Darovaný noťas - preventivka

[nereide]

přikládám i aktuální log RSIT a také odpovídám na předchozí otázku. Velikost plochy je 95.7 MB

[Márty84]

Vypnete antivir, at nebrani programu v praci.
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKU\S-1-5-21-3201448915-3208623186-2291822294-1002\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKU\S-1-5-21-3201448915-3208623186-2291822294-1002\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3201448915-3208623186-2291822294-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[8 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[13 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\98353f14797b7fada3490c1aa9b8aca1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\98353f14797b7fada3490c1aa9b8aca1\*.tmp -> ]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[nereide]

Dobré odpoledne, děkuji za reakci a přikládám výsledek

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Petra
->Temp folder emptied: 14218083 bytes
->Temporary Internet Files folder emptied: 388757 bytes
->Java cache emptied: 393322 bytes
->FireFox cache emptied: 16460322 bytes
->Flash cache emptied: 3839 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55575141 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Petra
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}\ not found.
HKEY_USERS\S-1-5-21-3201448915-3208623186-2291822294-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3201448915-3208623186-2291822294-1002\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}\ not found.
HKEY_USERS\S-1-5-21-3201448915-3208623186-2291822294-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3201448915-3208623186-2291822294-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3201448915-3208623186-2291822294-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3201448915-3208623186-2291822294-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41D1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD587.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF2F6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP33FB.tmp\System.Workflow.ComponentModel.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP33FB.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4EF.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7993.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9E61.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPBEAD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCAEC.tmp\PresentationUI.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCAEC.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\Installer\MSI1CB9.tmp- folder deleted successfully.
C:\Windows\Installer\MSI2534.tmp- folder deleted successfully.
C:\Windows\Installer\MSI33F5.tmp- folder deleted successfully.
C:\Windows\Installer\MSI37A0.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8D21.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8FC1.tmp-\Microsoft.Deployment.Compression.dll deleted successfully.
C:\Windows\Installer\MSI8FC1.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9AF9.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9F.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA029.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA79A.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAAE8.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAF22.tmp deleted successfully.
C:\Windows\Installer\MSID5C.tmp- folder deleted successfully.
C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt981A.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\98353f14797b7fada3490c1aa9b8aca1\BIT34EA.tmp deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 12062015_142725

Files\Folders moved on Reboot...
C:\Users\Petra\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.

[nereide]

Dobrý večer, provedeno, PC teď musím prověřit v zátěžovém provozu, prosím téma ještě nezavírejte, ještě se ozvu (do 9. pros.)

jestli zase vytuhne, tak to asi už rovnou celý přeinstaluji (windows), protože už fakt nevím, co by se dalo více dělat

prozatím díky

[Márty84]

jestli zase vytuhne, tak to asi už rovnou celý přeinstaluji (windows), protože už fakt nevím, co by se dalo více dělat

Jsou jeste moznosti

prosím téma ještě nezavírejte, ještě se ozvu (do 9. pros.)

OK

[nereide]

tak notebook zase dvakrát za sebou neřešitelně vytuhl... bezdůvodně, musela jsem počkat, až se vybije baterka. Vůbec netuším, co tam může být za problém... byla bych radši, kdyby to byl virus, s tím aspoň člověk může bojovat.

Zdá se, že to možná souvisí s grafikou, tuhne to často při pokusu stahovat a nebo přehrávat videa a tak. Píšu z původního starouška noťáska.

p.s. příspěvek jsem již poslala

[Márty84]

musela jsem počkat, až se vybije baterka

Proc? Nesel ani vypnout delsim podrzenim tlacitka?


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[nereide]

Zdravím. Ano, vždy nečekaně ztuhne tak, že ani to "tlačítko" nepomůže, na nic to nereaguje. Vždycky. Proto to řeším.
combolog je zde:

ComboFix 15-12-12.01 - Petra 13.12.2015 10:24:33.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2756 [GMT 1:00]
Spuštěný z: c:\users\Petra\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-11-13 do 2015-12-13 )))))))))))))))))))))))))))))))
.
.
2015-12-13 09:31 . 2015-12-13 09:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-12-13 09:31 . 2015-12-13 09:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-11 17:21 . 2015-12-11 17:21 386096 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-11 17:21 . 2015-12-11 17:21 43112 ----a-w- c:\windows\avastSS.scr
2015-12-05 16:51 . 2015-12-05 16:51 -------- d-----w- c:\program files\Common Files\AV
2015-12-05 16:51 . 2015-12-05 16:51 -------- d-----w- c:\program files (x86)\Common Files\AV
2015-11-27 19:19 . 2015-12-05 16:53 512 ----a-w- C:\PhysicalMBR.bin
2015-11-27 18:11 . 2015-11-27 18:11 -------- d-----w- c:\program files\Defraggler
2015-11-26 18:02 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-11-26 18:02 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-11-26 18:02 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-11-26 18:02 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-11-26 18:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-11-26 18:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-11-26 18:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-11-26 18:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-11-26 17:53 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-11-26 17:53 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-11-26 16:39 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2015-11-25 23:23 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-11-25 23:23 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-11-24 19:48 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-11-24 19:37 . 2015-11-24 19:37 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-11-24 19:36 . 2015-11-24 19:36 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2015-11-24 19:36 . 2015-11-24 19:36 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2015-11-24 19:36 . 2015-11-24 19:36 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2015-11-24 19:36 . 2015-11-24 19:36 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-24 19:36 . 2015-11-24 19:36 327168 ----a-w- c:\windows\system32\mswsock.dll
2015-11-24 19:36 . 2015-11-24 19:36 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2015-11-24 19:36 . 2015-11-24 19:36 68608 ----a-w- c:\windows\system32\taskhost.exe
2015-11-24 19:29 . 2015-11-24 19:29 1887232 ----a-w- c:\windows\system32\d3d11.dll
2015-11-24 19:29 . 2015-11-24 19:29 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2015-11-23 20:07 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2015-11-23 20:07 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-23 20:07 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-23 20:07 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2015-11-23 20:07 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2015-11-23 20:07 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2015-11-23 20:07 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2015-11-23 20:07 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-11-23 20:07 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2015-11-23 20:07 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-11-23 20:06 . 2014-05-14 08:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-23 20:06 . 2014-05-14 08:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-11-23 20:06 . 2014-05-14 08:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-11-23 20:06 . 2014-05-14 08:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-11-22 21:15 . 2015-11-22 21:15 -------- d-----w- c:\windows\system32\SPReview
2015-11-22 21:15 . 2015-11-22 21:15 -------- d-----w- c:\windows\system32\EventProviders
2015-11-22 20:28 . 2015-11-25 23:02 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-22 20:28 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-22 20:28 . 2015-11-22 20:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-11-22 20:28 . 2015-11-22 20:28 -------- d-----w- c:\programdata\Malwarebytes
2015-11-22 20:28 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-22 20:28 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-22 20:28 . 2015-11-22 20:28 -------- d-----w- c:\users\Petra\AppData\Local\Programs
2015-11-22 20:20 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2015-11-22 20:20 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2015-11-22 20:20 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-11-22 20:20 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2015-11-22 20:20 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-11-22 20:20 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2015-11-22 20:20 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2015-11-22 20:20 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-11-22 20:18 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2015-11-22 20:17 . 2010-11-20 13:33 171392 ----a-w- c:\windows\system32\drivers\scsiport.sys
2015-11-22 20:16 . 2010-11-20 13:27 228864 ----a-w- c:\windows\system32\wbem\wmiprov.dll
2015-11-22 20:15 . 2010-11-20 13:32 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\rdpwd.sys.mui
2015-11-22 20:15 . 2010-11-20 13:26 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbflt.sys.mui
2015-11-22 20:15 . 2010-11-20 13:32 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\kbdclass.sys.mui
2015-11-22 20:15 . 2010-11-20 13:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\GAGP30KX.SYS.mui
