Prosím o kontrolu

Zpráva

Gladiator91 · #1 Příspěvek od **Gladiator91** » 06 bře 2014 17:42

Zdravíčko vespolek

poprosil bych o kontrolu mého železa neboť avast řve, že zablokoval několik útoků a dneska mi ukázal nějakej vir přímo v Taskmanageru. Občas přestane pracovat IE aniž bych ho zapnul a když zapnu komp tak se mi nechce načíst net, pomůže jedině restart.

log je tu a opět je moc dlouhý :-/

#2 Příspěvek od **Rudy** » 06 bře 2014 18:50

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Gladiator91 · #3 Příspěvek od **Gladiator91** » 06 bře 2014 19:39

ComboFix 14-03-05.01 - HP-PC . 03. 2014 19:37:41.1.8 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.6097.4443 [GMT 1:00]
Spuštěný z: c:\users\HP-PC\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\HP
c:\programdata\HP\windows\HP Photosmart 5510 series\XmlFileCache\CN1CF255SX05NR\DevMgmt\DiscoveryTree.xml
c:\programdata\HP\windows\HP Photosmart 5510 series\XmlFileCache\CN1CF255SX05NR\Scan\ScanCaps.xml
c:\users\HP-PC\AppData\Local\assembly\tmp
c:\users\hp\AppData\Local\assembly\tmp
c:\windows\SysWow64\settings.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-06 do 2014-03-06 )))))))))))))))))))))))))))))))
.
.
2014-03-06 16:40 . 2014-03-06 16:45 -------- d-----w- c:\program files\trend micro
2014-03-06 16:40 . 2014-03-06 16:40 -------- d-----w- C:\rsit
2014-03-04 16:37 . 2014-03-06 06:35 77824 ------w- c:\windows\KMSEmulator.exe
2014-03-02 19:34 . 2014-03-02 19:34 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2014-03-02 18:15 . 2014-03-02 18:15 -------- d-----w- c:\users\HP-PC\AppData\Roaming\MPC-HC
2014-03-02 18:15 . 2013-12-01 13:10 257624 ----a-w- c:\windows\system32\unrar64.dll
2014-03-02 18:15 . 2013-12-01 13:10 218200 ----a-w- c:\windows\SysWow64\unrar.dll
2014-03-02 18:15 . 2014-03-02 18:15 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2014-03-01 21:31 . 2014-03-01 21:31 -------- d-----w- c:\program files (x86)\LucasArts
2014-02-19 06:33 . 2014-02-19 06:33 255664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10234.bin
2014-02-17 17:20 . 2014-02-17 17:20 -------- d-----w- c:\program files\CCleaner
2014-02-15 15:31 . 2014-02-15 16:12 -------- d-----w- c:\program files (x86)\Sniper Elite
2014-02-13 20:41 . 2013-11-01 05:53 2232664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-13 20:37 . 2014-01-12 23:30 2238976 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 20:37 . 2013-11-20 00:15 3842560 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 20:37 . 2014-01-12 23:30 2032640 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 20:37 . 2013-11-19 23:57 3288576 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-09 19:27 . 2014-02-09 19:29 -------- d-----w- c:\program files (x86)\SAW
