Pomoc s vírusom - odkazy na USB

[jamelo]

Zdravím,
asi som niekde chytil vírus na USB.

Keď tam niečo nakopírujem, tak mi to tam uloží ako odkaz, niektoré na inom PC otvorím (starý, slúži iba na pozeranie filmov), niektoré nie.

Tie čo otvorí tak cez príkazový riadok, cieľ jedného súboru z USB:

C:\Windows\system32\cmd.exe /c start tmp1B96.tmp.wsf&start IMG_5161.JPG&exit

Nahadzujem logy a prosím o pomoc.

Ďakujem

[jamelo]

Log z FRST

[jamelo]

RSIT

Vyhadzuje mi, že sa nevmestia do správy, preto ich dávam takto.

[Roli]

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Dále použij Mbam z mého podpisu a dej mi sem z něj log po smazání nepořádku.


Nastrkej do PC všechny flash disky a paměťové karty co používáš.

Stáhni a ulož na plochu UsbFix,

spusť aplikaci, a v otevřeném okně klikni na Deletion

Proběhne sken a po jeho skončení na tebe vypadne log, který mi sem zkopíruj,

jestliže se tak nestane najdeš ho na C:\UsbFix.txt

[jamelo]

Keď nahodím Mbam, tak pridám aj z toho.

# AdwCleaner v6.041 - Log vytvořen 05/01/2017 v 20:11:35
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2017-01-05.2 [Server]
# Operační systém : Windows 7 Ultimate Service Pack 1 (X64)
# Uživatelské jméno : Lubka - LUBKA-PC
# Spuštěno z : D:\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\Lubka\AppData\Local\Winamp Toolbar
[-] Složka smazána: C:\Users\Lubka\AppData\Local\avg web tuneup
[-] Složka smazána: C:\Users\Lubka\AppData\LocalLow\.acestream
[-] Složka smazána: C:\Users\Lubka\AppData\LocalLow\HPAppData
[-] Složka smazána: C:\Users\Lubka\AppData\LocalLow\avg web tuneup
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\.acestream
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\acestream
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\Babylon
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\eType
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\goforfiles
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\HPAppData
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\PerformerSoft
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\Settings Manager
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\Update Manager
[#] Složka smazána po restartu: C:\Users\Lubka\AppData\Roaming\GoforFiles
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\Enigma Software Group
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\Mozilla\Firefox\Profiles\bgxmmn6p.default\WinampToolbarData
[-] Složka smazána: C:\Users\Lubka\AppData\Roaming\Mozilla\Firefox\Profiles\bgxmmn6p.default\TelevisionFanatic
[-] Složka smazána: C:\Program Files\Enigma Software Group
[-] Složka smazána: C:\_acestream_cache_
[-] Složka smazána: C:\sh4ldr
[-] Složka smazána: C:\ProgramData\AVG Secure Search
[-] Složka smazána: C:\ProgramData\AVG Security Toolbar
[-] Složka smazána: C:\ProgramData\Babylon
[-] Složka smazána: C:\ProgramData\Winamp Toolbar
[-] Složka smazána: C:\ProgramData\avg web tuneup
[#] Složka smazána po restartu: C:\ProgramData\Application Data\AVG Secure Search
[#] Složka smazána po restartu: C:\ProgramData\Application Data\AVG Security Toolbar
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Babylon
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Winamp Toolbar
[#] Složka smazána po restartu: C:\ProgramData\Application Data\avg web tuneup
[-] Složka smazána: C:\Program Files (x86)\Winamp Toolbar
[-] Složka smazána: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Složka smazána: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
[-] Složka smazána: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup


