Firefox a reklamní stránky

[Rudy]

Zřejmě jste nesmazal kompletně ty podsložky, neboť reklamy a jiné lahůdky se ukládají do nastavení prohlížečů. Udělejte ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[vaclavka83]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 3.2.2016
Čas skenování: 19:53
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.02.03.05
Databáze rootkitů: v2016.01.20.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: David

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 328078
Uplynulý čas: 4 min, 59 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 3
PUP.Optional.Elex, HKLM\SOFTWARE\CLASSES\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, , [5ff25efe455446f0fae245240cf68878],
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, , [5ff25efe455446f0fae245240cf68878],
PUP.Optional.Elex, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, , [5ff25efe455446f0fae245240cf68878],

Hodnoty registru: 1
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-3002283261-4246282841-1664632397-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://unblockservice.com/wpad.dat?51a7 ... 7395171804, , [de737be1d0c9dd596b7de0030cf6c23e]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[vaclavka83]

Není možné, že by to mohlo vlézt na sync mozilly? Mám tam uložený profil a nastavení, které se pravidelně aktualizují...

[Rudy]

Není možné, že by to mohlo vlézt na sync mozilly? Mám tam uložený profil a nastavení, které se pravidelně aktualizují...

I to je možné. Vše, co našel MBAM, smažte.

[vaclavka83]

Tak jsem myslel, že to už bude vpořádku.... Ale opět na mě vyskočily

[Rudy]

Nemohu si pomoci, problém musí být v podadresářích profilu. Už nemám žádný další fígl na likvidaci. Nebo jste zase byl někde v "temných zákoutích" internetu a znovu jste si něco stáhl.

[vaclavka83]

Nene...... já jsem opatrný, ale nejsem jediný uživatel na PC.... Tak to asi vidím na reinstal Win..... Je možnost přeinstalovat Win a zanechat uložené věci na rozdělené druhé polovine disku? Mám spíše zkušenosti jen z čistou instalací win.... Mám tam jen foto, video, dokumenty a zálohu ovladačů... Je možnost nějak zjistit jestli ten neřád co se ho nemohu zbavyt může být rozlezlý i tam?

[vaclavka83]

Ted jsem zkoušel brouzdat i v internet exploreru tak malvarebytes nějakou vyskakovací stránku bloknul... Takže je to nejspíš i tam....

[Rudy]

Ještě zkusíme ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[vaclavka83]