2015-11-22 20:15 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2015-11-22 20:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2015-11-22 20:13 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2015-11-22 20:13 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2015-11-22 20:05 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2015-11-21 22:18 . 2015-11-21 22:18 -------- d-----w- c:\windows\SysWow64\config\systemprofile\.oracle_jre_usage
2015-11-21 22:18 . 2015-11-21 22:18 -------- d-----w- c:\windows\Migration
2015-11-21 22:18 . 2015-11-21 22:18 -------- d-s---w- c:\windows\system32\CompatTel
2015-11-21 22:18 . 2015-11-21 22:18 -------- d-----w- c:\windows\system32\appraiser
2015-11-21 20:43 . 2015-11-21 20:43 -------- d-----w- c:\users\Petra\AppData\Local\Macromedia
2015-11-21 20:27 . 2015-09-18 16:47 700416 ----a-w- c:\windows\system32\invagent.dll
2015-11-21 20:27 . 2015-09-18 16:47 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-11-21 20:27 . 2015-09-18 16:47 503808 ----a-w- c:\windows\system32\devinv.dll
2015-11-21 20:27 . 2015-09-18 16:47 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-11-21 20:27 . 2015-01-27 23:23 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-11-21 20:23 . 2012-09-09 10:21 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2015-11-21 20:23 . 2012-09-09 10:21 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2015-11-21 20:22 . 2015-11-21 20:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-11-21 20:22 . 2015-11-21 20:22 -------- d-----w- c:\users\Petra\.oracle_jre_usage
2015-11-21 20:21 . 2015-11-21 20:25 -------- d-----w- c:\programdata\Oracle
2015-11-21 17:48 . 2015-12-05 18:01 -------- d-----w- c:\program files\trend micro
2015-11-21 15:14 . 2015-11-21 15:14 -------- d-----w- c:\program files (x86)\Microsoft Works
2015-11-21 15:14 . 2015-11-22 10:20 -------- d-----w- c:\program files (x86)\Microsoft.NET
2015-11-21 15:12 . 2015-11-21 15:22 -------- d-----w- c:\users\Petra\AppData\Local\Microsoft Help
2015-11-21 15:12 . 2015-11-21 15:15 -------- d-----w- c:\programdata\Microsoft Help
2015-11-21 15:11 . 2015-11-21 15:11 -------- d-----r- C:\MSOCache
2015-11-21 13:05 . 2015-11-21 13:09 -------- d-----w- c:\windows\system32\MRT
2015-11-20 19:50 . 2015-11-20 19:50 -------- d-----w- c:\users\Petra\AppData\Roaming\IrfanView
2015-11-20 19:50 . 2015-11-20 19:50 -------- d-----w- c:\program files (x86)\IrfanView
2015-11-20 18:53 . 2015-11-20 19:00 -------- d-----w- c:\users\Petra\AppData\Local\Mozilla
2015-11-20 17:41 . 2015-11-17 06:43 11138400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FC20729-C90D-437C-8C09-CB61FC2B43CA}\mpengine.dll
2015-11-20 17:41 . 2015-06-23 11:30 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-11-20 17:41 . 2015-11-20 17:41 -------- d-----w- c:\users\Petra\AppData\Roaming\AVAST Software
2015-11-20 17:40 . 2015-12-11 17:21 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-11-20 17:40 . 2015-12-11 17:21 155304 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-11-20 17:40 . 2015-12-11 17:21 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-11-20 17:40 . 2015-12-11 17:21 450504 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-11-20 17:40 . 2015-12-11 17:21 97648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-11-20 17:40 . 2015-12-11 17:21 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-11-20 17:40 . 2015-12-11 17:21 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-11-20 17:40 . 2015-12-11 17:21 1055560 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-11-20 17:39 . 2015-11-20 17:39 -------- d-----w- c:\program files\AVAST Software
2015-11-20 17:39 . 2015-11-20 17:39 -------- d-----w- c:\programdata\AVAST Software
2015-11-20 17:37 . 2015-11-20 17:36 737280 ----a-w- c:\windows\iun6002.exe
2015-11-20 17:37 . 2015-11-20 17:37 -------- d-----w- c:\program files (x86)\Codec Pack - All In 1
2015-11-19 18:08 . 2015-11-19 18:08 -------- d-----w- c:\users\Petra\AppData\Local\Skype
2015-11-19 18:08 . 2015-12-11 17:55 -------- d-----w- c:\users\Petra\AppData\Roaming\Skype
2015-11-19 18:07 . 2015-11-19 18:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-11-19 18:07 . 2015-11-19 18:07 -------- d-----r- c:\program files (x86)\Skype
2015-11-19 18:07 . 2015-11-19 18:07 -------- d-----w- c:\programdata\Skype
2015-11-19 17:52 . 2015-11-19 17:52 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-24 19:39 . 2015-11-24 19:39 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2015-11-24 19:39 . 2015-11-24 19:39 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-11-24 19:37 . 2015-11-24 19:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-11-22 21:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-11-22 21:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-11-21 20:42 . 2012-09-08 12:03 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-21 20:42 . 2012-09-08 12:03 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-11-21 20:21 . 2012-09-09 10:21 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-11-16 8591272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-11 7021880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\esupport\eDriver\I386\AsPrOb64.sys;c:\esupport\eDriver\I386\AsPrOb64.sys [x]
R3 cpuz133;cpuz133;c:\users\ADMINI~1\AppData\Local\Temp\cpuz133\cpuz133_x64.sys;c:\users\ADMINI~1\AppData\Local\Temp\cpuz133\cpuz133_x64.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-11 17:21 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?trackid=sp-006
mLocal Page =
mSearch Page = https://www.google.com/search?trackid=s ... earchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\c0wojbzk.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-12-13 10:35:30
ComboFix-quarantined-files.txt 2015-12-13 09:35
.
Před spuštěním: Volných bajtů: 111 101 661 184
Po spuštění: Volných bajtů: 110 813 118 464
.
- - End Of File - - 440D17540A753B13FA0F3388F5345EE9
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