***** [ Soubory ] *****

[-] Soubor smazán: C:\END
[-] Soubor smazán: C:\user.js
[-] Soubor smazán: C:\Users\Lubka\AppData\Roaming\Mozilla\Firefox\Profiles\bgxmmn6p.default\invalidprefs.js
[-] Soubor smazán: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] Soubor smazán: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] Soubor smazán: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKCU\Software\e55d88abc38eb47
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Applications\iLividSetup.exe
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1.exe
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\Classes\acestream
[#] Klíč smazán po restartu: HKCU\Software\Classes\acestream
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Prod.cap
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\speedupmypc
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\acestream
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\speedupmypc
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Klíč smazán: HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[-] Klíč smazán: HKU\.DEFAULT\Software\AVG Secure Search
[-] Klíč smazán: HKU\.DEFAULT\Software\Auslogics
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\AVG Nation toolbar
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\BI
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\GoforFiles
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\IGearSettings
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\ilivid
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\Softonic
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\StartSearch
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\torch
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\vShare.tv
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\Winamp Toolbar
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\Auslogics
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\AppDataLow\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\AppDataLow\Software\Settings Manager
[-] Klíč smazán: HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\Free Games 111
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\Speed Test 127
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\SweetIM
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\AVG Secure Search
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\Auslogics
[#] Klíč smazán po restartu: HKCU\Software\AVG Nation toolbar
[#] Klíč smazán po restartu: HKCU\Software\BI
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\GoforFiles
[#] Klíč smazán po restartu: HKCU\Software\IGearSettings
[#] Klíč smazán po restartu: HKCU\Software\ilivid
[#] Klíč smazán po restartu: HKCU\Software\Softonic
[#] Klíč smazán po restartu: HKCU\Software\StartSearch
[#] Klíč smazán po restartu: HKCU\Software\torch
[#] Klíč smazán po restartu: HKCU\Software\vShare.tv
[#] Klíč smazán po restartu: HKCU\Software\Winamp Toolbar
[#] Klíč smazán po restartu: HKCU\Software\Auslogics
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Settings Manager
[-] Klíč smazán: HKLM\SOFTWARE\AVG Nation toolbar
[-] Klíč smazán: HKLM\SOFTWARE\AVG Secure Search
[-] Klíč smazán: HKLM\SOFTWARE\AVG Security Toolbar
[-] Klíč smazán: HKLM\SOFTWARE\Babylon
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\GoforFiles
[-] Klíč smazán: HKLM\SOFTWARE\iLividSRTB
[-] Klíč smazán: HKLM\SOFTWARE\torch
[-] Klíč smazán: HKLM\SOFTWARE\Uniblue
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Uniblue\DriverScanner
[-] Klíč smazán: HKLM\SOFTWARE\Winamp Toolbar
[-] Klíč smazán: HKLM\SOFTWARE\AVG Tuneup
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\Free Games 111
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\Speed Test 127
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4176753460-3883627382-3245699827-1000\Software\SweetIM
[#] Klíč smazán po restartu: [x64] HKCU\Software\AVG Nation toolbar
[#] Klíč smazán po restartu: [x64] HKCU\Software\BI
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\GoforFiles
[#] Klíč smazán po restartu: [x64] HKCU\Software\IGearSettings
[#] Klíč smazán po restartu: [x64] HKCU\Software\ilivid
[#] Klíč smazán po restartu: [x64] HKCU\Software\Softonic
[#] Klíč smazán po restartu: [x64] HKCU\Software\StartSearch
[#] Klíč smazán po restartu: [x64] HKCU\Software\torch
[#] Klíč smazán po restartu: [x64] HKCU\Software\vShare.tv
[#] Klíč smazán po restartu: [x64] HKCU\Software\Winamp Toolbar
[#] Klíč smazán po restartu: [x64] HKCU\Software\Auslogics
[#] Klíč smazán po restartu: [x64] HKCU\Software\AppDataLow\Software\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\AppDataLow\Software\Settings Manager
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Tarma Installer
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\delta-search.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www1.delta-search.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\delta-search.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www1.delta-search.com
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Klíč smazán: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Klíč smazán: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Hodnota smazána: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Hodnota smazána po restartu: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]


***** [ Prohlížeče ] *****

[-] Firefox předvolby vyčištěny: "extensions.delta.admin" - false
[-] Firefox předvolby vyčištěny: "extensions.delta.aflt" - "babsst"
[-] Firefox předvolby vyčištěny: "extensions.delta.appId" - "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"
[-] Firefox předvolby vyčištěny: "extensions.delta.autoRvrt" - "false"
[-] Firefox předvolby vyčištěny: "extensions.delta.dfltLng" - "en"
[-] Firefox předvolby vyčištěny: "extensions.delta.excTlbr" - false
[-] Firefox předvolby vyčištěny: "extensions.delta.ffxUnstlRst" - true
[-] Firefox předvolby vyčištěny: "extensions.delta.id" - "ec6c84760000000000001c6f65ac89b1"
[-] Firefox předvolby vyčištěny: "extensions.delta.instlDay" - "15842"
[-] Firefox předvolby vyčištěny: "extensions.delta.instlRef" - "sst"
[-] Firefox předvolby vyčištěny: "extensions.delta.newTab" - false
[-] Firefox předvolby vyčištěny: "extensions.delta.prdct" - "delta"
[-] Firefox předvolby vyčištěny: "extensions.delta.prtnrId" - "delta"
[-] Firefox předvolby vyčištěny: "extensions.delta.rvrt" - "false"
[-] Firefox předvolby vyčištěny: "extensions.delta.smplGrp" - "none"
[-] Firefox předvolby vyčištěny: "extensions.delta.tlbrId" - "base"
[-] Firefox předvolby vyčištěny: "extensions.delta.tlbrSrchUrl" - ""
[-] Firefox předvolby vyčištěny: "extensions.delta.vrsn" - "1.8.21.0"
[-] Firefox předvolby vyčištěny: "extensions.delta.vrsnTs" - "1.8.21.013:04:26"
[-] Firefox předvolby vyčištěny: "extensions.delta.vrsni" - "1.8.21.0"
[-] Firefox předvolby vyčištěny: "extensions.delta_i.babExt" - ""
[-] Firefox předvolby vyčištěny: "extensions.delta_i.babTrack" - "affID=119293&tt=gc_170513_18210"
[-] Firefox předvolby vyčištěny: "extensions.delta_i.srcExt" - "ss"


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [19314 Bajty] - [05/01/2017 20:11:35]
C:\AdwCleaner\AdwCleaner[S0].txt - [19988 Bajty] - [05/01/2017 20:09:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [19462 Bajty] ##########

[jamelo]

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 05.01.17
Čas skenování: 20:59
Logovací soubor: Mbam.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.936
Licence: Vypršelo

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Lubka-PC\Lubka

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 326508
Uplynulý čas: 4 hod, 29 min, 1 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
PUP.Optional.Conduit, D:\NOV\u00c3\u00a1 SLO\u00c5\u00beKA\NOV\u00c3\u00a1 SLO\u00c5\u00beKA (2)\NOV\u00c3\u00a1 SLO\u00c5\u00beKA\BS_VDOWNLOADER.EXE, Žádná uživatelská akce, [715], [298009],1.0.936

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[jamelo]

Prebehol aj USBFix a na flash mám konečne súbory a nie odkazy.

