013-02-27 11:24 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 18:45 . 2015-04-15 17:45 18178736 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-03-25 03:24 . 2015-04-15 12:35 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 12:35 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 12:35 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 12:35 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 12:35 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 12:35 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 12:35 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 12:35 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 12:35 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 12:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 12:35 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 12:35 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 12:35 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 12:35 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 12:35 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 12:35 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 12:34 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 12:34 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 12:34 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 12:34 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 12:34 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 12:34 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-15 12:34 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-15 12:34 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-17 16:50 . 2015-03-17 16:50 416384 ----a-r- c:\users\ACER\AppData\Roaming\Microsoft\Installer\{2F91AA28-D518-4BE4-AB15-14A8F66740C7}\ARPPRODUCTICON.exe
2015-03-17 16:50 . 2014-06-19 14:24 8704 ----a-w- c:\users\ACER\AppData\Local\RemoveTresoritTemp.exe
2015-03-10 03:25 . 2015-04-15 12:34 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 12:34 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 12:34 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 12:34 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 12:34 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 12:34 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 12:31 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 12:31 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 12:36 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 12:36 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 12:31 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 12:36 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 12:36 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 12:36 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-12 5515496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-04 14:30 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
mSearch Bar =
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\ijs4ep1w.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-05-29 17:37:17
ComboFix-quarantined-files.txt 2015-05-29 15:37
ComboFix2.txt 2015-05-29 12:05
.
Před spuštěním: Volných bajtů: 330 119 794 688
Po spuštění: Volných bajtů: 333 023 977 472
.
- - End Of File - - 840681272E5A8DD427C2663F6F54A381
A36C5E4F47E84449FF07ED3517B43A31

#41 Příspěvek od **Márty84** » 29 kvě 2015 17:15

K restartu nedoslo, protoze to nefungovalo jak melo. A to proto, ze v nazvu uctu je carka. CF ma obcas problem s diakritikou.

Presunte ComboFix i CFScript primo na disk C, takze cesta k nim bude C:\ComboFix.exe a C:\CFScript.txt
Az oba soubory premistite, opet pretahnete textak nad CF a program vykona prikazy.

robert333 · #42 Příspěvek od **robert333** » 29 kvě 2015 21:37

Že já hlupák jsem tenkrát ten účet nepojmenoval třeba Admin, akorát jsem vás zbytečně okradl o čas

. Za to se omlouvám.
CFScript i ComboFix jsem přesunul do C:/, spustil podle instrukcí, PC se poté již restartoval a CF vyplivlo toto:

ComboFix 15-05-28.01 - Správce 29.05.2015 22:12:00.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4061.2652 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-28 do 2015-05-29 )))))))))))))))))))))))))))))))
.
.
2015-05-29 20:21 . 2015-05-29 20:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-05-29 20:21 . 2015-05-29 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-29 20:21 . 2015-05-29 20:21 -------- d-----w- c:\users\ACER\AppData\Local\temp
2015-05-29 15:18 . 2015-05-29 15:18 -------- d-sh--w- c:\users\Správce\AppData\Local\EmieBrowserModeList
2015-05-29 15:17 . 2015-05-29 15:17 -------- d-----w- c:\users\Správce\AppData\Local\GHISLER
2015-05-29 15:16 . 2015-05-29 15:16 -------- d-----w- c:\users\Správce\AppData\Roaming\GHISLER
2015-05-29 12:05 . 2015-05-29 20:22 -------- d-----w- c:\users\Správce\AppData\Local\temp
2015-05-28 14:25 . 2015-05-28 14:25 -------- d-----w- C:\_OTL
2015-05-13 20:59 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 20:59 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:37 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-13 12:36 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-05-06 13:29 . 2015-05-18 13:57 -------- d-----w- c:\program files (x86)\Firefox Developer Edition
2015-05-04 14:30 . 2015-05-04 14:30 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-04 14:30 . 2015-05-04 14:30 43112 ----a-w- c:\windows\avastSS.scr
2015-04-30 14:04 . 2015-05-01 19:58 -------- d-----w- c:\users\ACER\AppData\Roaming\.purple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 21:02 . 2013-02-27 08:08 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 01:29 . 2015-05-13 12:39 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 12:39 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-04 14:30 . 2014-05-07 10:24 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-04 14:30 . 2014-01-07 17:03 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-05-04 14:30 . 2013-03-09 15:20 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-04 14:30 . 2013-03-09 15:20 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-04 14:30 . 2013-02-27 11:06 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-04 14:30 . 2013-02-27 11:06 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-04 14:30 . 2013-02-27 11:06 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-04 14:30 . 2013-02-27 11:06 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-03 03:16 . 2015-05-22 12:41 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{56E375E9-79BB-4E8D-9EA7-A251D95AE2DD}\mpengine.dll
2015-04-27 19:23 . 2015-05-13 12:37 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05 . 2015-05-13 12:37 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:04 . 2015-05-13 12:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-15 18:45 . 2013-02-27 11:24 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 18:45 . 2013-02-27 11:24 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 18:45 . 2015-04-15 17:45 18178736 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-03-25 03:24 . 2015-04-15 12:35 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 12:35 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 12:35 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 12:35 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 12:35 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 12:35 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 12:35 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 12:35 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 12:35 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 12:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 12:35 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 12:35 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 12:35 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 12:35 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 12:35 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 12:35 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 12:34 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 12:34 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 12:34 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 12:34 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 12:34 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 12:34 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-15 12:34 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-15 12:34 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-17 16:50 . 2015-03-17 16:50 416384 ----a-r- c:\users\ACER\AppData\Roaming\Microsoft\Installer\{2F91AA28-D518-4BE4-AB15-14A8F66740C7}\ARPPRODUCTICON.exe
2015-03-17 16:50 . 2014-06-19 14:24 8704 ----a-w- c:\users\ACER\AppData\Local\RemoveTresoritTemp.exe
2015-03-10 03:25 . 2015-04-15 12:34 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 12:34 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 12:34 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 12:34 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 12:34 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 12:34 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 12:31 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 12:31 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 12:36 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 12:36 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 12:31 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 12:36 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 12:36 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 12:36 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-12 5515496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-04 14:30 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
mSearch Bar =
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\ijs4ep1w.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2015-05-29 22:30:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-29 20:29
ComboFix2.txt 2015-05-29 15:37
ComboFix3.txt 2015-05-29 12:05
.
Před spuštěním: Volných bajtů: 332 988 395 520
Po spuštění: Volných bajtů: 333 025 890 304
.
- - End Of File - - 4F0E2D1BB251C60950E30DCE056E3AE1
A36C5E4F47E84449FF07ED3517B43A31

#43 Příspěvek od **Márty84** » 30 kvě 2015 07:07

robert333 píše:Že já hlupák jsem tenkrát ten účet nepojmenoval třeba Admin, akorát jsem vás zbytečně okradl o čas . Za to se omlouvám.

Nic se nedeje, taky mam v nazvu carku

Presunte ComboFix zpet na plochu.

Prejmenujte ComboFix na Uninstall a spustte ho jako spravce. CF by se mel odinstalovat.

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte jako spravce

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

No a nezbyva nez cekat, jestli se to zase kousne.

robert333 · #44 Příspěvek od **robert333** » 30 kvě 2015 17:52

Tak ComboFix jsem přesunul a přejmenoval, napsal mi, že se odinstalovat, ale program samotný zůstal na Ploše, takže jsem jej vyhodil do koše. Delfix jsem spustil a vyhodil mi log, který je níže. Mám provést ještě nějaké další akce?

# DelFix v1.010 - Logfile created 30/05/2015 at 18:49:26
# Updated 26/04/2015 by Xplode
# Username : Správce - ACER-NTB
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Správce\Desktop\CFScript.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\Swearware

########## - EOF - ##########

#45 Příspěvek od **Márty84** » 31 kvě 2015 18:18

robert333 píše:Mám provést ještě nějaké další akce?

Zatim ne, pc by ted mel byt naprosto cisty. Takze pokud so opet kousne, musi to zpusobovat neco legitimniho (treba nejaka aktualizace neceho) a vzhledem k tomu, ze k tomu dochazi nepravidelne a navic zridka, asi takhle na dalku neprijdu na to, co to zpusobuje

VIRY.CZ

Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.

Re: Občasné zahryznutí počítače, kontrola logu.