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-05 06:11 . 2013-12-06 10:36 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-02-18 06:55 . 2013-12-14 12:03 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-17 22:03 . 2013-12-12 08:47 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:03 . 2013-12-12 08:47 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-11 16:53 . 2014-01-04 09:57 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-11 16:53 . 2013-12-10 20:53 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-11 16:53 . 2013-12-10 20:53 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-11 16:53 . 2013-12-10 20:53 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-11 16:53 . 2013-12-10 20:53 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-11 16:53 . 2013-12-10 20:52 43152 ----a-w- c:\windows\avastSS.scr
2014-01-29 09:24 . 2014-01-29 09:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-04 21:00 . 2013-12-06 10:36 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-01-04 09:57 . 2013-12-10 20:53 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-12 08:20 . 2013-12-12 08:20 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-11 20:45 . 2013-12-11 20:45 614400 ----a-w- c:\windows\AutoKMS.exe
2013-12-10 20:52 . 2013-12-10 20:53 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-10 20:52 . 2013-12-10 20:53 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-10 20:06 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-07 06:37 . 2014-01-15 06:45 688640 ----a-w- c:\windows\system32\WSShared.dll
2013-12-07 06:37 . 2014-01-15 06:45 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-07 05:15 . 2014-01-15 06:45 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
2013-12-07 05:15 . 2014-01-15 06:45 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\users\HP-PC\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\HP-PC\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-05-19 1371648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 642728]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-02 491120]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-11 3767096]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:31bdc873ce /wow /dir:C:\Program
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 16:50 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-15 18:52]
.
2014-03-06 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2013-12-11 20:45]
.
2014-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10 20:33]
.
2014-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10 20:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-11 16:53 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-09-19 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-19 1425408]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=13415
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\HP-PC\AppData\Roaming\Mozilla\Firefox\Profiles\tg9y4ic4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{FF27F674-821E-4BA2-985B-DDF539C2CD03} - c:\program files (x86)\InstallShield Installation Information\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2014-03-06 19:42:31
ComboFix-quarantined-files.txt 2014-03-06 18:42
.
Před spuštěním: 677 243 248 640 bytes free
Po spuštění: 677 101 953 024 bytes free
.
- - End Of File - - F17B89C982EACCD188EADAED6B509ECB
5FB38429D5D77768867C76DCBDB35194