############################## | UsbFix V 9.013 | [Clean]

User: Lubka (Administrator) # LUBKA-PC
Updated 04/01/2017 by SOSVirus
Started at 01:43:51 | 06/01/2017

Website : https://www.usb-antivirus.com/
Tutorial : https://www.usb-antivirus.com/tutorial/
Support : https://www.sosvirus.org/
Live detection : http://www.sosmalware.com/usbfix/
Contact : https://www.usb-antivirus.com/contact/

################## | System information |

MB: Gigabyte Technology Co., Ltd. (GA-880GM-UD2H)
CPU: AMD Athlon(tm) II X3 455 Processor
RAM -> [Total : 3581 Mo | Free : 1754 Mo]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft™ Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Google Chrome : 55.0.2883.87
WB: Mozilla Firefox : 50.1.0
WB: Opera : 42.0.2393.94

################## | Security Information |

AV: Avast Antivirus [Enabled |Updated]
AS: Windows Defender [(!) Disabled |(!) Outdated]
AS: Avast Antivirus [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 50 Gb (12 Gb free - 23%) [] # NTFS
D:\ -> Fixed disk # 99 Gb (888 Mb free - 1%) [] # NTFS
F:\ -> Removable disk # 7 Gb (6 Gb free - 85%) [PATRIOT] # FAT32
G:\ -> Removable disk # 14 Gb (14 Gb free - 100%) [KINGSTON] # FAT32
H:\ -> Removable disk # 7 Gb (7 Gb free - 100%) [ADATA UFD] # FAT32
I:\ -> Removable disk # 30 Gb (30 Gb free - 100%) [] # FAT32

################## | Generic Research |

Deleted! C:\Users\Lubka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp1B96.tmp.wsf
Deleted! F:\IMG_5161.lnk
Deleted! F:\01 Tri_orisky_pro_Popelku_1973_XviD_DVDRip_by_JaNEQ.lnk
Deleted! G:\IMG_5162.lnk
Deleted! G:\IMG_5161.lnk
Deleted! H:\IMG_5163.lnk
Deleted! H:\IMG_5161.lnk
Deleted! I:\IMG_5164.lnk
Deleted! I:\IMG_5161.lnk
Deleted! C:\Users\Lubka\AppData\Local\Temp\tmp1B96.tmp.wsf
Deleted! F:\tmp1B96.tmp.wsf
Deleted! G:\tmp1B96.tmp.wsf
Deleted! H:\tmp1B96.tmp.wsf
Deleted! I:\tmp1B96.tmp.wsf
Deleted! C:\Users\Lubka\AppData\Local\dt.dat
Deleted! [x64] HKLM\Software\Microsoft\Windows\CurrentVersion\Run|tmp1B96
Deleted! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|tmp1B96
Deleted! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|tmp1B96
Restored! [N] F:\IMG_5161.JPG
Restored! [N] F:\01 Tri_orisky_pro_Popelku_1973_XviD_DVDRip_by_JaNEQ.avi
Restored! [N] G:\IMG_5161.JPG
Restored! [N] H:\IMG_5161.JPG
Restored! [N] I:\IMG_5161.JPG

(!) Temporary files deleted. (19.9566049575806 MB)

################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [uTorrent] "C:\Users\Lubka\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [GrooveMonitor] "D:\Programy\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\..\Run : [uTorrent] "C:\Users\Lubka\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-4176753460-3883627382-3245699827-1000\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04GS - Adobe Gamma.lnk : C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[05/01/2017 - 20:54:38 | ASH | 2749860 Ko] - C:\hiberfil.sys
[05/01/2017 - 20:54:39 | ASH | 3666480 Ko] - C:\pagefile.sys
[27/12/2011 - 20:45:26 | A | 115 Ko] - C:\životopis.rtf
[02/01/2017 - 20:30:12 | D] - C:\Config.Msi
[31/12/2009 - 23:38:15 | A | 3 Ko] - C:\RHDSetup.log
[31/12/2009 - 23:41:25 | A | 0 Ko] - C:\Install.log
[31/12/2009 - 23:42:20 | A | 0 Ko] - C:\csb.log
[10/04/2013 - 20:35:35 | A | 154 Ko] - C:\service.log
[22/11/2012 - 21:11:41 | A | 210 Ko] - C:\28086-utorrent.0000.dmp
[17/05/2013 - 13:00:53 | SHD] - C:\$Recycle.Bin
[30/12/2016 - 21:28:32 | A | 0 Ko] - C:\autoexec.bat
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[28/06/2011 - 22:27:45 | SHD] - C:\Recovery
[28/06/2011 - 22:28:00 | RD] - C:\Users
[14/02/2013 - 13:33:54 | D] - C:\garmin
[17/03/2014 - 19:49:33 | D] - C:\ALFA plus
[17/05/2014 - 14:13:26 | D] - C:\FOTKY
[26/11/2015 - 15:19:27 | RD] - C:\ĽUBKA
[01/01/2017 - 13:01:39 | D] - C:\1f3e06c5f9242ce4d1fb53659352397e
[05/01/2017 - 14:29:51 | D] - C:\FRST
[05/01/2017 - 15:14:58 | D] - C:\rsit
[05/01/2017 - 20:10:45 | RD] - C:\Program Files
[05/01/2017 - 20:10:51 | RD] - C:\Program Files (x86)
[05/01/2017 - 20:11:35 | D] - C:\AdwCleaner
[05/01/2017 - 20:13:04 | D] - C:\Windows
[05/01/2017 - 20:24:58 | HD] - C:\ProgramData
[05/01/2017 - 21:58:31 | D] - C:\UsbFix