p.s. příspěvek jsem již poslala

Dekujeme
Bohuzel havet tam nikde nevidim



Vypnete trvale Windows Defender.



Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )!
Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[nereide]

Děkuji za odpověď. Já chápu, že diagnostika problému takto na dálku je dost nesnadná a někdy nemožná, to je v pořádku. Cením si Vašeho času. Třeba na to přijdeme, když ne, tak holt přeinstaluji OS.

W. Defender jsem vypnula.

Přikládám dle Vašich instrukcí nový combofix log

ComboFix 15-12-12.01 - Petra 14.12.2015 20:14:37.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2900 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-11-14 do 2015-12-14 )))))))))))))))))))))))))))))))
.
.
2015-12-14 19:21 . 2015-12-14 19:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-12-11 17:21 . 2015-12-11 17:21 386096 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-11 17:21 . 2015-12-11 17:21 43112 ----a-w- c:\windows\avastSS.scr
2015-12-05 16:51 . 2015-12-05 16:51 -------- d-----w- c:\program files\Common Files\AV
2015-12-05 16:51 . 2015-12-05 16:51 -------- d-----w- c:\program files (x86)\Common Files\AV
2015-11-27 19:19 . 2015-12-05 16:53 512 ----a-w- C:\PhysicalMBR.bin
2015-11-27 18:11 . 2015-11-27 18:11 -------- d-----w- c:\program files\Defraggler
2015-11-26 18:02 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-11-26 18:02 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-11-26 18:02 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-11-26 18:02 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-11-26 18:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-11-26 18:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-11-26 18:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-11-26 18:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-11-26 17:53 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-11-26 17:53 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-11-26 16:39 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2015-11-25 23:23 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-11-25 23:23 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-11-24 19:48 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-11-24 19:37 . 2015-11-24 19:37 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-11-24 19:36 . 2015-11-24 19:36 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2015-11-24 19:36 . 2015-11-24 19:36 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2015-11-24 19:36 . 2015-11-24 19:36 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2015-11-24 19:36 . 2015-11-24 19:36 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-24 19:36 . 2015-11-24 19:36 327168 ----a-w- c:\windows\system32\mswsock.dll
2015-11-24 19:36 . 2015-11-24 19:36 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2015-11-24 19:36 . 2015-11-24 19:36 68608 ----a-w- c:\windows\system32\taskhost.exe
2015-11-24 19:29 . 2015-11-24 19:29 1887232 ----a-w- c:\windows\system32\d3d11.dll
2015-11-24 19:29 . 2015-11-24 19:29 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2015-11-23 20:07 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2015-11-23 20:07 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-23 20:07 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-23 20:07 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2015-11-23 20:07 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2015-11-23 20:07 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2015-11-23 20:07 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2015-11-23 20:07 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-11-23 20:07 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2015-11-23 20:07 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-11-23 20:06 . 2014-05-14 08:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-23 20:06 . 2014-05-14 08:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-11-23 20:06 . 2014-05-14 08:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-11-23 20:06 . 2014-05-14 08:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-11-22 21:15 . 2015-11-22 21:15 -------- d-----w- c:\windows\system32\SPReview
2015-11-22 21:15 . 2015-11-22 21:15 -------- d-----w- c:\windows\system32\EventProviders
2015-11-22 20:28 . 2015-11-25 23:02 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-22 20:28 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-22 20:28 . 2015-11-22 20:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-11-22 20:28 . 2015-11-22 20:28 -------- d-----w- c:\programdata\Malwarebytes
2015-11-22 20:28 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-22 20:28 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-22 20:28 . 2015-11-22 20:28 -------- d-----w- c:\users\Petra\AppData\Local\Programs
2015-11-22 20:20 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2015-11-22 20:20 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2015-11-22 20:20 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-11-22 20:20 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2015-11-22 20:20 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-11-22 20:20 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2015-11-22 20:20 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2015-11-22 20:20 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-11-22 20:18 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2015-11-22 20:17 . 2010-11-20 13:33 171392 ----a-w- c:\windows\system32\drivers\scsiport.sys
2015-11-22 20:16 . 2010-11-20 13:27 228864 ----a-w- c:\windows\system32\wbem\wmiprov.dll
2015-11-22 20:15 . 2010-11-20 13:32 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\rdpwd.sys.mui
2015-11-22 20:15 . 2010-11-20 13:26 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbflt.sys.mui
2015-11-22 20:15 . 2010-11-20 13:32 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\kbdclass.sys.mui
2015-11-22 20:15 . 2010-11-20 13:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\GAGP30KX.SYS.mui
2015-11-22 20:15 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2015-11-22 20:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2015-11-22 20:13 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2015-11-22 20:13 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2015-11-22 20:05 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2015-11-21 22:18 . 2015-11-21 22:18 -------- d-----w- c:\windows\SysWow64\config\systemprofile\.oracle_jre_usage
2015-11-21 22:18 . 2015-11-21 22:18 -------- d-----w- c:\windows\Migration
2015-11-21 22:18 . 2015-11-21 22:18 -------- d-s---w- c:\windows\system32\CompatTel
2015-11-21 22:18 . 2015-11-21 22:18 -------- d-----w- c:\windows\system32\appraiser
2015-11-21 20:43 . 2015-11-21 20:43 -------- d-----w- c:\users\Petra\AppData\Local\Macromedia
2015-11-21 20:27 . 2015-09-18 16:47 700416 ----a-w- c:\windows\system32\invagent.dll
2015-11-21 20:27 . 2015-09-18 16:47 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-11-21 20:27 . 2015-09-18 16:47 503808 ----a-w- c:\windows\system32\devinv.dll
2015-11-21 20:27 . 2015-09-18 16:47 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-11-21 20:27 . 2015-01-27 23:23 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-11-21 20:23 . 2012-09-09 10:21 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2015-11-21 20:23 . 2012-09-09 10:21 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2015-11-21 20:22 . 2015-11-21 20:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-11-21 20:22 . 2015-11-21 20:22 -------- d-----w- c:\users\Petra\.oracle_jre_usage
2015-11-21 20:21 . 2015-11-21 20:25 -------- d-----w- c:\programdata\Oracle
2015-11-21 17:48 . 2015-12-05 18:01 -------- d-----w- c:\program files\trend micro
2015-11-21 15:14 . 2015-11-21 15:14 -------- d-----w- c:\program files (x86)\Microsoft Works
2015-11-21 15:14 . 2015-11-22 10:20 -------- d-----w- c:\program files (x86)\Microsoft.NET
2015-11-21 15:12 . 2015-11-21 15:22 -------- d-----w- c:\users\Petra\AppData\Local\Microsoft Help
2015-11-21 15:12 . 2015-11-21 15:15 -------- d-----w- c:\programdata\Microsoft Help
2015-11-21 15:11 . 2015-11-21 15:11 -------- d-----r- C:\MSOCache
2015-11-21 13:05 . 2015-11-21 13:09 -------- d-----w- c:\windows\system32\MRT
2015-11-20 19:50 . 2015-11-20 19:50 -------- d-----w- c:\users\Petra\AppData\Roaming\IrfanView
2015-11-20 19:50 . 2015-11-20 19:50 -------- d-----w- c:\program files (x86)\IrfanView
2015-11-20 18:53 . 2015-11-20 19:00 -------- d-----w- c:\users\Petra\AppData\Local\Mozilla
2015-11-20 17:41 . 2015-11-17 06:43 11138400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FC20729-C90D-437C-8C09-CB61FC2B43CA}\mpengine.dll
2015-11-20 17:41 . 2015-06-23 11:30 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-11-20 17:41 . 2015-11-20 17:41 -------- d-----w- c:\users\Petra\AppData\Roaming\AVAST Software
2015-11-20 17:40 . 2015-12-11 17:21 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-11-20 17:40 . 2015-12-11 17:21 155304 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-11-20 17:40 . 2015-12-11 17:21 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-11-20 17:40 . 2015-12-11 17:21 450504 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-11-20 17:40 . 2015-12-11 17:21 97648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-11-20 17:40 . 2015-12-11 17:21 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-11-20 17:40 . 2015-12-11 17:21 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-11-20 17:40 . 2015-12-11 17:21 1055560 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-11-20 17:39 . 2015-11-20 17:39 -------- d-----w- c:\program files\AVAST Software
2015-11-20 17:39 . 2015-11-20 17:39 -------- d-----w- c:\programdata\AVAST Software
2015-11-20 17:37 . 2015-11-20 17:36 737280 ----a-w- c:\windows\iun6002.exe
2015-11-20 17:37 . 2015-11-20 17:37 -------- d-----w- c:\program files (x86)\Codec Pack - All In 1
2015-11-19 18:08 . 2015-11-19 18:08 -------- d-----w- c:\users\Petra\AppData\Local\Skype
2015-11-19 18:08 . 2015-12-13 11:06 -------- d-----w- c:\users\Petra\AppData\Roaming\Skype
2015-11-19 18:07 . 2015-11-19 18:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-11-19 18:07 . 2015-11-19 18:07 -------- d-----r- c:\program files (x86)\Skype
2015-11-19 18:07 . 2015-11-19 18:07 -------- d-----w- c:\programdata\Skype
2015-11-19 17:52 . 2015-11-19 17:52 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-24 19:39 . 2015-11-24 19:39 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2015-11-24 19:39 . 2015-11-24 19:39 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-11-24 19:37 . 2015-11-24 19:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-11-22 21:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-11-22 21:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-11-21 20:42 . 2012-09-08 12:03 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-21 20:42 . 2012-09-08 12:03 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-11-21 20:21 . 2012-09-09 10:21 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-11-16 8591272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-11 7021880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\esupport\eDriver\I386\AsPrOb64.sys;c:\esupport\eDriver\I386\AsPrOb64.sys [x]
R3 cpuz133;cpuz133;c:\users\ADMINI~1\AppData\Local\Temp\cpuz133\cpuz133_x64.sys;c:\users\ADMINI~1\AppData\Local\Temp\cpuz133\cpuz133_x64.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-11 17:21 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?trackid=sp-006
mLocal Page =
mSearch Page = https://www.google.com/search?trackid=s ... earchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\c0wojbzk.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2015-12-14 20:27:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-12-14 19:27
ComboFix2.txt 2015-12-13 09:35
.
Před spuštěním: Volných bajtů: 110 668 279 808
Po spuštění: Volných bajtů: 110 777 659 392
.
- - End Of File - - EA8EDDC92C9A487F961415C7A02EA700
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Problem je, ze preinstalace nemusi pomoct


Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Az se to zase sekne, postupujte po novem startu pc podle navodu kolegy.

Exportujeme protokol událostí Systém

• Klikněte pravým tlačítkem myši na tento počítač-spravovat
• Dále se proklikejte následovně: Systémové nástroje-Prohlížeč událostí-Protokoly systému windows-Systém
• Klikněte pravým tlačítkem myši na Systém a dejte volbu Uložit všechny události jako..
• Uložte soubor někam na disk a nahrajte na http://www.leteckaposta.cz a vložte mi sem odkaz

[nereide]

dobrý večer, dobře, vložím sem pak protokol z události třeba to celé dělá jenom ten w. defender, který jsem teď na Vaši radu vypla, kdo ví, zkusím krizovku vyvolat, do dvou dnů se ozývám

[Márty84]

Bylo by to fajn, kdyby to delal Defender, ale pochybuju Uvidime, zatim se mejte

[nereide]

Tak zase a opet... zdravim. Prikladam protokol udalosti, jinak on-line jsem zase az tretiho ledna vecer, tak ta analyza nespecha. Predem moc dekuji!

http://leteckaposta.cz/994382433