#4 Příspěvek od **Rudy** » 06 bře 2014 21:21

Ještě dočistíme. Přesuńte Combofix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\KMSEmulator.exe
c:\windows\AutoKMS.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Reboot::

uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu Combofix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Gladiator91 · #5 Příspěvek od **Gladiator91** » 06 bře 2014 21:32

ComboFix 14-03-05.01 - HP-PC . 03. 2014 21:31:58.2.8 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.6097.4401 [GMT 1:00]
Spuštěný z: c:\users\HP-PC\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\HP-PC\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-06 do 2014-03-06 )))))))))))))))))))))))))))))))
.
.
2014-03-06 20:34 . 2014-03-06 20:34 -------- d-----w- c:\users\hp\AppData\Local\temp
2014-03-06 20:34 . 2014-03-06 20:34 -------- d-----w- c:\users\HP-PC\AppData\Local\temp
2014-03-06 20:34 . 2014-03-06 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-06 16:40 . 2014-03-06 16:45 -------- d-----w- c:\program files\trend micro
2014-03-06 16:40 . 2014-03-06 16:40 -------- d-----w- C:\rsit
2014-03-04 16:37 . 2014-03-06 06:35 77824 ------w- c:\windows\KMSEmulator.exe
2014-03-02 19:34 . 2014-03-02 19:34 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2014-03-02 18:15 . 2014-03-02 18:15 -------- d-----w- c:\users\HP-PC\AppData\Roaming\MPC-HC
2014-03-02 18:15 . 2013-12-01 13:10 257624 ----a-w- c:\windows\system32\unrar64.dll
2014-03-02 18:15 . 2013-12-01 13:10 218200 ----a-w- c:\windows\SysWow64\unrar.dll
2014-03-02 18:15 . 2014-03-02 18:15 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2014-03-01 21:31 . 2014-03-01 21:31 -------- d-----w- c:\program files (x86)\LucasArts
2014-02-17 17:20 . 2014-02-17 17:20 -------- d-----w- c:\program files\CCleaner
2014-02-15 15:31 . 2014-02-15 16:12 -------- d-----w- c:\program files (x86)\Sniper Elite
2014-02-13 20:41 . 2013-11-01 05:53 2232664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-13 20:37 . 2014-01-12 23:30 2238976 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 20:37 . 2013-11-20 00:15 3842560 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 20:37 . 2014-01-12 23:30 2032640 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 20:37 . 2013-11-19 23:57 3288576 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-09 19:27 . 2014-02-09 19:29 -------- d-----w- c:\program files (x86)\SAW
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-05 06:11 . 2013-12-06 10:36 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-02-18 06:55 . 2013-12-14 12:03 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-17 22:03 . 2013-12-12 08:47 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:03 . 2013-12-12 08:47 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-11 16:53 . 2014-01-04 09:57 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-11 16:53 . 2013-12-10 20:53 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-11 16:53 . 2013-12-10 20:53 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-11 16:53 . 2013-12-10 20:53 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-11 16:53 . 2013-12-10 20:53 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-11 16:53 . 2013-12-10 20:52 43152 ----a-w- c:\windows\avastSS.scr
2014-01-29 09:24 . 2014-01-29 09:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-04 21:00 . 2013-12-06 10:36 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-01-04 09:57 . 2013-12-10 20:53 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-12 08:20 . 2013-12-12 08:20 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-11 20:45 . 2013-12-11 20:45 614400 ----a-w- c:\windows\AutoKMS.exe
2013-12-10 20:52 . 2013-12-10 20:53 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-10 20:52 . 2013-12-10 20:53 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-10 20:06 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-07 06:37 . 2014-01-15 06:45 688640 ----a-w- c:\windows\system32\WSShared.dll
2013-12-07 06:37 . 2014-01-15 06:45 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-07 05:15 . 2014-01-15 06:45 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
2013-12-07 05:15 . 2014-01-15 06:45 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\users\HP-PC\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\HP-PC\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-05-19 1371648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 642728]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-02 491120]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-11 3767096]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:31bdc873ce /wow /dir:C:\Program
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 16:50 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-15 18:52]
.
2014-03-06 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2013-12-11 20:45]
.
2014-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10 20:33]
.
2014-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10 20:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-11 16:53 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-09-19 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-19 1425408]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=13415
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\HP-PC\AppData\Roaming\Mozilla\Firefox\Profiles\tg9y4ic4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{FF27F674-821E-4BA2-985B-DDF539C2CD03} - c:\program files (x86)\InstallShield Installation Information\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\users\HP-PC\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-03-06 21:38:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-06 20:38
ComboFix2.txt 2014-03-06 18:42
.
Před spuštěním: 677 212 770 304 bytes free
Po spuštění: 677 049 831 424 bytes free
.
- - End Of File - - D749FC410DD2495C991301B1CA840DEE
5FB38429D5D77768867C76DCBDB35194

#6 Příspěvek od **Rudy** » 06 bře 2014 22:38

Skript byl chybně uložen (CFScript.txt.txt) a CF nemazal. Zkopírujte znovu a skript uložte jako CFScript.txt a postup opakujte.

Gladiator91 · #7 Příspěvek od **Gladiator91** » 06 bře 2014 22:40

Chybka se vloudila

promiň Rudy, ráno provedu opravu.

#8 Příspěvek od **Rudy** » 06 bře 2014 22:51

OK. Pak na to kouknu.