################## | D:\ - Fixed drive (NTFS) |

[02/06/2011 - 22:24:59 | D] - D:\msdownld.tmp
[05/01/2017 - 18:57:23 | A | 462 Ko] - D:\zaloha registrov 5-1-2017.reg
[05/01/2017 - 19:09:13 | A | 15 Ko] - D:\zaloha registrov 5-1-2017-002.reg
[26/12/2015 - 16:17:28 | A | 9138 Ko] - D:\07.-Taylor-Swift---Blank-Space[www.musicbolt.com].mp3
[03/02/2013 - 12:35:51 | A | 75 Ko] - D:\SAM_6019.jpg
[03/02/2013 - 12:36:01 | A | 80 Ko] - D:\SAM_6027.jpg
[03/10/2016 - 11:57:56 | N | 4864 Ko] - D:\IMG_6217.JPG
[03/10/2016 - 17:54:18 | A | 407 Ko] - D:\IMG_6218.JPG
[18/12/2016 - 23:12:12 | A | 50752 Ko] - D:\mb3-setup-consumer-3.0.4.1269.exe
[05/01/2017 - 18:39:27 | A | 8597 Ko] - D:\ccsetup525.exe
[05/01/2017 - 20:05:41 | A | 3884 Ko] - D:\adwcleaner_6.041.exe
[05/01/2017 - 20:24:24 | A | 52929 Ko] - D:\mb3-setup-consumer-3.0.5.1299.exe
[17/05/2013 - 13:01:08 | SHD] - D:\$RECYCLE.BIN
[22/07/2016 - 20:25:35 | A | 390748 Ko] - D:\4x01_-_The_Hour_of_the_Wolf.avi
[27/10/2016 - 17:21:23 | A | 1022939 Ko] - D:\Štěstí-na-dosah-(2006)-CZ-dabing.avi
[01/01/2010 - 12:07:05 | RHD] - D:\MSOCache
[09/09/2011 - 20:58:12 | D] - D:\Sirtaky
[04/12/2011 - 12:42:48 | D] - D:\HRY
[01/06/2012 - 13:43:08 | D] - D:\$AVG
[13/06/2013 - 20:02:26 | D] - D:\USB 11-10-2012
[02/01/2014 - 17:54:37 | D] - D:\MARUŠKA
[20/12/2014 - 15:54:27 | D] - D:\Programy
[21/12/2014 - 22:27:45 | D] - D:\obaly dvd
[22/12/2014 - 10:09:26 | D] - D:\zalozka
[28/08/2015 - 22:50:34 | D] - D:\Nová složka
[01/02/2016 - 14:20:47 | D] - D:\LUBO
[29/03/2016 - 20:14:37 | D] - D:\INSTALL
[14/09/2016 - 21:46:56 | D] - D:\MARTIN
[03/10/2016 - 11:53:45 | D] - D:\Marci
[21/11/2016 - 00:45:23 | D] - D:\VYTLAČIŤ NAŠE FOTO
[03/12/2016 - 16:32:52 | D] - D:\FOTKY
[16/12/2016 - 00:32:57 | D] - D:\gula
[16/12/2016 - 15:19:59 | D] - D:\VYTLAČIŤ FOTO DETÍ
[16/12/2016 - 20:34:01 | RD] - D:\ĽUBKA
[04/01/2017 - 23:29:34 | D] - D:\FILMY

################## | F:\ - Removable drive (FAT32) |

[13/09/2016 - 08:53:48 | N | 3286 Ko] - F:\IMG_5161.JPG
[26/12/2016 - 17:24:38 | N | 1196128 Ko] - F:\01 Tri_orisky_pro_Popelku_1973_XviD_DVDRip_by_JaNEQ.avi

################## | G:\ - Removable drive (FAT32) |

[13/09/2016 - 08:53:48 | N | 3286 Ko] - G:\IMG_5161.JPG

################## | H:\ - Removable drive (FAT32) |

[13/09/2016 - 08:53:48 | N | 3286 Ko] - H:\IMG_5161.JPG

################## | I:\ - Removable drive (FAT32) |

[13/09/2016 - 08:53:48 | N | 3286 Ko] - I:\IMG_5161.JPG

Analysed in 384.7 seconds

################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivirus.com/ |

[Roli]

Bezva, ještě poslední věc


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[jamelo]

Dal som ho prebehnúť 2-krát. Prvý krát sa mu nedalo urobiť nejaké úpravy v registroch ani bod obnovy, druhý krát prebehol bez nejakej chybovej hlášky.

