prosiim velmi o kontrolu dakujem

Zpráva

#16 Příspěvek od **Márty84** » 16 lis 2014 12:09

Napiste mi velikost adresare plochy (C:\Users\Matúško\Desktop)

Vypnete antivir, at nebrani programu v praci.

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
MBAMSwissArmy
cayppcuv
AdobeARMservice
c2cautoupdatesvc
c2cpnrsvc
24c54e38
SkypeUpdate
AdobeFlashPlayerUpdateSvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForMATÚŠKO-HP$.job
C:\Windows\tasks\HPCeeScheduleForMatúško.job
C:\ProgramData\Malwarebytes
C:\Program Files\Malwarebytes Anti-Malware

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3504120799-235515105-3403354350-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
O4 - HKLM..\Run: [] File not found
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
[32 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Local\SoftGrid Client\140066.SKY-90140011-66-41B\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Local\SoftGrid Client\140066.SKY-90140011-66-41B\*.tmp -> ]
[7 C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\*.tmp -> ]
[17 C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp -> ]

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

luko · #17 Příspěvek od **luko** » 16 lis 2014 12:48

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: Matúško
->Temp folder emptied: 3157773 bytes
->Temporary Internet Files folder emptied: 2207905 bytes
->Java cache emptied: 55645 bytes
->Google Chrome cache emptied: 359123311 bytes
->Flash cache emptied: 595 bytes

User: Public

%systemdrive% .tmp files removed: 687 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3041248 bytes
RecycleBin emptied: 2140160 bytes

Total Files Cleaned = 353,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Guest

User: Matúško
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service MBAMSwissArmy stopped successfully!
Service MBAMSwissArmy deleted successfully!
Service cayppcuv stopped successfully!
Service cayppcuv deleted successfully!
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service c2cautoupdatesvc stopped successfully!
Service c2cautoupdatesvc deleted successfully!
Service c2cpnrsvc stopped successfully!
Service c2cpnrsvc deleted successfully!
Service 24c54e38 stopped successfully!
Service 24c54e38 deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\HPCeeScheduleForMATÚŠKO-HP$.job moved successfully.
C:\Windows\tasks\HPCeeScheduleForMatúško.job moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes folder moved successfully.
C:\Program Files\Malwarebytes Anti-Malware\imageformats folder moved successfully.
C:\Program Files\Malwarebytes Anti-Malware folder moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3504120799-235515105-3403354350-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll moved successfully.
File C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skypec2c\ deleted successfully.
File C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Program Files\GUM4811.tmp folder deleted successfully.
C:\Program Files\GUT4831.tmp deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17F1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EE9.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP20C0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21F2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP343B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4360.tmp\System.IO.Log.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4360.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP49D1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5DD9.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5F36.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6691.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7243.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7C7F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8DCD.tmp\WindowsLiveWriter.exe deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8DCD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9819.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9DB7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E9B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA377.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA58B.tmp\System.Web.DynamicData.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA58B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA6E9.tmp\MMCEx.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA6E9.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA6ED.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA8C2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB06F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0D7.tmp\System.Deployment.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0D7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC6A1.tmp\System.Data.Services.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC6A1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCE9A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD25B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE4A3.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE9F7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF522.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFBB5.tmp folder deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\SoftGrid Client\140066.SKY-90140011-66-41B\UsrVol_sftfs_v1.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\sho17C6.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\sho45B7.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\sho7F7F.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\shoDDF0.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\shoDFDC.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\shoF651.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\shoFCE.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\ico20DF.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\ico281C.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\ico2D35.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\ico31BB.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\ico52B3.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\ico5DA7.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\ico8866.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoA229.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoA565.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoAC96.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoAE9B.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoD8B4.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoED2D.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoF1C8.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoF2F0.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoFCA8.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoFFE1.tmp deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 11162014_123616

Files\Folders moved on Reboot...
C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#18 Příspěvek od **Márty84** » 16 lis 2014 12:51

