Re: preventivka - zpomalený PC
Napsal: 29 čer 2015 20:04
Dobrý den,
po aplikaci scriptu vyjel jen prázdný poznámkový blok s názvem DeQuarantine.txt
Zasílám log, po opakovaném startu ComboFixu:
ComboFix 15-06-27.01 - g 29.06.2015 20:53:23.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6092.4486 [GMT 2:00]
Spuštěný z: c:\users\g\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-28 do 2015-06-29 )))))))))))))))))))))))))))))))
.
.
2015-06-29 18:58 . 2015-06-29 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-29 18:52 . 2015-06-29 18:52 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A8FF157-4EF9-4DD8-98F2-11815DA09A2C}\offreg.2136.dll
2015-06-28 12:18 . 2015-06-28 12:18 -------- d-----w- C:\_OTL
2015-06-27 20:15 . 2015-06-28 11:00 512 ----a-w- C:\PhysicalMBR.bin
2015-06-26 20:28 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A8FF157-4EF9-4DD8-98F2-11815DA09A2C}\mpengine.dll
2015-06-24 19:02 . 2015-06-24 19:02 42916 ----a-w- C:\cc_20150624_210240.reg
2015-06-24 18:58 . 2015-06-24 18:58 -------- d-----w- c:\program files\Defraggler
2015-06-23 06:10 . 2015-06-23 06:10 -------- d-----w- c:\program files\trend micro
2015-06-09 18:17 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-06-09 18:15 . 2015-05-23 03:15 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-06-06 14:19 . 2015-06-06 14:19 -------- d-----w- c:\users\g\AppData\Local\GWX
2015-06-05 16:46 . 2015-05-22 18:18 1021440 ----a-w- c:\windows\system32\appraiser.dll
2015-06-05 16:46 . 2015-05-22 18:18 700416 ----a-w- c:\windows\system32\generaltel.dll
2015-06-05 16:46 . 2015-05-22 18:18 757248 ----a-w- c:\windows\system32\invagent.dll
2015-06-05 16:46 . 2015-05-22 18:18 423424 ----a-w- c:\windows\system32\devinv.dll
2015-06-05 16:46 . 2015-05-22 18:18 45568 ----a-w- c:\windows\system32\acmigration.dll
2015-06-05 16:46 . 2015-05-22 18:18 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-06-05 16:46 . 2015-05-22 18:13 1119232 ----a-w- c:\windows\system32\aeinv.dll
2015-06-05 16:46 . 2015-05-21 13:19 193536 ----a-w- c:\windows\system32\aepic.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-23 18:49 . 2012-03-31 11:25 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-23 18:49 . 2012-02-29 17:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-09 20:23 . 2012-03-02 17:08 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:19 . 2015-06-09 18:16 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 18:16 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-09 18:16 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-09 18:16 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 18:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-12 20:22 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-12 20:22 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-12 17:42 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-12 17:42 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 02:56 . 2015-05-12 17:42 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-12 17:43 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-12 17:43 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-12 17:43 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-12 17:42 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-12 17:42 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-12 17:42 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2013-06-22 09:41 . 2013-06-22 09:40 7974912 ----a-w- c:\program files\PC-Translator-2012.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-30 5227648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys;c:\windows\SYSNATIVE\DRIVERS\adusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-06 17:07 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-15 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-15 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-15 442352]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}: NameServer = 8.8.8.8
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}\35E2051657C6F6: NameServer = 8.8.8.8
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}\550534431373534313: NameServer = 8.8.8.8
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}\661602B6E656A756B6: NameServer = 8.8.8.8
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}\84F44554C4F53565F514E4E414F50313: NameServer = 8.8.8.8
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}\84F44554C4F53565F514E4E414F51313: NameServer = 8.8.8.8
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2015-06-29 21:00:45
ComboFix-quarantined-files.txt 2015-06-29 19:00
ComboFix2.txt 2015-06-29 16:46
ComboFix3.txt 2015-06-28 21:12
.
Před spuštěním: Volných bajtů: 412 807 413 760
Po spuštění: Volných bajtů: 412 747 272 192
.