ComboFix 16-01-31.01 - David 04.02.2016 20:10:35.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4094.1741 [GMT 1:00]
Spuštěný z: c:\users\David\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-01-04 do 2016-02-04 )))))))))))))))))))))))))))))))
.
.
2016-02-04 19:15 . 2016-02-04 19:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-03 19:37 . 2016-02-03 19:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1C994D1-06E6-45BF-AD9D-0DF21FF34104}\offreg.6088.dll
2016-02-03 18:43 . 2016-02-04 19:01 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-03 18:43 . 2016-02-03 18:43 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-02-03 18:43 . 2016-02-03 18:43 -------- d-----w- c:\programdata\Malwarebytes
2016-02-03 18:43 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-03 18:43 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-03 18:43 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-03 17:25 . 2016-02-03 17:25 -------- d-----w- c:\programdata\ATI
2016-02-03 17:25 . 2016-02-03 17:25 0 ----a-w- c:\windows\ativpsrm.bin
2016-02-03 17:16 . 2016-02-03 17:16 -------- d-----w- c:\program files (x86)\AMD AVT
2016-02-03 17:16 . 2016-02-03 17:16 -------- d-----w- c:\program files (x86)\AMD APP
2016-02-03 17:16 . 2016-02-03 17:16 -------- d-----w- c:\program files\Common Files\ATI Technologies
2016-02-03 17:16 . 2016-02-03 17:16 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2016-02-03 17:15 . 2016-02-03 17:16 -------- d-----w- c:\programdata\AMD
2016-02-03 17:15 . 2016-02-03 17:15 -------- d-----w- c:\program files (x86)\ATI Technologies
2016-02-03 17:14 . 2016-02-03 17:15 -------- d-----w- c:\program files\ATI Technologies
2016-02-03 02:36 . 2016-02-03 02:36 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1C994D1-06E6-45BF-AD9D-0DF21FF34104}\offreg.3220.dll
2016-02-03 02:34 . 2016-02-03 02:34 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2016-02-02 17:20 . 2015-12-16 09:15 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1C994D1-06E6-45BF-AD9D-0DF21FF34104}\mpengine.dll
2016-02-02 17:05 . 2016-02-02 17:06 -------- d-----w- c:\program files (x86)\MozBackup
2016-02-01 21:19 . 2016-02-01 21:19 -------- d-----w- c:\windows\SysWow64\config\systemprofile\.oracle_jre_usage
2016-02-01 21:18 . 2016-02-01 20:44 24064 ----a-w- c:\windows\zoek-delete.exe
2016-02-01 20:44 . 2016-02-01 21:12 -------- d-----w- C:\zoek_backup
2016-02-01 18:31 . 2016-02-01 18:31 -------- d-----w- c:\program files\Common Files\Canon
2016-02-01 18:30 . 2016-02-01 18:30 -------- d--h--w- c:\program files\CanonBJ
2016-02-01 11:53 . 2016-02-01 11:53 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2016-02-01 11:41 . 2016-02-01 11:41 -------- d-----w- c:\windows\Sun
2016-02-01 11:39 . 2016-02-01 11:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-02-01 11:39 . 2016-02-01 11:39 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-02-01 11:39 . 2016-02-01 11:40 -------- d-----w- c:\programdata\Oracle
2016-02-01 11:39 . 2016-02-01 11:39 -------- d-----w- c:\program files (x86)\Java
2016-02-01 11:30 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2016-01-31 16:51 . 2016-01-31 16:52 -------- d-----w- C:\AdwCleaner
2016-01-31 15:34 . 2016-01-31 17:21 -------- d-----w- c:\program files\trend micro
2016-01-28 17:49 . 2016-01-28 17:49 -------- d-----w- c:\programdata\boost_interprocess
2016-01-27 17:00 . 2016-02-01 18:50 -------- d-----w- c:\program files\Common Files\Adobe
2016-01-27 17:00 . 2016-02-01 18:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2016-01-22 19:02 . 2016-01-22 19:02 -------- d-----w- c:\programdata\Bohemia Interactive
2016-01-22 19:01 . 2016-01-22 19:01 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2016-01-21 09:57 . 2016-01-21 09:57 -------- d-----w- c:\programdata\Steam
2016-01-20 19:20 . 2016-01-20 19:20 -------- d-----w- c:\programdata\Origin
2016-01-20 18:38 . 2016-01-26 10:42 -------- d-----w- c:\windows\SysWow64\Codecs
2016-01-20 17:53 . 2016-01-20 17:53 -------- d-----w- C:\Live
2016-01-18 16:09 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2016-01-18 16:09 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2016-01-18 16:09 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2016-01-18 16:09 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2016-01-18 16:09 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2016-01-18 16:09 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2016-01-15 06:02 . 2016-01-15 06:02 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2016-01-14 18:17 . 2016-01-14 20:26 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-01-14 18:16 . 2016-01-14 19:33 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-01-13 16:50 . 2015-11-17 01:08 705536 ----a-w- c:\windows\system32\invagent.dll
2016-01-13 16:50 . 2015-11-17 01:08 792064 ----a-w- c:\windows\system32\generaltel.dll
2016-01-13 16:50 . 2015-11-17 01:08 505856 ----a-w- c:\windows\system32\devinv.dll
2016-01-13 16:50 . 2015-11-17 01:08 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-01-12 18:34 . 2016-01-12 18:34 -------- d-----w- c:\windows\cs
2016-01-12 18:34 . 2016-01-12 18:34 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2016-01-12 18:34 . 2016-01-12 18:34 -------- d-----w- c:\windows\PCHEALTH
2016-01-12 18:34 . 2016-01-12 18:34 -------- d-----w- c:\program files (x86)\Windows Live
2016-01-12 18:32 . 2016-01-12 18:32 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2016-01-12 18:31 . 2016-01-12 18:31 -------- d-----w- c:\programdata\Microsoft OneDrive
2016-01-12 18:28 . 2016-01-12 18:28 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2016-01-12 18:24 . 2016-01-12 18:24 -------- d-----w- c:\windows\SysWow64\Wat
2016-01-12 18:24 . 2016-01-12 18:24 -------- d-----w- c:\windows\system32\Wat
2016-01-12 16:21 . 2016-01-12 16:21 -------- d--h--w- c:\programdata\CanonBJ
2016-01-12 16:21 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2016-01-10 16:33 . 2016-01-10 16:33 -------- d-----w- c:\windows\system32\appmgmt
2016-01-10 15:16 . 2016-01-19 22:58 -------- d-----w- c:\programdata\MEGAsync
2016-01-09 18:37 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2016-01-09 18:37 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2016-01-09 18:37 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2016-01-09 18:37 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2016-01-09 18:37 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2016-01-09 18:37 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2016-01-09 18:37 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2016-01-09 18:36 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2016-01-09 18:36 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2016-01-09 18:36 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2016-01-09 18:36 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2016-01-09 18:36 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2016-01-09 18:36 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2016-01-09 18:36 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2016-01-09 18:36 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2016-01-09 18:36 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2016-01-09 18:36 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2016-01-09 18:20 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll
2016-01-09 18:20 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2016-01-09 18:20 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2016-01-09 18:20 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2016-01-09 18:20 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2016-01-09 18:20 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll
2016-01-09 18:20 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
2016-01-09 18:19 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2016-01-09 18:19 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2016-01-09 18:19 . 2015-06-03 20:17 243200 ----a-w- c:\windows\system32\rdpudd.dll
2016-01-09 18:19 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2016-01-09 18:19 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2016-01-09 18:19 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2016-01-09 18:07 . 2015-10-08 23:22 69120 ----a-w- c:\windows\system32\nlsbres.dll
2016-01-09 18:07 . 2015-10-08 23:18 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2016-01-09 18:07 . 2015-10-08 23:18 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2016-01-09 18:07 . 2015-10-08 23:18 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2016-01-09 18:07 . 2015-10-08 23:18 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2016-01-09 18:07 . 2015-10-08 23:18 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2016-01-09 18:07 . 2015-10-08 23:17 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll
2016-01-09 17:52 . 2016-01-13 16:50 -------- d-s---w- c:\windows\system32\CompatTel
2016-01-09 17:52 . 2016-01-13 16:50 -------- d-----w- c:\windows\system32\appraiser
2016-01-09 15:33 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2016-01-09 15:33 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2016-01-09 15:33 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-01-09 15:33 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-01-09 15:33 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2016-01-09 15:33 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2016-01-09 15:33 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll
2016-01-09 15:33 . 2013-10-02 00:14 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2016-01-09 15:33 . 2013-10-02 00:14 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2016-01-09 15:33 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe
2016-01-09 15:33 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe
2016-01-09 15:30 . 2016-01-09 15:30 -------- d-----w- c:\program files (x86)\Microsoft.NET
2016-01-09 15:28 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2016-01-09 15:27 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2016-01-09 15:27 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2016-01-09 15:27 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-12 18:34 . 2012-07-17 13:37 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-12-30 18:37 . 2016-01-13 16:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-12 17:25 . 2016-02-02 10:20 262144 ----a-w- c:\windows\system32\webcheck.dll
2015-12-12 17:02 . 2016-02-02 10:20 230400 ----a-w- c:\windows\SysWow64\webcheck.dll
2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-02 12:18 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-30 12:31 . 2015-11-30 12:31 95848 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-01-14 07:58 1587912 ----a-w- c:\users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-01-14 07:58 1587912 ----a-w- c:\users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-01-14 07:58 1587912 ----a-w- c:\users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\programdata\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-01-08 7021880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-12-22 596528]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 vcdrom;Virtual CD-ROM Device Driver;c:\users\David\Desktop\VCdRom.sys;c:\users\David\Desktop\VCdRom.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ngvss;ngvss; [x]
S0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver;c:\windows\system32\DRIVERS\SamsungRapidDiskFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidDiskFltr.sys [x]
S0 SamsungRapidFSFltr;SamsungRapidFSFltr;c:\windows\system32\DRIVERS\SamsungRapidFSFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidFSFltr.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 SamsungRapidSvc;Samsung RAPID Mode Service;c:\windows\system32\RAPID\SamsungRapidSvc.exe;c:\windows\SYSNATIVE\RAPID\SamsungRapidSvc.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-01-14 07:58 1641664 ----a-w- c:\users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-01-14 07:58 1641664 ----a-w- c:\users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-01-14 07:58 1641664 ----a-w- c:\users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\programdata\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-01-08 13:58 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: mfcr.cz
TCP: DhcpNameServer = 192.168.0.1
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxps://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\l3eosg5v.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-02-04 20:17:39
ComboFix-quarantined-files.txt 2016-02-04 19:17
.
Před spuštěním: Volných bajtů: 71 520 165 888
Po spuštění: Volných bajtů: 71 150 276 608
.
- - End Of File - - 01EB554742A6568B7065656B81C45DDB
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Driver::
ngvss

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[vaclavka83]

Tak hotovo.... Systému se to tedy moc nelíbilo, nechtěl naběhnout. Až po bodu obnovení...

[Rudy]

Navím, bohužel, proč, byly mazány už jen zbytečnosti. Nastala nějaká změna teď?

[vaclavka83]

Nevadí.... Myslím že to pomohlo. Nic nevyskakuje a odezva systému se zdá lepší..... Děkuji

[Rudy]

OK, rádo se stalo!