Tu je prvý log:

ComboFix 17-01-04.01 - Lubka . 01. 2017 14:05:58.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1029.18.3581.1876 [GMT 1:00]
Running from: c:\users\Lubka\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2016-12-08 to 2017-01-08 )))))))))))))))))))))))))))))))
.
.
2017-01-08 13:16 . 2017-01-08 13:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-05 20:58 . 2017-01-05 20:58 -------- d-----w- C:\UsbFix
2017-01-05 19:25 . 2017-01-05 19:25 102856 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-01-05 19:25 . 2017-01-05 19:25 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-01-05 19:25 . 2017-01-05 19:25 176064 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-01-05 19:25 . 2017-01-05 19:25 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-01-05 19:25 . 2017-01-08 13:21 250816 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-05 19:25 . 2016-12-14 11:55 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-01-05 19:24 . 2017-01-05 19:24 -------- d-----w- c:\programdata\Malwarebytes
2017-01-05 19:06 . 2017-01-05 19:11 -------- d-----w- C:\AdwCleaner
2017-01-05 17:41 . 2017-01-05 17:41 -------- d-----w- c:\program files\CCleaner
2017-01-02 21:36 . 2017-01-05 14:14 -------- d-----w- C:\rsit
2017-01-02 21:36 . 2017-01-05 13:36 -------- d-----w- c:\program files\trend micro
2017-01-02 12:45 . 2017-01-05 13:29 -------- d-----w- C:\FRST
2017-01-01 15:03 . 2017-01-01 15:09 -------- d-----w- c:\windows\rescache
2017-01-01 12:18 . 2016-10-11 15:21 1314112 ----a-w- c:\windows\SysWow64\ntdll.dll
2017-01-01 12:11 . 2016-09-12 21:17 77032 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-01-01 11:56 . 2016-08-29 15:31 14183424 ----a-w- c:\windows\system32\shell32.dll
2017-01-01 11:56 . 2016-08-29 15:31 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll
2017-01-01 11:56 . 2016-08-29 15:12 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2017-01-01 11:56 . 2016-08-29 15:04 3229696 ----a-w- c:\windows\explorer.exe
2017-01-01 11:56 . 2016-08-29 14:55 2972672 ----a-w- c:\windows\SysWow64\explorer.exe
2017-01-01 11:56 . 2016-07-22 14:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2017-01-01 11:56 . 2016-07-22 14:51 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2017-01-01 11:34 . 2017-01-01 12:01 -------- d-----w- C:\1f3e06c5f9242ce4d1fb53659352397e
2016-12-30 13:09 . 2016-01-22 06:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-12-30 13:09 . 2016-01-22 06:18 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-12-30 13:09 . 2016-01-22 06:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-12-30 13:09 . 2016-01-22 06:04 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-12-30 13:08 . 2015-08-27 18:18 2004480 ----a-w- c:\windows\system32\msxml6.dll
2016-12-30 13:08 . 2015-08-27 18:13 2048 ----a-w- c:\windows\system32\msxml6r.dll
2016-12-30 13:08 . 2015-08-27 17:58 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2016-12-30 13:08 . 2015-08-27 17:51 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2016-12-30 13:07 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2016-12-30 13:07 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2016-12-30 13:07 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2016-12-30 13:07 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2016-12-30 13:02 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
2016-12-30 13:02 . 2015-11-03 18:55 179712 ----a-w- c:\windows\SysWow64\els.dll
2016-12-19 01:19 . 2016-05-13 22:09 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-12-19 01:16 . 2016-01-11 19:11 1684416 ----a-w- c:\windows\system32\drivers\ntfs.sys
2016-12-19 01:16 . 2016-02-03 18:07 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2016-12-19 01:16 . 2015-11-05 19:05 17408 ----a-w- c:\windows\system32\wshrm.dll
2016-12-19 01:16 . 2015-11-05 09:53 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2016-12-19 01:16 . 2015-11-05 19:02 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2016-12-19 01:15 . 2016-07-07 15:36 1896168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-12-19 01:15 . 2016-07-07 15:36 377576 ----a-w- c:\windows\system32\drivers\netio.sys
2016-12-19 01:15 . 2016-07-07 15:36 287976 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2016-12-19 01:15 . 2016-07-07 15:08 46080 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2016-12-19 01:15 . 2016-03-16 00:16 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-12-19 01:15 . 2016-03-16 00:16 106496 ----a-w- c:\windows\system32\samlib.dll
2016-12-19 01:15 . 2016-03-15 23:53 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-12-19 01:09 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-12-19 01:09 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-12-19 00:48 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll
2016-12-19 00:48 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2016-12-19 00:46 . 2015-12-08 19:07 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
2016-12-19 00:45 . 2016-03-16 18:50 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-12-19 00:45 . 2016-03-16 18:28 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-12-19 00:45 . 2016-03-16 18:28 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-12-19 00:45 . 2016-03-16 18:27 286720 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-12-19 00:43 . 2015-10-29 17:50 6656 ----a-w- c:\windows\system32\shimeng.dll
2016-12-19 00:42 . 2016-02-05 01:19 381440 ----a-w- c:\windows\system32\mfds.dll