Márty84 píše: Napiste mi velikost adresare plochy (C:\Users\Matúško\Desktop)

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

luko · #19 Příspěvek od **luko** » 16 lis 2014 12:59

C:\Users\Matúško\Desktop ma 41,6gb

luko · #20 Příspěvek od **luko** » 16 lis 2014 13:35

ComboFix 14-11-15.01 - Matúško . 11. 2014 13:11:10.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.421.1051.18.1012.284 [GMT 1:00]
Running from: c:\users\Mat˙Üko\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
C:\torrent.exe
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\TsCO.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc\2.0\HOx.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn\2.0\iP8wzNp9R.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\TsCO.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg\2.0\cxiRzOLZV.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\TsCO.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\TsCO.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc\2.0\HOx.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ckgdjghkghdinihnnpoblibiaijnhkmc\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn\2.0\iP8wzNp9R.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jfaocbpdfapkhdflaibhjhfcbgnboenn\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\TsCO.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg\2.0\cxiRzOLZV.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkfacdjmapfpbhlpokbkpolcdigdjgmg\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\189\TsCO.js
c:\users\Matúško\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dddnogbnehhibmgaomapelniijieapon_0.localstorage
c:\users\Matúško\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_foidhhdbemgpefaimcnajpcknhjndpok_0.localstorage
c:\users\Matúško\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chcjmggidmfcpmijonddkdanjdafgain_0.localstorage
c:\users\Matúško\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ofojbjgaaddibdfpmmjeonahgbacejid_0.localstorage-journal
c:\users\Matúško\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ofojbjgaaddibdfpmmjeonahgbacejid_0.localstorage
c:\users\Matúško\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((( Files Created from 2014-10-16 to 2014-11-16 )))))))))))))))))))))))))))))))
.
.
2014-11-16 12:26 . 2014-11-16 12:26 -------- d-----w- c:\users\Matúško\AppData\Local\temp
2014-11-16 12:26 . 2014-11-16 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-16 11:45 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DAD82EF-3DEF-457E-A7B2-B37634F90A80}\mpengine.dll
2014-11-16 11:36 . 2014-11-16 11:36 -------- d-----w- C:\_OTL
2014-11-16 08:57 . 2014-11-16 08:57 512 ----a-w- C:\PhysicalMBR.bin
2014-11-14 07:10 . 2014-09-17 06:39 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63D791C7-0C46-4C03-A973-D9CFBBE3A353}\gapaengine.dll
2014-11-14 06:32 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-13 08:19 . 2014-11-15 12:13 -------- d-----w- C:\AdwCleaner
2014-11-13 07:44 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 07:44 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 07:44 . 2014-10-03 01:44 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 07:44 . 2014-10-03 01:44 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 07:44 . 2014-10-03 01:44 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 07:44 . 2014-10-03 01:44 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 07:44 . 2014-10-03 01:44 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-13 07:44 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 07:44 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 07:43 . 2014-10-10 00:45 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-11-13 07:43 . 2014-09-19 09:23 248832 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 07:43 . 2014-09-19 09:23 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-13 07:43 . 2014-09-19 09:23 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-13 07:43 . 2014-09-19 09:23 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-11-13 07:43 . 2014-09-19 09:23 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-13 07:43 . 2014-09-19 09:23 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-13 07:43 . 2014-09-19 09:23 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-13 07:42 . 2014-10-25 01:32 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-13 07:42 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 07:42 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 07:42 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-13 07:42 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 07:42 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-08 17:17 . 2014-11-08 17:17 -------- d-----w- c:\program files\Common Files\Java
2014-11-08 17:17 . 2014-11-08 17:17 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-08 17:16 . 2014-11-08 17:16 -------- d-----w- c:\program files\Java
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Matúško\AppData\Local\Comodo
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Guest
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 19:19 . 2012-04-19 09:36 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-13 19:19 . 2012-04-19 09:36 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24 . 2012-04-19 08:27 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-10 01:44 . 2014-10-17 09:33 230912 ----a-w- c:\windows\system32\generaltel.dll
2014-10-10 01:44 . 2014-10-17 09:33 396288 ----a-w- c:\windows\system32\aepdu.dll
2014-10-10 01:39 . 2014-10-17 09:33 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-25 01:40 . 2014-10-01 10:18 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-18 01:32 . 2014-10-17 09:30 2363904 ----a-w- c:\windows\system32\msi.dll
2014-09-17 06:39 . 2012-06-12 14:54 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 21:47 . 2014-09-23 18:21 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04 . 2014-10-17 09:33 372736 ----a-w- c:\windows\system32\rastls.dll
2014-09-02 07:03 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:46 . 2014-08-28 07:13 305152 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-02 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-18 2217256]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-06-30 1138780]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-01 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-01 302240]
"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-04-08 78904]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-11-11 21720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-08-21 16:30 959176 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
2012-03-05 12:38 578944 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 197224]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswKbd;aswKbd; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-01 72864]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 246840]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-05-13 270624]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 34976]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
S3 BthMtpEnum;Bluetooth MTP Device Enumerator;c:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 51200]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-30 327272]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 17:57 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-16 13:31:33
ComboFix-quarantined-files.txt 2014-11-16 12:31
.
Pre-Run: 210 972 246 016 bytes free
Post-Run: 210 630 324 224 bytes free
.
- - End Of File - - D3E15572DD79DE85C3D60A161137F6F3
A36C5E4F47E84449FF07ED3517B43A31