- - End Of File - - 86AED121452C3C163C87E783D8C41F73
A36C5E4F47E84449FF07ED3517B43A31
po aplikaci scriptu vyjel jen prázdný poznámkový blok s názvem DeQuarantine.txt
Zasílám log, po opakovaném startu ComboFixu:
ComboFix 15-06-27.01 - g 29.06.2015 20:53:23.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6092.4486 [GMT 2:00]
Spuštěný z: c:\users\g\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-28 do 2015-06-29 )))))))))))))))))))))))))))))))
.
.
2015-06-29 18:58 . 2015-06-29 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-29 18:52 . 2015-06-29 18:52 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A8FF157-4EF9-4DD8-98F2-11815DA09A2C}\offreg.2136.dll
2015-06-28 12:18 . 2015-06-28 12:18 -------- d-----w- C:\_OTL
2015-06-27 20:15 . 2015-06-28 11:00 512 ----a-w- C:\PhysicalMBR.bin
2015-06-26 20:28 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A8FF157-4EF9-4DD8-98F2-11815DA09A2C}\mpengine.dll
2015-06-24 19:02 . 2015-06-24 19:02 42916 ----a-w- C:\cc_20150624_210240.reg
2015-06-24 18:58 . 2015-06-24 18:58 -------- d-----w- c:\program files\Defraggler
2015-06-23 06:10 . 2015-06-23 06:10 -------- d-----w- c:\program files\trend micro
2015-06-09 18:17 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-06-09 18:15 . 2015-05-23 03:15 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-06-06 14:19 . 2015-06-06 14:19 -------- d-----w- c:\users\g\AppData\Local\GWX
2015-06-05 16:46 . 2015-05-22 18:18 1021440 ----a-w- c:\windows\system32\appraiser.dll
2015-06-05 16:46 . 2015-05-22 18:18 700416 ----a-w- c:\windows\system32\generaltel.dll
2015-06-05 16:46 . 2015-05-22 18:18 757248 ----a-w- c:\windows\system32\invagent.dll
2015-06-05 16:46 . 2015-05-22 18:18 423424 ----a-w- c:\windows\system32\devinv.dll
2015-06-05 16:46 . 2015-05-22 18:18 45568 ----a-w- c:\windows\system32\acmigration.dll
2015-06-05 16:46 . 2015-05-22 18:18 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-06-05 16:46 . 2015-05-22 18:13 1119232 ----a-w- c:\windows\system32\aeinv.dll
2015-06-05 16:46 . 2015-05-21 13:19 193536 ----a-w- c:\windows\system32\aepic.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-23 18:49 . 2012-03-31 11:25 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-23 18:49 . 2012-02-29 17:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-09 20:23 . 2012-03-02 17:08 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:19 . 2015-06-09 18:16 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 18:16 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-09 18:16 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-09 18:16 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 18:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-12 20:22 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-12 20:22 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-12 17:42 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-12 17:42 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 02:56 . 2015-05-12 17:42 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-12 17:43 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-12 17:43 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-12 17:43 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-12 17:42 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-12 17:42 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-12 17:42 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2013-06-22 09:41 . 2013-06-22 09:40 7974912 ----a-w- c:\program files\PC-Translator-2012.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-30 5227648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys;c:\windows\SYSNATIVE\DRIVERS\adusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-06 17:07 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-15 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-15 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-15 442352]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}: NameServer = 8.8.8.8
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}\35E2051657C6F6: NameServer = 8.8.8.8
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}\550534431373534313: NameServer = 8.8.8.8
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}\661602B6E656A756B6: NameServer = 8.8.8.8
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}\84F44554C4F53565F514E4E414F50313: NameServer = 8.8.8.8
TCP: Interfaces\{58551825-97E3-4EF5-907B-34A5EE67ED9D}\84F44554C4F53565F514E4E414F51313: NameServer = 8.8.8.8
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2015-06-29 21:00:45
ComboFix-quarantined-files.txt 2015-06-29 19:00
ComboFix2.txt 2015-06-29 16:46
ComboFix3.txt 2015-06-28 21:12
.
Před spuštěním: Volných bajtů: 412 807 413 760
Po spuštění: Volných bajtů: 412 747 272 192
.
- - End Of File - - 86AED121452C3C163C87E783D8C41F73
A36C5E4F47E84449FF07ED3517B43A31
Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce) 
Prejmenujte ComboFix na 
Co pocitac, jak to s nim vypada. Nastala nejaka zmena?