2016-12-19 00:41 . 2015-05-25 18:01 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2016-12-19 00:41 . 2015-05-25 18:00 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2016-12-19 00:41 . 2015-05-25 18:00 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2016-12-19 00:41 . 2015-05-25 18:00 37888 ----a-w- c:\windows\SysWow64\relog.exe
2016-12-19 00:41 . 2015-05-25 18:00 82944 ----a-w- c:\windows\SysWow64\logman.exe
2016-12-19 00:41 . 2015-05-25 18:00 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2016-12-19 00:40 . 2015-05-25 18:19 113664 ----a-w- c:\windows\system32\sechost.dll
2016-12-19 00:40 . 2015-05-25 18:18 47104 ----a-w- c:\windows\system32\typeperf.exe
2016-12-19 00:40 . 2015-05-25 18:18 404992 ----a-w- c:\windows\system32\tracerpt.exe
2016-12-19 00:40 . 2015-05-25 18:18 43008 ----a-w- c:\windows\system32\relog.exe
2016-12-19 00:40 . 2015-05-25 18:18 104448 ----a-w- c:\windows\system32\logman.exe
2016-12-19 00:40 . 2015-05-25 18:18 19456 ----a-w- c:\windows\system32\diskperf.exe
2016-12-19 00:36 . 2016-08-12 16:26 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2016-12-19 00:36 . 2016-08-12 16:26 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-12-19 00:36 . 2016-08-12 16:26 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-12-19 00:25 . 2016-03-09 18:54 2104320 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-12-19 00:25 . 2016-03-09 18:59 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2016-12-19 00:25 . 2016-03-09 18:54 18432 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-12-19 00:25 . 2016-03-09 18:54 353280 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-12-19 00:25 . 2016-03-09 18:54 275456 ----a-w- c:\windows\system32\InkEd.dll
2016-12-19 00:25 . 2016-03-09 18:38 126464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
2016-12-19 00:25 . 2016-03-09 18:35 16384 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2016-12-19 00:25 . 2016-03-09 18:34 1416192 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
2016-12-19 00:25 . 2016-03-09 18:34 274944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-12-19 00:25 . 2016-03-09 18:34 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2016-12-18 22:12 . 2016-12-18 22:12 -------- d-----w- c:\program files\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-31 00:26 . 2011-07-21 05:16 135632432 -c--a-w- c:\windows\system32\MRT.exe
2016-12-13 18:38 . 2012-10-22 05:57 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-12-13 18:38 . 2010-01-01 11:05 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-29 21:34 . 2016-11-29 21:34 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-21 18:12 . 2017-01-01 12:18 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-11-20 16:19 . 2017-01-01 12:18 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2016-11-20 16:19 . 2017-01-01 12:18 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-11-12 18:14 . 2017-01-01 12:19 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-11-12 17:40 . 2017-01-01 12:19 230400 ----a-w- c:\windows\SysWow64\webcheck.dll
2016-10-13 11:42 . 2016-04-23 13:48 293352 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-10-11 15:18 . 2017-01-01 12:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2010-01-26 09:11 . 2013-02-15 20:16 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Lubka\AppData\Roaming\uTorrent\uTorrent.exe" [2016-12-19 1979072]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-12-06 9288408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"GrooveMonitor"="d:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
.
c:\users\Lubka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R1 aswFW;avast! TDI Firewall driver; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\DRIVERS\GUCI_AVS.sys;c:\windows\SYSNATIVE\DRIVERS\GUCI_AVS.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-14 20:18 1384792 ----a-w- c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 18:38]
.
2017-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4176753460-3883627382-3245699827-1000Core.job
- c:\users\Lubka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-28 17:29]
.
2017-01-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4176753460-3883627382-3245699827-1000UA.job
- c:\users\Lubka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-28 17:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-09 19:34 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2016-12-14 2776528]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://search.avast.com/AV772/
mStart Page = https://search.avast.com/AV772/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://search.avast.com/AV772/search/w ... earchTerms}
mSearch Bar = https://search.avast.com/AV772/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lubka\AppData\Roaming\Mozilla\Firefox\Profiles\bgxmmn6p.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search?bcutc=sp-006
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?bcutc=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?bcutc=sp-006
FF - ExtSQL: 2016-12-18 08:17; magicplayer_unlisted@acestream.org; c:\users\Lubka\AppData\Roaming\Mozilla\Firefox\Profiles\bgxmmn6p.default\extensions\magicplayer_unlisted@acestream.org
FF - ExtSQL: !HIDDEN! 2012-05-24 07:59; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files\AVAST Software\Avast\avBugReport.exe
.
**************************************************************************
.
Completion time: 2017-01-08 14:30:28 - machine was rebooted
ComboFix-quarantined-files.txt 2017-01-08 13:30
.
Pre-Run: Volných bajtů: 10 047 533 056
Post-Run: Volných bajtů: 10 419 609 600
.
- - End Of File - - EEE907354F547F49461409A1F6717EE3
A36C5E4F47E84449FF07ED3517B43A31

[jamelo]

Druhý log:

ComboFix 17-01-04.01 - Lubka . 01. 2017 14:37:09.2.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1029.18.3581.2155 [GMT 1:00]
Running from: c:\users\Lubka\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-12-08 to 2017-01-08 )))))))))))))))))))))))))))))))
.
.
2017-01-08 13:44 . 2017-01-08 13:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-05 20:58 . 2017-01-05 20:58 -------- d-----w- C:\UsbFix
2017-01-05 19:25 . 2017-01-05 19:25 102856 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-01-05 19:25 . 2017-01-05 19:25 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-01-05 19:25 . 2017-01-05 19:25 176064 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-01-05 19:25 . 2017-01-05 19:25 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-01-05 19:25 . 2017-01-08 13:21 250816 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-05 19:25 . 2016-12-14 11:55 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-01-05 19:24 . 2017-01-05 19:24 -------- d-----w- c:\programdata\Malwarebytes
2017-01-05 19:06 . 2017-01-05 19:11 -------- d-----w- C:\AdwCleaner
2017-01-05 17:41 . 2017-01-05 17:41 -------- d-----w- c:\program files\CCleaner
2017-01-02 21:36 . 2017-01-05 14:14 -------- d-----w- C:\rsit
2017-01-02 21:36 . 2017-01-05 13:36 -------- d-----w- c:\program files\trend micro
2017-01-02 12:45 . 2017-01-05 13:29 -------- d-----w- C:\FRST
2017-01-01 15:03 . 2017-01-01 15:09 -------- d-----w- c:\windows\rescache
2017-01-01 12:18 . 2016-10-11 15:21 1314112 ----a-w- c:\windows\SysWow64\ntdll.dll
2017-01-01 12:11 . 2016-09-12 21:17 77032 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-01-01 11:56 . 2016-08-29 15:31 14183424 ----a-w- c:\windows\system32\shell32.dll
2017-01-01 11:56 . 2016-08-29 15:31 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll
2017-01-01 11:56 . 2016-08-29 15:12 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2017-01-01 11:56 . 2016-08-29 15:04 3229696 ----a-w- c:\windows\explorer.exe
2017-01-01 11:56 . 2016-08-29 14:55 2972672 ----a-w- c:\windows\SysWow64\explorer.exe
2017-01-01 11:56 . 2016-07-22 14:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2017-01-01 11:56 . 2016-07-22 14:51 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2017-01-01 11:34 . 2017-01-01 12:01 -------- d-----w- C:\1f3e06c5f9242ce4d1fb53659352397e
2016-12-30 13:09 . 2016-01-22 06:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-12-30 13:09 . 2016-01-22 06:18 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-12-30 13:09 . 2016-01-22 06:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-12-30 13:09 . 2016-01-22 06:04 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-12-30 13:08 . 2015-08-27 18:18 2004480 ----a-w- c:\windows\system32\msxml6.dll
2016-12-30 13:08 . 2015-08-27 18:13 2048 ----a-w- c:\windows\system32\msxml6r.dll
2016-12-30 13:08 . 2015-08-27 17:58 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2016-12-30 13:08 . 2015-08-27 17:51 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2016-12-30 13:07 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2016-12-30 13:07 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2016-12-30 13:07 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2016-12-30 13:07 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2016-12-30 13:02 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
2016-12-30 13:02 . 2015-11-03 18:55 179712 ----a-w- c:\windows\SysWow64\els.dll
2016-12-19 01:19 . 2016-05-13 22:09 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-12-19 01:16 . 2016-01-11 19:11 1684416 ----a-w- c:\windows\system32\drivers\ntfs.sys
2016-12-19 01:16 . 2016-02-03 18:07 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2016-12-19 01:16 . 2015-11-05 19:05 17408 ----a-w- c:\windows\system32\wshrm.dll
2016-12-19 01:16 . 2015-11-05 09:53 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2016-12-19 01:16 . 2015-11-05 19:02 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2016-12-19 01:15 . 2016-07-07 15:36 1896168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-12-19 01:15 . 2016-07-07 15:36 377576 ----a-w- c:\windows\system32\drivers\netio.sys
2016-12-19 01:15 . 2016-07-07 15:36 287976 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2016-12-19 01:15 . 2016-07-07 15:08 46080 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2016-12-19 01:15 . 2016-03-16 00:16 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-12-19 01:15 . 2016-03-16 00:16 106496 ----a-w- c:\windows\system32\samlib.dll
2016-12-19 01:15 . 2016-03-15 23:53 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-12-19 01:09 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-12-19 01:09 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-12-19 00:48 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll
2016-12-19 00:48 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2016-12-19 00:46 . 2015-12-08 19:07 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
2016-12-19 00:45 . 2016-03-16 18:50 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-12-19 00:45 . 2016-03-16 18:28 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-12-19 00:45 . 2016-03-16 18:28 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-12-19 00:45 . 2016-03-16 18:27 286720 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-12-19 00:43 . 2015-10-29 17:50 6656 ----a-w- c:\windows\system32\shimeng.dll
2016-12-19 00:42 . 2016-02-05 01:19 381440 ----a-w- c:\windows\system32\mfds.dll
2016-12-19 00:41 . 2015-05-25 18:01 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2016-12-19 00:41 . 2015-05-25 18:00 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2016-12-19 00:41 . 2015-05-25 18:00 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2016-12-19 00:41 . 2015-05-25 18:00 37888 ----a-w- c:\windows\SysWow64\relog.exe
2016-12-19 00:41 . 2015-05-25 18:00 82944 ----a-w- c:\windows\SysWow64\logman.exe
2016-12-19 00:41 . 2015-05-25 18:00 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2016-12-19 00:40 . 2015-05-25 18:19 113664 ----a-w- c:\windows\system32\sechost.dll
2016-12-19 00:40 . 2015-05-25 18:18 47104 ----a-w- c:\windows\system32\typeperf.exe
2016-12-19 00:40 . 2015-05-25 18:18 404992 ----a-w- c:\windows\system32\tracerpt.exe
2016-12-19 00:40 . 2015-05-25 18:18 43008 ----a-w- c:\windows\system32\relog.exe
2016-12-19 00:40 . 2015-05-25 18:18 104448 ----a-w- c:\windows\system32\logman.exe
2016-12-19 00:40 . 2015-05-25 18:18 19456 ----a-w- c:\windows\system32\diskperf.exe
2016-12-19 00:36 . 2016-08-12 16:26 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2016-12-19 00:36 . 2016-08-12 16:26 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-12-19 00:36 . 2016-08-12 16:26 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-12-19 00:25 . 2016-03-09 18:54 2104320 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-12-19 00:25 . 2016-03-09 18:59 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2016-12-19 00:25 . 2016-03-09 18:54 18432 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-12-19 00:25 . 2016-03-09 18:54 353280 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-12-19 00:25 . 2016-03-09 18:54 275456 ----a-w- c:\windows\system32\InkEd.dll
2016-12-19 00:25 . 2016-03-09 18:38 126464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
2016-12-19 00:25 . 2016-03-09 18:35 16384 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2016-12-19 00:25 . 2016-03-09 18:34 1416192 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
2016-12-19 00:25 . 2016-03-09 18:34 274944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-12-19 00:25 . 2016-03-09 18:34 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2016-12-18 22:12 . 2016-12-18 22:12 -------- d-----w- c:\program files\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-31 00:26 . 2011-07-21 05:16 135632432 -c--a-w- c:\windows\system32\MRT.exe
2016-12-13 18:38 . 2012-10-22 05:57 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-12-13 18:38 . 2010-01-01 11:05 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-29 21:34 . 2016-11-29 21:34 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-21 18:12 . 2017-01-01 12:18 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-11-20 16:19 . 2017-01-01 12:18 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2016-11-20 16:19 . 2017-01-01 12:18 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-11-12 18:14 . 2017-01-01 12:19 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-11-12 17:40 . 2017-01-01 12:19 230400 ----a-w- c:\windows\SysWow64\webcheck.dll
2016-10-13 11:42 . 2016-04-23 13:48 293352 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-10-11 15:18 . 2017-01-01 12:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2010-01-26 09:11 . 2013-02-15 20:16 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Lubka\AppData\Roaming\uTorrent\uTorrent.exe" [2016-12-19 1979072]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-12-06 9288408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"GrooveMonitor"="d:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
.
c:\users\Lubka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R1 aswFW;avast! TDI Firewall driver; [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\DRIVERS\GUCI_AVS.sys;c:\windows\SYSNATIVE\DRIVERS\GUCI_AVS.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-14 20:18 1384792 ----a-w- c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 18:38]
.
2017-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4176753460-3883627382-3245699827-1000Core.job
- c:\users\Lubka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-28 17:29]
.
2017-01-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4176753460-3883627382-3245699827-1000UA.job
- c:\users\Lubka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-28 17:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-09 19:34 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://search.avast.com/AV772/
mStart Page = https://search.avast.com/AV772/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://search.avast.com/AV772/search/w ... earchTerms}
mSearch Bar = https://search.avast.com/AV772/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lubka\AppData\Roaming\Mozilla\Firefox\Profiles\bgxmmn6p.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search?bcutc=sp-006
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?bcutc=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?bcutc=sp-006
FF - ExtSQL: 2016-12-18 08:17; magicplayer_unlisted@acestream.org; c:\users\Lubka\AppData\Roaming\Mozilla\Firefox\Profiles\bgxmmn6p.default\extensions\magicplayer_unlisted@acestream.org
FF - ExtSQL: !HIDDEN! 2012-05-24 07:59; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-01-08 14:47:34
ComboFix-quarantined-files.txt 2017-01-08 13:47
ComboFix2.txt 2017-01-08 13:30
.
Pre-Run: Volných bajtů: 10 430 251 008
Post-Run: Volných bajtů: 10 355 036 160
.
- - End Of File - - 0A59F95124FB1E3F506628DCCAB163BD
A36C5E4F47E84449FF07ED3517B43A31

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jak se PC chová a zda je ještě nějaký problém.

[jamelo]

PC sa správa dobre.

Len ma trošku prekvapilo, že keď som dal vakcinované USB do toho starého PC, tak okamžite zmenilo súbory na ňom na odkazy, ale po prebehnutí USBFix-om sa to napravilo.

Ďakujem veľmi pekne za pomoc.

[Roli]

Ďakujem veľmi pekne za pomoc.

Není zač a