#21 Příspěvek od **Márty84** » 16 lis 2014 14:08

luko píše:C:\Users\Matúško\Desktop ma 41,6gb

Velikost plochy by nemela preshovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku

Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )!

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

Regnull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

luko · #22 Příspěvek od **luko** » 16 lis 2014 15:44

ComboFix 14-11-15.01 - Matúško . 11. 2014 15:18:52.2.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.421.1051.18.1012.253 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matúško\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((( Files Created from 2014-10-16 to 2014-11-16 )))))))))))))))))))))))))))))))
.
.
2014-11-16 14:32 . 2014-11-16 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-16 13:20 . 2014-11-16 14:03 -------- d-----w- C:\Matúško
2014-11-16 12:31 . 2014-11-16 14:35 -------- d-----w- c:\users\Matúško\AppData\Local\temp
2014-11-16 11:45 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DAD82EF-3DEF-457E-A7B2-B37634F90A80}\mpengine.dll
2014-11-16 11:36 . 2014-11-16 11:36 -------- d-----w- C:\_OTL
2014-11-16 08:57 . 2014-11-16 08:57 512 ----a-w- C:\PhysicalMBR.bin
2014-11-14 07:10 . 2014-09-17 06:39 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63D791C7-0C46-4C03-A973-D9CFBBE3A353}\gapaengine.dll
2014-11-14 06:32 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-13 08:19 . 2014-11-15 12:13 -------- d-----w- C:\AdwCleaner
2014-11-13 07:44 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 07:44 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 07:44 . 2014-10-03 01:44 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 07:44 . 2014-10-03 01:44 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 07:44 . 2014-10-03 01:44 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 07:44 . 2014-10-03 01:44 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 07:44 . 2014-10-03 01:44 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-13 07:44 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 07:44 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 07:43 . 2014-10-10 00:45 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-11-13 07:43 . 2014-09-19 09:23 248832 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 07:43 . 2014-09-19 09:23 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-13 07:43 . 2014-09-19 09:23 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-13 07:43 . 2014-09-19 09:23 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-11-13 07:43 . 2014-09-19 09:23 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-13 07:43 . 2014-09-19 09:23 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-13 07:43 . 2014-09-19 09:23 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-13 07:42 . 2014-10-25 01:32 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-13 07:42 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 07:42 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 07:42 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-13 07:42 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 07:42 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-08 17:17 . 2014-11-08 17:17 -------- d-----w- c:\program files\Common Files\Java
2014-11-08 17:17 . 2014-11-08 17:17 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-08 17:16 . 2014-11-08 17:16 -------- d-----w- c:\program files\Java
2014-11-08 14:32 . 2014-11-08 22:30 -------- d-----w- c:\users\Matúško\xperiaz
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Matúško\AppData\Local\Comodo
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Guest
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 19:19 . 2012-04-19 09:36 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-13 19:19 . 2012-04-19 09:36 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24 . 2012-04-19 08:27 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-10 01:44 . 2014-10-17 09:33 230912 ----a-w- c:\windows\system32\generaltel.dll
2014-10-10 01:44 . 2014-10-17 09:33 396288 ----a-w- c:\windows\system32\aepdu.dll
2014-10-10 01:39 . 2014-10-17 09:33 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-25 01:40 . 2014-10-01 10:18 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-18 01:32 . 2014-10-17 09:30 2363904 ----a-w- c:\windows\system32\msi.dll
2014-09-17 06:39 . 2012-06-12 14:54 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 21:47 . 2014-09-23 18:21 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04 . 2014-10-17 09:33 372736 ----a-w- c:\windows\system32\rastls.dll
2014-09-02 07:03 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:46 . 2014-08-28 07:13 305152 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-02 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-18 2217256]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-06-30 1138780]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-01 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-01 302240]
"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-04-08 78904]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-11-11 21720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
2012-03-05 12:38 578944 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 197224]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswKbd;aswKbd; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-01 72864]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 246840]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-05-13 270624]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 34976]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
S3 BthMtpEnum;Bluetooth MTP Device Enumerator;c:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 51200]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-30 327272]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 17:57 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(588)
c:\program files\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\sppsvc.exe
c:\program files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
.
**************************************************************************
.
Completion time: 2014-11-16 15:42:02 - machine was rebooted
ComboFix-quarantined-files.txt 2014-11-16 14:41
ComboFix2.txt 2014-11-16 13:31
.
Pre-Run: 158 396 899 328 bytes free
Post-Run: 158 349 639 680 bytes free
.
- - End Of File - - 2B097452065CB0F4D865B57557424A52
A36C5E4F47E84449FF07ED3517B43A31

