VIRY.CZ

jeste je divne ze ta tabulka naskoci az zadam prihlasovaci udaje na facebook a misto aby to skocilo na FB tak vyskoci tahle tabulka a mam moznost pokracovat na teto tabulce kde je tlacitko ZACIT asi jakoze s odstranenim malware a nebo se odhlasit. Pokud okno zavru a otevru znova na ucte jiz nejsem prihlaseny aniz bych se odhlasoval.

MBAM nic nenašel. Ještě můžeme zkusit, co najde ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

ComboFix 15-08-24.01 - Martin 26.08.2015 13:38:01.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3575.1656 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: AVG update module *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: AVG update module *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: AVG update module *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Temp
c:\windows\tmp
E:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DebugLog
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-26 do 2015-08-26 )))))))))))))))))))))))))))))))
.
.
2015-08-26 11:47 . 2015-08-26 11:47 -------- d-----w- c:\windows\tmp
2015-08-26 11:44 . 2015-08-26 11:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-26 04:07 . 2015-08-26 04:08 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-26 04:07 . 2015-08-26 04:07 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-08-26 04:07 . 2015-06-18 06:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-26 04:07 . 2015-06-18 06:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-26 04:07 . 2015-06-18 06:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-25 07:50 . 2015-08-26 11:46 -------- d-----w- c:\users\Martin\AppData\Local\Temp
2015-08-21 05:06 . 2015-08-24 09:40 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-08-21 04:15 . 2015-08-21 04:15 -------- d-----w- C:\KVRT_Data
2015-08-19 12:28 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-12 11:31 . 2015-07-30 13:13 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:09 . 2015-07-16 19:57 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-07-30 04:18 . 2015-07-03 04:31 42344 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-26 11:48 . 2011-10-04 10:01 17488 ----a-w- c:\windows\gdrv.sys
2015-08-12 07:45 . 2012-04-03 04:02 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 07:45 . 2011-10-05 10:53 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-15 18:46 . 2015-08-12 04:10 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\mountmgr.sys.mui
2015-07-15 17:55 . 2015-08-12 04:10 248832 ----a-w- c:\windows\system32\schannel.dll
2015-07-04 17:48 . 2015-07-15 04:03 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-07-03 04:28 . 2013-09-23 07:15 65896 ----a-w- c:\windows\system32\nvaudcap32v.dll
2015-07-03 00:09 . 2015-07-03 00:09 159648 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-06-17 17:39 . 2015-07-15 04:03 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-06-16 22:23 . 2015-06-16 22:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2015-06-16 22:23 . 2015-06-16 22:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
2015-06-15 21:47 . 2015-07-15 04:04 101824 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:43 . 2015-07-15 04:04 2364416 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:43 . 2015-07-15 04:04 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:43 . 2015-07-15 04:04 1805824 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:43 . 2015-07-15 04:04 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:42 . 2015-07-15 04:04 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:37 . 2015-07-15 04:04 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-03 14:23 . 2011-05-23 00:03 66008 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2015-06-01 23:47 . 2015-07-15 04:02 210432 ----a-w- c:\windows\system32\cewmdm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-12 05:46 233128 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_6\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-12 05:46 233128 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_6\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-12 05:46 233128 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_6\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"GoogleChromeAutoLaunch_B3FBEF5462B7ECF3CF8933E4FE9764B6"="c:\program files\Google\Chrome\Application\chrome.exe" [2015-08-18 813896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-04 10021480]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"EFI_XF_Control"="c:\program files\EFI\EFI XF\Server\EFI_XF_Control.exe" [2012-03-15 1890304]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2015-07-10 4430824]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-06-26 41360]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2015-03-28 1316000]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-06-26 840592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2015-06-16 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-07-11 157992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-24 1750528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ASUS\Bluetooth Software\BTTray.exe [2012-12-6 1113976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\Bluetooth Software\BtwProximityCP.dll
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 34976]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-01 43680]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-09-24 170552]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 259232]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 175776]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 49312]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 141088]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-12-03 508184]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 33832]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-02-02 17488]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2012-04-13 24944]
R3 i1;i1 Pro;c:\windows\system32\Drivers\i1.sys [2008-11-18 26045]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-07-16 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-24 13440]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-05 1343400]
R3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb.sys [2007-01-11 18168]
R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys [2014-05-26 29408]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2015-05-21 122320]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2015-05-21 278992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-10-23 39224]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2015-06-03 66008]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-25 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2015-05-21 30672]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-11-03 172856]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-05-26 191440]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-08-16 243128]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-01 72864]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [2015-07-09 1442344]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2015-05-26 4948456]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 EFI License Manager;EFI License Manager;c:\program files\FlexLM\lmgrd.exe [2008-08-04 1431440]
S2 EFI XF Server;EFI XF Server;c:\program files\EFI\EFI XF\Server\EFI_XF_Server.exe [2012-12-17 4833280]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-03-28 918160]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-07-24 1871504]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-03-28 20696720]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-03 409800]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-09-21 41088]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 62208]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 141568]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-03-28 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2015-07-03 42344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-24 327784]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NVSTREAMKMS
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-24 04:18 993608 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: Interfaces\{824861D3-859E-4EF3-9D57-8085923AFE0D}: NameServer = 172.16.1.2
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKU-Default-Run-KSS - c:\program files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\JDF Connector Service]
"ImagePath"="c:\program files\EFI\EFI XF\JDF/JDFConnectorService.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3393032927-722208142-1737332873-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3393032927-722208142-1737332873-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(7092)
c:\program files\Bluetooth Suite\AthCopyHook.dll
c:\program files\FileZilla FTP Client\libstdc++-6.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ASUS\Bluetooth Software\btwdins.exe
c:\windows\system32\conhost.exe
c:\program files\FlexLM\EFI.exe
c:\windows\system32\hasplms.exe
c:\program files\EFI\EFI XF\JDF\JDFConnectorService.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\GWX\GWX.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\program files\GIGABYTE\Smart6\Timelock\AlarmClock.exe
c:\windows\system32\sppsvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Canon\Solution Menu EX\CNSEUPDT.EXE
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2015-08-26 13:53:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-26 11:53
.
Před spuštěním: Volných bajtů: 10 426 974 208
Po spuštění: Volných bajtů: 10 530 668 544
.
- - End Of File - - EC8EF5576DA6D49EA23D6371E248EB1B
A36C5E4F47E84449FF07ED3517B43A31

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 15-08-24.01 - Martin 27.08.2015 6:27.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3575.2123 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: AVG update module *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: AVG update module *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: AVG update module *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AdobePDF.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-27 do 2015-08-27 )))))))))))))))))))))))))))))))
.
.
2015-08-27 04:36 . 2015-08-27 04:36 -------- d-----w- c:\windows\tmp
2015-08-27 04:33 . 2015-08-27 04:38 -------- d-----w- c:\users\Martin\AppData\Local\temp
2015-08-27 04:33 . 2015-08-27 04:33 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2015-08-27 04:33 . 2015-08-27 04:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-08-27 04:33 . 2015-08-27 04:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-27 04:33 . 2015-08-27 04:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-26 04:07 . 2015-08-26 04:08 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-26 04:07 . 2015-08-26 04:07 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-08-26 04:07 . 2015-06-18 06:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-26 04:07 . 2015-06-18 06:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-26 04:07 . 2015-06-18 06:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-21 05:06 . 2015-08-24 09:40 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-08-21 04:15 . 2015-08-21 04:15 -------- d-----w- C:\KVRT_Data
2015-08-19 12:28 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-12 11:31 . 2015-07-30 13:13 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:09 . 2015-07-16 19:57 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-07-30 04:18 . 2015-07-03 04:31 42344 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-27 04:35 . 2011-10-04 10:01 17488 ----a-w- c:\windows\gdrv.sys
2015-08-12 07:45 . 2012-04-03 04:02 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 07:45 . 2011-10-05 10:53 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-15 18:46 . 2015-08-12 04:10 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\mountmgr.sys.mui
2015-07-15 17:55 . 2015-08-12 04:10 248832 ----a-w- c:\windows\system32\schannel.dll
2015-07-04 17:48 . 2015-07-15 04:03 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-07-03 04:28 . 2013-09-23 07:15 65896 ----a-w- c:\windows\system32\nvaudcap32v.dll
2015-07-03 00:09 . 2015-07-03 00:09 159648 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-06-17 17:39 . 2015-07-15 04:03 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-06-16 22:23 . 2015-06-16 22:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2015-06-16 22:23 . 2015-06-16 22:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
2015-06-15 21:47 . 2015-07-15 04:04 101824 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:43 . 2015-07-15 04:04 2364416 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:43 . 2015-07-15 04:04 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:43 . 2015-07-15 04:04 1805824 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:43 . 2015-07-15 04:04 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:42 . 2015-07-15 04:04 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:37 . 2015-07-15 04:04 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-03 14:23 . 2011-05-23 00:03 66008 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2015-06-01 23:47 . 2015-07-15 04:02 210432 ----a-w- c:\windows\system32\cewmdm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-12 05:46 233128 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_6\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-12 05:46 233128 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_6\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-12 05:46 233128 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_6\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"GoogleChromeAutoLaunch_B3FBEF5462B7ECF3CF8933E4FE9764B6"="c:\program files\Google\Chrome\Application\chrome.exe" [2015-08-18 813896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-04 10021480]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"EFI_XF_Control"="c:\program files\EFI\EFI XF\Server\EFI_XF_Control.exe" [2012-03-15 1890304]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2015-07-10 4430824]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-06-26 41360]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2015-03-28 1316000]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-06-26 840592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2015-06-16 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-07-11 157992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ASUS\Bluetooth Software\BTTray.exe [2012-12-6 1113976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\Bluetooth Software\BtwProximityCP.dll
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 34976]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-01 43680]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-09-24 170552]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 259232]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 175776]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 49312]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 141088]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-12-03 508184]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 33832]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-02-02 17488]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2012-04-13 24944]
R3 i1;i1 Pro;c:\windows\system32\Drivers\i1.sys [2008-11-18 26045]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-07-16 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-24 13440]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-05 1343400]
R3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb.sys [2007-01-11 18168]
R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys [2014-05-26 29408]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2015-05-21 122320]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2015-05-21 278992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-10-23 39224]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2015-06-03 66008]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-25 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2015-05-21 30672]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-11-03 172856]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-05-26 191440]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-08-16 243128]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-01 72864]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [2015-07-09 1442344]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2015-05-26 4948456]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 EFI License Manager;EFI License Manager;c:\program files\FlexLM\lmgrd.exe [2008-08-04 1431440]
S2 EFI XF Server;EFI XF Server;c:\program files\EFI\EFI XF\Server\EFI_XF_Server.exe [2012-12-17 4833280]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-03-28 918160]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-07-24 1871504]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-03-28 20696720]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-03 409800]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-09-21 41088]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 62208]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 141568]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-03-28 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2015-07-03 42344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-24 327784]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NVSTREAMKMS
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-24 04:18 993608 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: Interfaces\{824861D3-859E-4EF3-9D57-8085923AFE0D}: NameServer = 172.16.1.2
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\JDF Connector Service]
"ImagePath"="c:\program files\EFI\EFI XF\JDF/JDFConnectorService.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3393032927-722208142-1737332873-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3393032927-722208142-1737332873-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(7748)
c:\program files\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ASUS\Bluetooth Software\btwdins.exe
c:\windows\system32\conhost.exe
c:\program files\FlexLM\EFI.exe
c:\windows\system32\hasplms.exe
c:\program files\EFI\EFI XF\JDF\JDFConnectorService.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\GWX\GWX.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\GIGABYTE\Smart6\Timelock\AlarmClock.exe
c:\windows\system32\sppsvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Canon\Solution Menu EX\CNSEUPDT.EXE
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2015-08-27 06:42:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-27 04:42
ComboFix2.txt 2015-08-26 11:53
.
Před spuštěním: Volných bajtů: 10 261 721 088
Po spuštění: Volných bajtů: 10 059 866 112
.
- - End Of File - - 8BB6EAB119AA710A25A8224C253441D6
A36C5E4F47E84449FF07ED3517B43A31

tak i po vycisteni to pise furt. Nevim jestli to muze byt nejak uz vlomene v uctu facebooku a nebo jestli to neni opravdu oficialni odstraneni malware od facebooku ale pochybuji protoze kdyz se prihlasim a zavru stranku, pak ji znova otevru tak jsem jiz odhlasen, to je dost divne. Kdyby to bylo ofiko tak si myslim ze bych byl porad prihlasen, tak netusim kde muze byt jeste chyba. Kazdopadne dekuji za ochotu.

Jeste jeden postreh, kdyz zpustim facebook v internet exploreru vse jede bez problemu, kdyz v chromu pise ze jsem napaden, jestli to nebude problem v chromu?

To lze vyzkoušet. Zazálohujte Chrome pomocí ChromeBackup: http://www.stahuj.centrum.cz/internet_a ... me-backup/ . Pak Chrome odinstalujte vč. jeho profilu. Znovu nainstalujte a zpět ze zálohy nakopírujte pouze záložky a hesla.