VIRY.CZ

Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_USERS\S-1-5-21-1635156821-2072687277-794704591-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
[HKEY_USERS\S-1-5-21-1635156821-2072687277-794704591-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
[HKEY_USERS\S-1-5-21-1635156821-2072687277-794704591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-1635156821-2072687277-794704591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Další log z combofix:

ComboFix 14-01-01.01 - Libor 03.01.2014 21:39:41.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4077.2435 [GMT 1:00]
Spuštěný z: c:\users\Libor\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Libor\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-03 do 2014-01-03 )))))))))))))))))))))))))))))))
.
.
2014-01-03 20:43 . 2014-01-03 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-02 16:50 . 2014-01-02 17:25 -------- d-----w- C:\AdwCleaner
2014-01-01 20:53 . 2014-01-01 20:53 -------- d-----w- c:\users\Libor\AppData\Local\Google
2013-12-30 22:11 . 2013-12-30 22:11 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2013-12-20 22:41 . 2014-01-01 17:00 -------- d-----w- c:\programdata\VideoDownloaderUltimate
2013-12-20 11:03 . 2013-12-20 11:03 -------- d-----w- c:\users\Libor\AppData\Roaming\OpenOffice
2013-12-19 21:00 . 2013-12-19 21:00 -------- d-----w- c:\program files (x86)\OpenOffice 4
2013-12-19 12:58 . 2013-10-23 08:20 6669600 ----a-w- c:\windows\system32\nvcpl.dll
2013-12-19 12:58 . 2013-10-23 08:20 3489568 ----a-w- c:\windows\system32\nvsvc64.dll
2013-12-19 12:58 . 2013-10-23 08:20 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-12-19 12:58 . 2013-10-23 08:20 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-12-19 12:58 . 2013-10-23 08:20 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-12-19 12:58 . 2013-10-23 08:20 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-12-19 12:58 . 2013-10-23 08:20 3426956 ----a-w- c:\windows\system32\nvcoproc.bin
2013-12-19 12:58 . 2013-10-27 08:12 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-19 12:58 . 2013-10-27 08:12 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-18 17:07 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-18 17:07 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-18 17:07 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-18 17:07 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-18 17:07 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-18 17:06 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-18 16:59 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-18 16:59 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-18 16:59 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-18 16:59 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-18 16:59 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-18 16:58 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-18 16:58 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-18 16:58 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-18 16:58 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-18 16:58 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-18 16:58 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-18 16:57 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-18 16:57 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-18 16:57 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-18 16:57 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-18 16:57 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-18 16:57 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-18 16:57 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-18 16:57 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-18 16:38 . 2013-12-18 16:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-18 16:37 . 2013-12-18 16:37 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-17 17:23 . 2013-12-17 17:23 -------- d-----w- c:\users\UpdatusUser
2013-12-17 17:22 . 2014-01-03 20:44 -------- d-----w- c:\programdata\NVIDIA
2013-12-17 14:08 . 2014-01-02 19:39 -------- d-----w- c:\program files\trend micro
2013-12-17 11:19 . 2013-12-17 11:19 -------- d-----w- C:\FRST
2013-12-17 10:59 . 2014-01-03 14:37 -------- d-----w- C:\SMETÍ
2013-12-16 08:46 . 2013-12-16 08:46 -------- d-----w- c:\users\Libor\AppData\Roaming\HD Tune Pro
2013-12-13 23:19 . 2013-12-13 23:19 -------- d-----w- c:\windows\Migration
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-30 22:11 . 2013-04-06 14:57 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-30 22:11 . 2013-04-06 14:57 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-30 22:11 . 2013-04-06 14:57 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-30 22:11 . 2013-03-01 16:20 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-30 22:11 . 2011-07-28 09:36 334136 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-30 22:11 . 2013-04-06 14:57 43152 ----a-w- c:\windows\avastSS.scr
2013-12-17 13:16 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-13 08:58 . 2012-04-02 07:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-13 08:58 . 2011-08-01 15:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-03 00:35 . 2013-04-06 14:57 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-03 00:35 . 2013-03-01 16:20 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-01 13:42 . 2011-07-29 13:55 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-10-27 08:12 . 2013-10-27 08:12 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-27 08:12 . 2013-10-27 08:12 15855568 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-10-27 08:12 . 2013-10-27 08:12 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-27 08:12 . 2013-10-27 08:12 1241376 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-10-27 08:12 . 2013-10-27 08:12 9480328 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-10-27 08:12 . 2013-10-27 08:12 11374520 ----a-w- c:\windows\system32\nvopencl.dll
2013-10-27 08:12 . 2013-10-27 08:12 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-10-27 08:12 . 2013-10-27 08:12 30344480 ----a-w- c:\windows\system32\nvoglv64.dll
2013-10-27 08:12 . 2013-10-27 08:12 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-10-27 08:12 . 2013-10-27 08:12 22933792 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-10-27 08:12 . 2013-10-27 08:12 655136 ----a-w- c:\windows\system32\NvIFR64.dll
2013-10-27 08:12 . 2013-10-27 08:12 560416 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-10-27 08:12 . 2013-10-27 08:12 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-10-27 08:12 . 2013-10-27 08:12 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-10-27 08:12 . 2013-10-27 08:12 12572960 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-10-27 08:12 . 2013-10-27 08:12 696096 ----a-w- c:\windows\system32\NvFBC64.dll
2013-10-27 08:12 . 2013-10-27 08:12 599840 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-10-27 08:12 . 2013-10-27 08:12 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2013-10-27 08:12 . 2013-10-27 08:12 196384 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-10-27 08:12 . 2013-10-27 08:12 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-27 08:12 . 2013-10-27 08:12 18199872 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-10-27 08:12 . 2013-10-27 08:12 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-27 08:12 . 2013-10-27 08:12 1510176 ----a-w- c:\windows\system32\nvhdagenco64.dll
2013-10-27 08:12 . 2013-10-27 08:12 9524088 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-10-27 08:12 . 2013-10-27 08:12 3131680 ----a-w- c:\windows\system32\nvcuvid.dll
2013-10-27 08:12 . 2013-10-27 08:12 3124512 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-10-27 08:12 . 2013-10-27 08:12 2946848 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-10-27 08:12 . 2013-10-27 08:12 2747168 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-10-27 08:12 . 2013-10-27 08:12 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-27 08:12 . 2013-10-27 08:12 11426568 ----a-w- c:\windows\system32\nvcuda.dll
2013-10-27 08:12 . 2013-10-27 08:12 3067560 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-27 08:12 . 2013-10-27 08:12 2695200 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-10-27 08:12 . 2013-10-27 08:12 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
2013-10-27 08:12 . 2013-10-27 08:12 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-10-23 02:02 . 2013-10-23 02:02 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-18 15:01 . 2013-10-18 15:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-12 02:30 . 2013-11-20 11:55 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-20 11:55 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-20 11:55 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-20 11:55 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-20 11:55 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\OSCAR Editor X7\OscarEditor.exe" [2011-07-25 3332608]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\programy\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-05-20 36864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-30 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MM030SVC;MM030 Service;c:\windows\system32\DRIVERS\U6000ALL.sys;c:\windows\SYSNATIVE\DRIVERS\U6000ALL.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\DRIVERS\CamSuiteVAC.sys;c:\windows\SYSNATIVE\DRIVERS\CamSuiteVAC.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-30 22:11 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\programy\MICROS~1\Office14\ONBttnIE.dll/105
IE: ????3?? - c:\users\Libor\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Libor\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Libor\AppData\Roaming\Mozilla\Firefox\Profiles\com14uta.default\
FF - prefs.js: browser.startup.homepage - google.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1635156821-2072687277-794704591-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Users\\Libor\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1635156821-2072687277-794704591-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Users\\Libor\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2014-01-03 21:50:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-01-03 20:50
ComboFix2.txt 2014-01-03 19:32
.
Před spuštěním: Volných bajtů: 66 199 900 160
Po spuštění: Volných bajtů: 65 884 246 016
.
- - End Of File - - 6182CD46A903DFDAA5BC9CBA25286EA4
A36C5E4F47E84449FF07ED3517B43A31

Smazáno. Nastala nějaká změna?

Bohužel. Problém se správným či úplným načtením stránek přetrvává....likebox.php opět přítomen.

Zkuste Junkware removal tool:

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Libor on so 04.01.2014 at 18:59:37,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Libor\appdata\local\cre"



~~~ FireFox

Emptied folder: C:\Users\Libor\AppData\Roaming\mozilla\firefox\profiles\com14uta.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 04.01.2014 at 19:04:45,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Nastala nějaká změna?

Testuji. Zobrazení některých webů stále s problémy, neúplně. Občas u některých po odkliknutí civím na čistou bílou plochu, po refresh se zobrazí korektně. U jiných ani po opakovaném "F5" stále se nenačtou všechny grafické náhledy. Zatím sem se však nesetkal s "like.php" stahováním.

Poslední možností je reinstal prohlížeče. Pak už to bude problém připojení. Napovídá tomu i to, že se problém nevyskytuje všude, ale jen u některých webů.

Reinstal nepomohl. Tak budu kontaktovat poskytovatele. Like.php je ale pryč. Takže děkuji.

OK a nemáte zač!

Tak sem se unáhlil. Like.php je zpět! Chrome to opět automaticky stahuje a u FF vyskakuje dotazovací okno kam to chci uložit. U IE se to vůbec neděje ani nikdy předtím.

Edit: Na C:\ zůstaly složky AdwCleaner, Recovery, ProgramData, Qoobox. Poslední dvě se brání smazání.

Edit 2: Ještě něco.
Zkoušel jsem si do Chromu stáhnout youtube downloader, i když na webstore je zaškrtnutý jako stažený a kliknu na spustit aplikaci, vyskočí pouze youtube stránky. V prohlížeči se nezobrazí ani v nastavení. Nejde tedy ani odinstalovat. Reinstal Chromu nepomůže. Stále na webstore je veden jako stažený. Vzpomněl sem si, že jsem kolem Silvestra do Chromu nainstaloval aplikaci pro stahování videí třetích stran. Možná tady může být zakopaný pes?

Reinstalaci chrome musíte provést vč. smazání celého jeho profilu. Ten si zazálohujete pomocí: http://www.stahuj.centrum.cz/internet_a ... me-backup/ . pak ho nainstalujte znovu a ze zálohy zpět nakopírujte pouze záložky.

Smazání proveďte složek pomocí T-Cleaneru: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe , přičemž složku Program Data neodstraníte, jelikož je systémová. Složky jsou zcela neškodné a samy o sobě na disku nevadí.