#23 Příspěvek od **Márty84** » 16 lis 2014 16:11

Jeste jednou, s timto skriptem, mel jsem tam chybku a CF tak neopravil co jsem chtel

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

luko · #24 Příspěvek od **luko** » 17 lis 2014 09:06

ComboFix 14-11-15.01 - Matúško . 11. 2014 23:29:16.3.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.421.1051.18.1012.292 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: c:\users\Mat˙Üko\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matúško\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((( Files Created from 2014-10-16 to 2014-11-16 )))))))))))))))))))))))))))))))
.
.
2014-11-16 23:05 . 2014-11-16 23:06 -------- d-----w- c:\users\Matúško\AppData\Local\temp
2014-11-16 23:05 . 2014-11-16 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-16 13:20 . 2014-11-16 14:03 -------- d-----w- C:\Matúško
2014-11-16 11:45 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DAD82EF-3DEF-457E-A7B2-B37634F90A80}\mpengine.dll
2014-11-16 11:36 . 2014-11-16 11:36 -------- d-----w- C:\_OTL
2014-11-16 08:57 . 2014-11-16 08:57 512 ----a-w- C:\PhysicalMBR.bin
2014-11-14 07:10 . 2014-09-17 06:39 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63D791C7-0C46-4C03-A973-D9CFBBE3A353}\gapaengine.dll
2014-11-14 06:32 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-13 08:19 . 2014-11-15 12:13 -------- d-----w- C:\AdwCleaner
2014-11-13 07:44 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 07:44 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 07:44 . 2014-10-03 01:44 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 07:44 . 2014-10-03 01:44 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 07:44 . 2014-10-03 01:44 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 07:44 . 2014-10-03 01:44 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 07:44 . 2014-10-03 01:44 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-13 07:44 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 07:44 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 07:43 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-13 07:43 . 2014-10-10 00:45 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-11-13 07:43 . 2014-09-19 09:23 248832 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 07:43 . 2014-09-19 09:23 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-13 07:43 . 2014-09-19 09:23 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-13 07:43 . 2014-09-19 09:23 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-11-13 07:43 . 2014-09-19 09:23 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-13 07:43 . 2014-09-19 09:23 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-13 07:43 . 2014-09-19 09:23 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-13 07:42 . 2014-11-05 17:50 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-13 07:42 . 2014-11-05 17:50 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-13 07:42 . 2014-11-05 17:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-11-13 07:42 . 2014-10-25 01:32 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-13 07:42 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 07:42 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 07:42 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-13 07:42 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 07:42 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-08 17:17 . 2014-11-08 17:17 -------- d-----w- c:\program files\Common Files\Java
2014-11-08 17:17 . 2014-11-08 17:17 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-08 17:16 . 2014-11-08 17:16 -------- d-----w- c:\program files\Java
2014-11-08 14:32 . 2014-11-08 22:30 -------- d-----w- c:\users\Matúško\xperiaz
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Matúško\AppData\Local\Comodo
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Guest
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 19:19 . 2012-04-19 09:36 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-13 19:19 . 2012-04-19 09:36 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24 . 2012-04-19 08:27 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 01:40 . 2014-10-01 10:18 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-17 06:39 . 2012-06-12 14:54 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 21:47 . 2014-09-23 18:21 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04 . 2014-10-17 09:33 372736 ----a-w- c:\windows\system32\rastls.dll
2014-09-02 07:03 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:46 . 2014-08-28 07:13 305152 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-02 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-18 2217256]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-06-30 1138780]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-01 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-01 302240]
"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-04-08 78904]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-11-11 21720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
2012-03-05 12:38 578944 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 197224]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswKbd;aswKbd; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-01 72864]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 246840]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-05-13 270624]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 34976]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
S3 BthMtpEnum;Bluetooth MTP Device Enumerator;c:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 51200]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-30 327272]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 17:57 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-17 00:11:57
ComboFix-quarantined-files.txt 2014-11-16 23:11
ComboFix2.txt 2014-11-16 14:42
ComboFix3.txt 2014-11-16 13:31
.
Pre-Run: 158 799 376 384 bytes free
Post-Run: 158 773 735 424 bytes free
.
- - End Of File - - DE51EB8093F7B748FB159AABDEC9EE01
A36C5E4F47E84449FF07ED3517B43A31

luko · #25 Příspěvek od **luko** » 17 lis 2014 09:07

tak tu je ten druhy log dufam ze je to spravne

#26 Příspěvek od **Márty84** » 17 lis 2014 09:32

Neni, protoze jste nemel skript na C, jak se pise v navodu, ale byl na plose

luko píše:Running from: C:\ComboFix.exe
Command switches used :: c:\users\Mat˙Üko\Desktop\CFScript.txt

luko · #27 Příspěvek od **luko** » 17 lis 2014 12:06

ComboFix 14-11-15.01 - Matúško . 11. 2014 10:28:02.4.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.421.1051.18.1012.384 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matúško\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((( Files Created from 2014-10-17 to 2014-11-17 )))))))))))))))))))))))))))))))
.
.
2014-11-17 09:41 . 2014-11-17 09:44 -------- d-----w- c:\users\Matúško\AppData\Local\temp
2014-11-17 09:41 . 2014-11-17 09:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-16 23:12 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA99F43C-288E-4F2B-BE7F-1B26E1094265}\mpengine.dll
2014-11-16 13:20 . 2014-11-16 14:03 -------- d-----w- C:\Matúško
2014-11-16 11:45 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-16 11:36 . 2014-11-16 11:36 -------- d-----w- C:\_OTL
2014-11-16 08:57 . 2014-11-16 08:57 512 ----a-w- C:\PhysicalMBR.bin
2014-11-14 07:10 . 2014-09-17 06:39 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63D791C7-0C46-4C03-A973-D9CFBBE3A353}\gapaengine.dll
2014-11-13 08:19 . 2014-11-15 12:13 -------- d-----w- C:\AdwCleaner
2014-11-13 07:44 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 07:44 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 07:44 . 2014-10-03 01:44 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 07:44 . 2014-10-03 01:44 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 07:44 . 2014-10-03 01:44 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 07:44 . 2014-10-03 01:44 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 07:44 . 2014-10-03 01:44 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-13 07:44 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 07:44 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 07:43 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-13 07:43 . 2014-10-10 00:45 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-11-13 07:43 . 2014-09-19 09:23 248832 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 07:43 . 2014-09-19 09:23 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-13 07:43 . 2014-09-19 09:23 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-13 07:43 . 2014-09-19 09:23 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-11-13 07:43 . 2014-09-19 09:23 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-13 07:43 . 2014-09-19 09:23 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-13 07:43 . 2014-09-19 09:23 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-13 07:42 . 2014-11-05 17:50 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-13 07:42 . 2014-11-05 17:50 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-13 07:42 . 2014-11-05 17:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-11-13 07:42 . 2014-10-25 01:32 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-13 07:42 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 07:42 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 07:42 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-13 07:42 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 07:42 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-08 17:17 . 2014-11-08 17:17 -------- d-----w- c:\program files\Common Files\Java
2014-11-08 17:17 . 2014-11-08 17:17 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-08 17:16 . 2014-11-08 17:16 -------- d-----w- c:\program files\Java
2014-11-08 14:32 . 2014-11-08 22:30 -------- d-----w- c:\users\Matúško\xperiaz
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Matúško\AppData\Local\Comodo
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Guest
2014-11-06 19:21 . 2014-11-06 19:21 -------- d-----w- c:\users\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 19:19 . 2012-04-19 09:36 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-13 19:19 . 2012-04-19 09:36 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24 . 2012-04-19 08:27 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 01:40 . 2014-10-01 10:18 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-17 06:39 . 2012-06-12 14:54 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 21:47 . 2014-09-23 18:21 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04 . 2014-10-17 09:33 372736 ----a-w- c:\windows\system32\rastls.dll
2014-09-02 07:03 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:46 . 2014-08-28 07:13 305152 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-02 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-18 2217256]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-06-30 1138780]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-01 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-01 302240]
"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-04-08 78904]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-11-11 21720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
2012-03-05 12:38 578944 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 197224]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswKbd;aswKbd; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-01 72864]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 246840]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-05-13 270624]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 34976]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
S3 BthMtpEnum;Bluetooth MTP Device Enumerator;c:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 51200]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-30 327272]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 17:57 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1480)
c:\program files\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\sppsvc.exe
c:\program files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
.
**************************************************************************
.
Completion time: 2014-11-17 10:50:15 - machine was rebooted
ComboFix-quarantined-files.txt 2014-11-17 09:50
ComboFix2.txt 2014-11-16 23:11
ComboFix3.txt 2014-11-16 14:42
ComboFix4.txt 2014-11-16 13:31
.
Pre-Run: 158 375 329 792 bytes free
Post-Run: 158 348 664 832 bytes free
.
- - End Of File - - 24AE4B7F1E62B96C3E492DD8A6A781AA
A36C5E4F47E84449FF07ED3517B43A31

#28 Příspěvek od **Márty84** » 17 lis 2014 12:52

Vyborne

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

vyosek píše: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
Stahnete a spustte

Pro potvrzeni volby mackejte A, Enter

Po pouziti utilitu smazte

Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak je na tom pc.

luko · #29 Příspěvek od **luko** » 18 lis 2014 21:06

zdravim tak pocitac je na tom omnoho lepsie vsetko ide ako ma......dakujem vam velmi pekne za vsetky rady

#30 Příspěvek od **Márty84** » 18 lis 2014 21:10

To jsem rad

Nemate zac!

Mejte se a treba zase nekdy

VIRY.CZ

prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem

Re: prosiim velmi o kontrolu dakujem