PC bezi, ale pomaleji

[altrok]

Prozkoumame to dukladne, at virovou moznost vyloucime.

Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Spuste dvojklikem a extrahujte na plochu
• kliknete na Next
• Aktualizujte virovou databazi klikem na Update a pokracujte na Next
• Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
• zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
• kliknete na Cleanup a souhlaste s restartem - Yes
• obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

[Radek04]

Napsalo to jen "Scan finished. No malware found."

[altrok]

Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

• http://download.bleepingcomputer.com/grinler/rkill.exe
• http://download.bleepingcomputer.com/grinler/rkill.com
• obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
• nerestartujte ted pocitac jinak prijdete o ucinek rkillu

POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE
Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete antiviry a vsechny real-time ochrany
• spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
• s licencnimi podminkami souhlaste - Ano
• pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
• v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna ComboFixu neklikejte
• vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

[Radek04]

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/23/2015 07:26:43 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 05/23/2015 07:27:41 PM
Execution time: 0 hours(s), 0 minute(s), and 58 seconds(s)
------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 15-05-19.01 - Radek 23.05.2015 19:30:58.1.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.6194 [GMT 2:00]
Spuštěný z: c:\users\Radek\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Radek\AppData\Roaming\Local
c:\users\Radek\AppData\Roaming\Local\Microsoft\Windows\GameExplorer\Fallout 3\GameuxInstallHelper.dll
c:\users\Radek\AppData\Roaming\Local\Microsoft\Windows\GameExplorer\GameuxInstallHelper.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-23 do 2015-05-23 )))))))))))))))))))))))))))))))
.
.
2015-05-23 17:38 . 2015-05-23 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-23 11:51 . 2015-05-23 12:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-23 11:51 . 2015-05-23 12:40 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-23 11:50 . 2015-05-23 11:50 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-23 07:13 . 2015-05-23 07:16 -------- d-----w- C:\FRST
2015-05-22 18:25 . 2015-05-23 11:51 -------- d-----w- c:\programdata\Malwarebytes
2015-05-20 16:21 . 2015-05-20 16:21 -------- d-----w- c:\windows\system32\appmgmt
2015-05-17 19:22 . 2015-05-17 19:37 -------- d-----w- c:\users\Radek\AppData\Roaming\Apple Computer
2015-05-17 19:22 . 2015-05-17 19:22 -------- d-----w- c:\users\Radek\AppData\Local\Apple Computer
2015-05-17 19:22 . 2015-05-20 16:23 -------- dc----w- c:\windows\system32\DRVSTORE
2015-05-17 19:21 . 2015-05-20 16:23 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-17 19:21 . 2015-05-17 19:21 -------- d-----w- c:\programdata\Apple Computer
2015-05-17 19:21 . 2015-05-17 19:21 -------- d-----w- c:\users\Radek\AppData\Local\Apple
2015-05-17 19:20 . 2015-05-20 16:25 -------- d-----w- c:\programdata\Apple
2015-05-17 12:14 . 2015-05-17 12:14 -------- d-----w- c:\programdata\NCH Software
2015-05-15 11:11 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{575D0B9F-2B04-43A2-A84C-A5797EB6A8A8}\mpengine.dll
2015-05-14 01:01 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 01:01 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:49 . 2015-04-21 16:39 222720 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2015-05-13 13:48 . 2015-01-29 03:19 2543104 ----a-w- c:\windows\system32\wpdshext.dll
2015-04-28 16:20 . 2015-04-28 16:34 -------- d-----w- c:\users\Radek\AppData\Local\Diagnostics
2015-04-26 14:34 . 2015-04-26 14:36 -------- d-----w- c:\users\Radek\AppData\Roaming\GHISLER
2015-04-26 14:34 . 2015-04-26 14:34 -------- d-----w- C:\totalcmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-23 09:38 . 2015-03-10 17:56 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-05-14 01:03 . 2015-01-27 17:16 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 01:29 . 2015-05-13 13:50 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 13:50 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-04-27 19:23 . 2015-05-14 11:07 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05 . 2015-05-14 11:07 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:04 . 2015-05-14 11:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-23 14:38 . 2015-04-23 14:38 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-23 14:38 . 2014-12-11 21:25 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-23 14:38 . 2014-12-11 21:25 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-23 14:38 . 2014-12-11 21:25 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-23 14:38 . 2014-12-11 21:25 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-23 14:38 . 2014-12-11 21:25 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-23 14:38 . 2014-12-11 21:25 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-23 14:38 . 2014-12-11 21:25 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-23 14:38 . 2015-04-23 14:38 43112 ----a-w- c:\windows\avastSS.scr
2015-04-23 14:38 . 2014-12-11 21:25 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-14 20:02 . 2014-12-27 22:29 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-14 20:02 . 2014-12-27 22:29 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-28 03:44 . 2014-11-23 21:16 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-03-28 03:44 . 2014-11-23 21:16 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-03-28 03:43 . 2014-11-23 21:16 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-03-28 03:43 . 2014-11-23 21:16 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
2015-03-25 03:24 . 2015-04-15 17:36 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 17:36 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 17:36 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 17:36 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 17:36 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 17:36 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 17:36 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 17:36 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 17:36 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 17:36 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 17:36 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 17:36 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 17:36 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 17:36 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 17:36 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 17:36 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 17:36 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 17:36 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 17:36 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 17:36 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 17:36 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 17:36 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 17:36 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 17:36 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 17:36 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 17:36 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 17:36 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 17:36 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 17:36 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 17:36 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 17:35 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 17:35 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 13:48 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 13:48 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 17:35 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 13:48 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 13:48 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 13:48 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:18 . 2015-04-15 17:35 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-02-24 02:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-11 5515496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;d:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-23 07:17 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-27 20:02]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23 20:44]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23 20:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-23 14:38 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-05-23 19:47:25
ComboFix-quarantined-files.txt 2015-05-23 17:47
.
Před spuštěním: Volných bajtů: 48 934 223 872
Po spuštění: Volných bajtů: 48 679 505 920
.
- - End Of File - - 231B2299AD2DB93C427D94C7AF4D2C49
A36C5E4F47E84449FF07ED3517B43A31

[altrok]

Pokud jeste nemate, presunte ComboFix na plochu.

• Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
• zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

  Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
  
• Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Radek04]

ComboFix 15-05-25.01 - Radek 25.05.2015 18:42:17.2.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.6290 [GMT 2:00]
Spuštěný z: c:\users\Radek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Radek\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-25 do 2015-05-25 )))))))))))))))))))))))))))))))
.
.
2015-05-23 11:51 . 2015-05-23 12:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-23 11:51 . 2015-05-23 12:40 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-23 11:50 . 2015-05-23 11:50 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-23 07:13 . 2015-05-23 07:16 -------- d-----w- C:\FRST
2015-05-22 18:25 . 2015-05-23 11:51 -------- d-----w- c:\programdata\Malwarebytes
2015-05-20 16:21 . 2015-05-20 16:21 -------- d-----w- c:\windows\system32\appmgmt
2015-05-17 19:22 . 2015-05-17 19:37 -------- d-----w- c:\users\Radek\AppData\Roaming\Apple Computer
2015-05-17 19:22 . 2015-05-17 19:22 -------- d-----w- c:\users\Radek\AppData\Local\Apple Computer
2015-05-17 19:22 . 2015-05-20 16:23 -------- dc----w- c:\windows\system32\DRVSTORE
2015-05-17 19:21 . 2015-05-20 16:23 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-17 19:21 . 2015-05-17 19:21 -------- d-----w- c:\programdata\Apple Computer
2015-05-17 19:21 . 2015-05-17 19:21 -------- d-----w- c:\users\Radek\AppData\Local\Apple
2015-05-17 19:20 . 2015-05-20 16:25 -------- d-----w- c:\programdata\Apple
2015-05-17 12:14 . 2015-05-17 12:14 -------- d-----w- c:\programdata\NCH Software
2015-05-15 11:11 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{575D0B9F-2B04-43A2-A84C-A5797EB6A8A8}\mpengine.dll
2015-05-14 01:01 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 01:01 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:49 . 2015-04-21 16:39 222720 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2015-05-13 13:48 . 2015-01-29 03:19 2543104 ----a-w- c:\windows\system32\wpdshext.dll
2015-04-28 16:20 . 2015-04-28 16:34 -------- d-----w- c:\users\Radek\AppData\Local\Diagnostics
2015-04-26 14:34 . 2015-04-26 14:36 -------- d-----w- c:\users\Radek\AppData\Roaming\GHISLER
2015-04-26 14:34 . 2015-04-26 14:34 -------- d-----w- C:\totalcmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-25 10:06 . 2015-03-10 17:56 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-05-14 01:03 . 2015-01-27 17:16 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 01:29 . 2015-05-13 13:50 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 13:50 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-04-27 19:23 . 2015-05-14 11:07 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05 . 2015-05-14 11:07 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:04 . 2015-05-14 11:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-23 14:38 . 2015-04-23 14:38 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-23 14:38 . 2014-12-11 21:25 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-23 14:38 . 2014-12-11 21:25 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-23 14:38 . 2014-12-11 21:25 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-23 14:38 . 2014-12-11 21:25 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-23 14:38 . 2014-12-11 21:25 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-23 14:38 . 2014-12-11 21:25 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-23 14:38 . 2014-12-11 21:25 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-23 14:38 . 2015-04-23 14:38 43112 ----a-w- c:\windows\avastSS.scr
2015-04-23 14:38 . 2014-12-11 21:25 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-14 20:02 . 2014-12-27 22:29 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-14 20:02 . 2014-12-27 22:29 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-28 03:44 . 2014-11-23 21:16 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-03-28 03:44 . 2014-11-23 21:16 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-03-28 03:43 . 2014-11-23 21:16 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-03-28 03:43 . 2014-11-23 21:16 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
2015-03-25 03:24 . 2015-04-15 17:36 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 17:36 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 17:36 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 17:36 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 17:36 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 17:36 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 17:36 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 17:36 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 17:36 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 17:36 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 17:36 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 17:36 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 17:36 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 17:36 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 17:36 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 17:36 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 17:36 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 17:36 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 17:36 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 17:36 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 17:36 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 17:36 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 17:36 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 17:36 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 17:36 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 17:36 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 17:36 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 17:36 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 17:36 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 17:36 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 17:35 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 17:35 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 13:48 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 13:48 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 17:35 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 13:48 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 13:48 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 13:48 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:18 . 2015-04-15 17:35 754688 ----a-w- c:\windows\system32\drivers\http.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-11 5515496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;d:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NVSTREAMKMS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-23 07:17 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-27 20:02]
.
2015-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23 20:44]
.
2015-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23 20:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-23 14:38 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Celkový čas: 2015-05-25 19:01:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-25 17:01
ComboFix2.txt 2015-05-23 17:47
.
Před spuštěním: Volných bajtů: 49 057 480 704
Po spuštění: Volných bajtů: 49 212 047 360
.
- - End Of File - - 60DB37B85780E59C192A464EB7FE3389
A36C5E4F47E84449FF07ED3517B43A31

[altrok]

Problem pretrvava?

Jake 3 procesy a do jake miry vytezuji procesor (CPU) nejvic?

[Radek04]

Explorer, AvastUi, NMIndexStoreSvr.....Ted to uz delsi dobu neudelalo. Ale zase jsem take nebyl tak dlouho na PC Myslite, ze to tedy mohlo byt zpusobeno virem? Kdyby se to opakovalo urcite sem jeste napisu Zatim je to v pohode

[altrok]

Aktivni havet v logach nevidim, takze urcite testujte a sledujte