Gladiator91 · #9 Příspěvek od **Gladiator91** » 07 bře 2014 07:58

ComboFix 14-03-05.01 - HP-PC . 03. 2014 7:54.3.8 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.6097.4795 [GMT 1:00]
Spuštěný z: c:\users\HP-PC\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\HP-PC\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\AutoKMS.exe"
"c:\windows\KMSEmulator.exe"
"c:\windows\Tasks\AutoKMS.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP-PC\AppData\Local\assembly\tmp
c:\windows\AutoKMS.exe
c:\windows\KMSEmulator.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-07 do 2014-03-07 )))))))))))))))))))))))))))))))
.
.
2014-03-07 06:58 . 2014-03-07 06:58 -------- d-----w- c:\users\hp\AppData\Local\temp
2014-03-07 06:58 . 2014-03-07 06:58 -------- d-----w- c:\users\HP-PC\AppData\Local\temp
2014-03-07 06:58 . 2014-03-07 06:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-06 20:28 . 2014-03-06 20:28 252080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10235.bin
2014-03-06 16:40 . 2014-03-06 16:45 -------- d-----w- c:\program files\trend micro
2014-03-06 16:40 . 2014-03-06 16:40 -------- d-----w- C:\rsit
2014-03-02 19:34 . 2014-03-02 19:34 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2014-03-02 18:15 . 2014-03-02 18:15 -------- d-----w- c:\users\HP-PC\AppData\Roaming\MPC-HC
2014-03-02 18:15 . 2013-12-01 13:10 257624 ----a-w- c:\windows\system32\unrar64.dll
2014-03-02 18:15 . 2013-12-01 13:10 218200 ----a-w- c:\windows\SysWow64\unrar.dll
2014-03-02 18:15 . 2014-03-02 18:15 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2014-03-01 21:31 . 2014-03-01 21:31 -------- d-----w- c:\program files (x86)\LucasArts
2014-02-17 17:20 . 2014-02-17 17:20 -------- d-----w- c:\program files\CCleaner
2014-02-15 15:31 . 2014-02-15 16:12 -------- d-----w- c:\program files (x86)\Sniper Elite
2014-02-13 20:41 . 2013-11-01 05:53 2232664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-13 20:37 . 2014-01-12 23:30 2238976 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 20:37 . 2013-11-20 00:15 3842560 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 20:37 . 2014-01-12 23:30 2032640 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 20:37 . 2013-11-19 23:57 3288576 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-09 19:27 . 2014-02-09 19:29 -------- d-----w- c:\program files (x86)\SAW
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-05 06:11 . 2013-12-06 10:36 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-02-18 06:55 . 2013-12-14 12:03 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-17 22:03 . 2013-12-12 08:47 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:03 . 2013-12-12 08:47 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-11 16:53 . 2014-01-04 09:57 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-11 16:53 . 2013-12-10 20:53 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-11 16:53 . 2013-12-10 20:53 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-11 16:53 . 2013-12-10 20:53 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-11 16:53 . 2013-12-10 20:53 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-11 16:53 . 2013-12-10 20:52 43152 ----a-w- c:\windows\avastSS.scr
2014-01-29 09:24 . 2014-01-29 09:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-04 21:00 . 2013-12-06 10:36 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-01-04 09:57 . 2013-12-10 20:53 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-12 08:20 . 2013-12-12 08:20 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-10 20:52 . 2013-12-10 20:53 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-10 20:52 . 2013-12-10 20:53 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-10 20:06 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\users\HP-PC\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\HP-PC\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-05-19 1371648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 642728]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-02 491120]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-11 3767096]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:31bdc873ce /wow /dir:C:\Program
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 16:50 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-15 18:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-11 16:53 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-09-19 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-19 1425408]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=13415
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\HP-PC\AppData\Roaming\Mozilla\Firefox\Profiles\tg9y4ic4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{FF27F674-821E-4BA2-985B-DDF539C2CD03} - c:\program files (x86)\InstallShield Installation Information\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\users\HP-PC\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-03-07 08:03:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-07 07:03
ComboFix2.txt 2014-03-06 20:38
ComboFix3.txt 2014-03-06 18:42
.
Před spuštěním: 677 198 610 432 bytes free
Po spuštění: 677 118 193 664 bytes free
.
- - End Of File - - 767207F7F825F4580262E430381CE77E
5FB38429D5D77768867C76DCBDB35194

#10 Příspěvek od **Rudy** » 07 bře 2014 20:01

Teď je to OK. Nastala nějaká změna?

Gladiator91 · #11 Příspěvek od **Gladiator91** » 07 bře 2014 20:26

No ráno jsem to zapnul a nic nehulákalo, během večerního zapnutí taky ne. Dokonce i net naskakuje hned a není potřeba restart. No uvidíme, dáme tomu pár dní

mockrát děkuji Rudy

#12 Příspěvek od **Rudy** » 07 bře 2014 20:54

Rádo se stalo!

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu