POMOOC

[joskin]

Odvety mi to zatial nevyskočilo

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na kořenový adresář c:\. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Regnull::
[HKEY_USERS\S-1-5-21-1991833841-673970526-4742739-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte rovněž na kořenový adresář c:\ jako CFScript.txt. Pak jej myší přetáhněte v průzkumníku windows (nebo ujiném souborovém manažeru) nad ikonu ComboFix a pusťte CF se spustí a vykoná příkazy ze skriptu.

[joskin]

To mám pridat do toho Combofix ktorý sa vytvoril ten txt subor ?

[Rudy]

Ano. Přetáhněte nad ikonu CF a pusťte. CF po spuštění vykoná to, co má ve skriptu.

[joskin]

Neviem či to je dobre ale hádam áno ComboFix 15-05-13.01 - Matejičkovci . 05. 2015 20:18:28.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4000.2259 [GMT 2:00]
Running from: c:\users\Matejičkovci\Downloads\ComboFix.exe
Command switches used :: C:\CFScript.txt.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MATEJI~1\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
c:\users\Matejičkovci\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-04-19 to 2015-05-19 )))))))))))))))))))))))))))))))
.
.
2015-05-18 18:34 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AB163F9-B863-445F-8848-79B036759291}\mpengine.dll
2015-05-18 18:19 . 2015-05-19 18:30 -------- d-----w- c:\users\Matejičkovci\AppData\Local\Temp
2015-05-17 16:07 . 2015-03-27 09:32 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB1E9849-F486-4318-A7F3-6396D57FA8A4}\gapaengine.dll
2015-05-17 16:06 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-15 07:28 . 2015-05-18 18:11 -------- d-----w- C:\FRST
2015-05-14 07:22 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 07:22 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:04 . 2015-04-27 19:18 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-13 14:04 . 2015-04-27 19:18 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-13 14:04 . 2015-04-27 19:16 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-05-13 14:04 . 2015-04-27 19:01 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-05-13 14:04 . 2015-04-27 19:01 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-05-13 14:04 . 2015-04-27 18:59 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-05-13 14:04 . 2015-05-05 01:29 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-13 14:04 . 2015-05-05 01:12 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-13 14:04 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-05-13 14:04 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-05-13 14:01 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-05-13 14:01 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-05-13 14:01 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-05-13 14:01 . 2015-04-20 02:11 3204608 ----a-w- c:\windows\system32\win32k.sys
2015-05-13 13:45 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-13 13:36 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-05-13 13:36 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-05-13 13:36 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-13 13:36 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-13 13:36 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-13 13:36 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-13 13:36 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-13 13:36 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-13 13:36 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-13 09:27 . 2015-05-13 09:27 -------- d-----w- c:\programdata\Logs
2015-05-13 07:04 . 2015-03-14 03:21 1632768 ----a-w- c:\windows\system32\dwmcore.dll
2015-05-13 07:04 . 2015-03-14 03:04 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2015-05-13 07:04 . 2015-03-14 03:21 82944 ----a-w- c:\windows\system32\dwmapi.dll
2015-05-13 07:04 . 2015-03-14 03:04 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2015-05-12 15:38 . 2015-05-13 06:53 1672 ----a-w- c:\windows\system32\ASOROSet.bin
2015-05-12 15:23 . 2015-05-18 06:41 -------- d-----w- C:\AdwCleaner
2015-05-10 16:41 . 2015-05-10 16:41 -------- d-----w- c:\users\Matejičkovci\AppData\Local\{CC9E3E2B-8905-4797-84CF-E5E7413F4DCA}
2015-05-06 11:24 . 2015-05-12 15:14 -------- d-----w- c:\programdata\SystemExplorer
2015-05-06 11:24 . 2015-05-12 15:14 -------- d-----w- c:\program files (x86)\System Explorer
2015-05-05 19:51 . 2015-05-05 19:49 54784 ----a-w- c:\windows\SysWow64\opencl.dll
2015-05-05 19:49 . 2015-05-05 19:49 54784 ----a-w- c:\windows\system32\opencl.dll
2015-05-05 12:48 . 2015-05-05 12:48 963232 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\msvcr120.dll
2015-05-05 12:48 . 2015-05-05 12:48 626176 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libcurl.dll
2015-05-05 12:48 . 2015-05-05 12:48 364544 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\ssleay32.dll
2015-05-05 12:48 . 2015-05-05 12:48 279955 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libidn-11.dll
2015-05-05 12:48 . 2015-05-05 12:48 2418688 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\winnet32b.exe
2015-05-05 12:48 . 2015-05-05 12:48 1704448 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libeay32.dll
2015-05-05 12:48 . 2015-05-05 12:48 148760 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libpdcurses.dll
2015-05-05 12:48 . 2015-05-05 12:48 131598 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\zlib1.dll
2015-05-05 12:48 . 2015-05-05 12:48 119704 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\pthreadGC2.dll
2015-05-05 12:48 . 2015-05-05 12:48 112142 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libgcc_s_dw2-1.dll
2015-05-05 12:48 . 2015-05-05 12:48 494606 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\inet32upd.exe
2015-05-05 12:01 . 2015-05-05 15:49 -------- d-----w- c:\users\Matejičkovci\AppData\Local\Rockstar Games
2015-05-05 12:01 . 2015-05-05 12:01 -------- d--h--r- c:\users\Matejičkovci\AppData\Roaming\SecuROM
2015-05-05 11:57 . 2015-05-12 15:14 -------- d-----w- c:\windows\SysWow64\xlive
2015-05-05 11:57 . 2015-05-12 15:14 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2015-05-05 11:42 . 2015-05-05 16:48 -------- d-----w- c:\program files (x86)\Rockstar Games
2015-05-05 11:33 . 2015-05-05 11:33 -------- d-----w- c:\programdata\DAEMON Tools Lite
2015-05-04 15:27 . 2015-05-04 15:27 -------- d-----w- c:\users\Matejičkovci\Tracing
2015-05-04 15:25 . 2015-05-04 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-05-04 15:25 . 2015-05-18 18:09 -------- d-----r- c:\program files (x86)\Skype
2015-05-04 11:11 . 2015-05-04 11:11 -------- d-----w- c:\users\Matejičkovci\AppData\Roaming\java
2015-05-04 11:11 . 2015-05-19 17:21 -------- d-----w- c:\users\Matejičkovci\AppData\Roaming\.minecraft
2015-05-04 11:10 . 2015-05-19 17:20 -------- d-----w- c:\users\Matejičkovci\GSplay
2015-05-04 11:10 . 2015-05-04 11:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-05-04 11:10 . 2015-05-04 11:09 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-04 11:09 . 2015-05-04 11:10 -------- d-----w- c:\programdata\Oracle
2015-05-04 11:09 . 2015-05-04 11:09 -------- d-----w- c:\program files (x86)\Java
2015-04-30 10:22 . 2015-04-30 10:22 -------- d-----w- c:\users\Matejičkovci\AppData\Local\Unity
2015-04-30 07:55 . 2015-05-18 12:07 -------- d-----w- c:\users\Matejičkovci\AppData\Roaming\uTorrent
2015-04-29 17:13 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2015-04-29 16:55 . 2015-05-05 11:32 -------- d-----w- c:\program files (x86)\Alcohol Soft
2015-04-29 16:50 . 2015-04-29 16:50 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2015-04-29 16:38 . 2015-04-29 16:38 -------- d-----w- c:\users\Matejičkovci\AppData\Local\Disc_Soft_Ltd
2015-04-29 16:35 . 2015-04-29 16:35 30352 ----a-w- c:\windows\system32\drivers\dtultrascsibus.sys
2015-04-29 16:35 . 2015-04-29 16:38 -------- d-----w- c:\users\Matejičkovci\AppData\Roaming\DAEMON Tools Ultra
2015-04-29 16:35 . 2015-04-29 16:35 -------- d-----w- c:\programdata\DAEMON Tools Ultra
2015-04-29 16:31 . 2015-04-29 16:31 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2015-04-22 17:37 . 2008-05-30 12:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-19 18:29 . 2015-01-28 09:20 380 ----a-w- c:\users\Matejičkovci\AppData\Roaming\sp_data.sys
2015-05-19 18:29 . 2015-01-28 09:20 380 ----a-w- c:\users\Matejičkovci\AppData\Roaming\sp_data.sys
2015-05-18 14:14 . 2015-03-03 15:23 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-05-14 07:26 . 2015-01-28 11:09 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-13 09:28 . 2014-04-11 22:08 501712 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2015-05-05 12:48 . 2015-05-05 12:48 963232 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\msvcr120.dll
2015-05-05 12:48 . 2015-05-05 12:48 963232 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\msvcr120.dll
2015-05-05 12:48 . 2015-05-05 12:48 626176 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libcurl.dll
2015-05-05 12:48 . 2015-05-05 12:48 626176 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libcurl.dll
2015-05-05 12:48 . 2015-05-05 12:48 364544 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\ssleay32.dll
2015-05-05 12:48 . 2015-05-05 12:48 364544 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\ssleay32.dll
2015-05-05 12:48 . 2015-05-05 12:48 279955 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libidn-11.dll
2015-05-05 12:48 . 2015-05-05 12:48 279955 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libidn-11.dll
2015-05-05 12:48 . 2015-05-05 12:48 2418688 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\winnet32b.exe
2015-05-05 12:48 . 2015-05-05 12:48 2418688 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\winnet32b.exe
2015-05-05 12:48 . 2015-05-05 12:48 1704448 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libeay32.dll
2015-05-05 12:48 . 2015-05-05 12:48 1704448 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libeay32.dll
2015-05-05 12:48 . 2015-05-05 12:48 148760 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libpdcurses.dll
2015-05-05 12:48 . 2015-05-05 12:48 148760 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libpdcurses.dll
2015-05-05 12:48 . 2015-05-05 12:48 131598 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\zlib1.dll
2015-05-05 12:48 . 2015-05-05 12:48 131598 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\zlib1.dll
2015-05-05 12:48 . 2015-05-05 12:48 119704 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\pthreadGC2.dll
2015-05-05 12:48 . 2015-05-05 12:48 119704 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\pthreadGC2.dll
2015-05-05 12:48 . 2015-05-05 12:48 112142 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libgcc_s_dw2-1.dll
2015-05-05 12:48 . 2015-05-05 12:48 112142 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\libgcc_s_dw2-1.dll
2015-05-05 12:48 . 2015-05-05 12:48 494606 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\inet32upd.exe
2015-05-05 12:48 . 2015-05-05 12:48 494606 ----a-w- c:\users\Matejičkovci\AppData\Roaming\Microsoft\Networking\inet32upd.exe
2015-05-05 01:29 . 2015-05-13 14:04 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 14:04 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-04-27 19:23 . 2015-05-13 14:05 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05 . 2015-05-13 14:05 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:04 . 2015-05-13 14:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-15 12:25 . 2012-06-27 12:17 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 12:25 . 2012-06-27 12:17 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 12:25 . 2015-04-15 12:25 18178736 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-03-27 09:32 . 2015-02-08 18:03 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:24 . 2015-04-15 13:24 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 13:24 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 13:24 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 13:24 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 13:24 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 13:24 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 13:24 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 13:24 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 13:24 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 13:24 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 13:24 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 13:24 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 13:24 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 13:24 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 13:24 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 13:24 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 13:24 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 13:24 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 13:24 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 13:24 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 13:24 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 13:24 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 13:24 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 13:24 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 13:24 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 13:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 13:24 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 13:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 13:24 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 13:24 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 17:34 . 2015-03-04 17:34 280376 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2015-03-04 17:34 . 2014-07-17 17:05 124568 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2015-03-04 04:55 . 2015-04-15 13:22 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 13:22 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 13:36 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 13:36 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 13:22 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 13:36 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 13:36 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 13:36 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-03-03 13:17 . 2015-01-28 09:39 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-25 03:18 . 2015-04-15 13:24 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-02-20 04:41 . 2015-03-11 08:30 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 08:30 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 08:30 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 08:30 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 08:30 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 08:30 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 08:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 08:30 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 08:30 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 08:30 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31280256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-06-27 3331312]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2015-04-20 3391712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe -d [2015-1-28 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\esupport\eDriver\I386\AsPrOb64.sys;c:\esupport\eDriver\I386\AsPrOb64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys;c:\windows\SYSNATIVE\drivers\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 AsusService;Asus Launcher Service;c:\preload64\patch\AsusService.exe;c:\preload64\patch\AsusService.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 dtultrascsibus;DAEMON Tools Ultra Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtultrascsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtultrascsibus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 12:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-06-15 1622016]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\btvstack.exe" [2012-11-29 1023104]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\athbttray.exe" [2012-11-29 801920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matejičkovci\AppData\Roaming\Mozilla\Firefox\Profiles\nvvvigi7.default-1427295293000\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\windows\AsScrPro.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-05-19 20:43:42 - machine was rebooted
ComboFix-quarantined-files.txt 2015-05-19 18:43
.
Pre-Run: 116 461 248 512 bytes free
Post-Run: 115 905 015 808 bytes free
.
- - End Of File - - 35B873DFFE87CEBE4D72DE58E2E98826

[Rudy]

Smazáno. CF přejmenujte na uninstall a spusťte. CF se spustí a odinstaluje. Log je OK.

[joskin]

Okej vyzerá že už to nevyskakuje ďakujem veľmi pekne

[Rudy]

Nemáte zač!