Prosím o kontrolu logu - PC nereaguje - pokračování

[joj]

Dobrý den, řešila jsem problém s PC viz http://forum.viry.cz/viewtopic.php?f=13&t=148602. Myslela jsem, že je problém vyřešen. Po restartu PC je ale problém zpět a nepomáhá ani obnova systému. Po ní totiž začne blbnout avast - počítač je nechráněn a když se pokusím spustit ochranu, tak PC zamrzne. Nejde spustit ani update avastu. Na ikoně avastu se zobrazí vykřičník a je jasné, že půjdu opět spouště PC ve stavu nouze.

Logfile of random's system information tool 1.10 (written by random/random)
Run by lenka at 2016-04-10 17:33:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (5%) free of 100 GB
Total RAM: 3549 MB (91% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:34:02, on 10.4.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\lenka\Plocha\RSIT.exe
C:\Program Files\trend micro\lenka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
O4 - HKLM\..\Run: [DT PLP] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Office X6\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X6\Programs\WPLauncher.hta
O8 - Extra context menu item: Otevřít obrázek v aplikaci &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1029\phdintl.dll/phdContext.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76BC75D0-CB1A-489A-A9A9-BC91C891C314}: NameServer = 8.8.8.8,8.8.4.4
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files\ShadowExplorer\sesvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe

--
End of file - 7063 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\SafeZone scheduled Autoupdate 1460277474.job - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default

prefs.js - "browser.search.useDBForOrder" - true

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"FFPDFArchitectConverter@pdfarchitect.com"=C:\Program Files\PDF Architect\FFPDFArchitectExt


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.197 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=Software602 Form Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class

C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default\extensions\
artur.dubovoy@gmail.com
staged
staged(2)
{34878998-c8be-40bc-bc13-9243a2844976}(2)
{3d7eb24f-2740-49df-8937-200b1cc08f8a}

C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default\searchplugins\
firmy.cz-104318.xml
mapy.cz-104318.xml
seznam.cz-104318.xml
videa.seznam.cz-104318.xml
zbozi.cz-104318.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-16 664184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-02-26 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-02-26 142360]
"MediaKey"=C:\PROGRA~1\MediaKey\MediaKey.EXE [2001-01-15 135168]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-11 172032]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
"PivotSoftware"=C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [2010-05-13 110192]
"DT PLP"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2010-05-17 121456]
"Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2015-01-20 60712]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-12-16 7021880]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2014-10-02 421888]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14 1085656]
"BlueStacks Agent"=C:\Program Files\BlueStacks\HD-Agent.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2015-04-23 6278424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-02-20 206848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\TRANSLAT\WEBTRANS.EXE"="C:\TRANSLAT\WEBTRANS.EXE:*:Enabled:WebTrans"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\HeluzKominy\Firebird\bin\fbserver.exe"="C:\Program Files\HeluzKominy\Firebird\bin\fbserver.exe:*:Enabled:Firebird SQL Server"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.VIFP"=VFCodec.dll

======List of files/folders created in the last 1 month======

2016-04-10 17:29:18 ----D---- C:\WINDOWS\LastGood
2016-04-10 17:26:08 ----A---- C:\WINDOWS\system32\aswBoot.exe
2016-04-10 17:21:32 ----D---- C:\Program Files\Electrum
2016-04-10 17:21:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2016-04-10 10:37:01 ----A---- C:\WINDOWS\system32\drivers\asw4DD.tmp
2016-04-10 10:37:01 ----A---- C:\WINDOWS\system32\drivers\asw4DC.tmp
2016-04-10 10:37:00 ----A---- C:\WINDOWS\system32\drivers\asw4DB.tmp
2016-04-10 10:37:00 ----A---- C:\WINDOWS\system32\drivers\asw4DA.tmp
2016-04-10 10:37:00 ----A---- C:\WINDOWS\system32\drivers\asw4D9.tmp
2016-04-10 10:36:59 ----A---- C:\WINDOWS\system32\drivers\asw4D8.tmp
2016-04-10 10:36:59 ----A---- C:\WINDOWS\system32\drivers\asw4D7.tmp
2016-04-10 10:36:59 ----A---- C:\WINDOWS\system32\drivers\asw4D6.tmp
2016-04-10 10:36:58 ----A---- C:\WINDOWS\system32\drivers\asw4D5.tmp
2016-04-09 09:50:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware(3)
2016-04-08 17:38:35 ----D---- C:\locky
2016-04-07 19:30:50 ----D---- C:\Program Files\Runtime Software
2016-04-07 18:04:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware(2)
2016-04-07 16:44:41 ----D---- C:\rsit
2016-04-07 16:41:23 ----A---- C:\WINDOWS\ntbtlog.txt
2016-04-01 19:53:22 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2016-04-01 19:36:46 ----D---- C:\Documents and Settings\lenka\Data aplikací\Electrum
2016-03-31 22:03:18 ----D---- C:\testdisk-7.0
2016-03-30 21:29:55 ----D---- C:\Documents and Settings\lenka\Data aplikací\Malwarebytes
2016-03-30 21:23:15 ----D---- C:\Program Files\ShadowExplorer
2016-03-30 21:18:42 ----D---- C:\Documents and Settings\lenka\Data aplikací\www.shadowexplorer.com
2016-03-30 21:12:01 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2016-03-30 21:12:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-03-30 21:12:01 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2016-03-30 21:12:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2016-03-19 17:31:13 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2016-04-10 17:33:59 ----D---- C:\Program Files\trend micro
2016-04-10 17:30:02 ----D---- C:\WINDOWS\system32\CatRoot
2016-04-10 17:30:02 ----D---- C:\WINDOWS\system32
2016-04-10 17:30:02 ----AD---- C:\WINDOWS
2016-04-10 17:29:55 ----D---- C:\WINDOWS\Temp
2016-04-10 17:29:19 ----HD---- C:\WINDOWS\inf
2016-04-10 17:29:18 ----D---- C:\WINDOWS\system32\CatRoot2
2016-04-10 17:28:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-10 17:27:49 ----D---- C:\WINDOWS\WinSxS
2016-04-10 17:27:26 ----SD---- C:\WINDOWS\Tasks
2016-04-10 17:26:43 ----D---- C:\WINDOWS\system32\drivers
2016-04-10 17:25:45 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2016-04-10 17:22:58 ----D---- C:\WINDOWS\system32\config
2016-04-10 17:22:51 ----D---- C:\WINDOWS\system32\wbem
2016-04-10 17:22:51 ----D---- C:\WINDOWS\Registration
2016-04-10 17:21:17 ----D---- C:\Program Files
2016-04-10 10:26:13 ----D---- C:\Program Files\AVAST Software
2016-04-10 09:27:25 ----D---- C:\WINDOWS\Prefetch
2016-04-10 09:24:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2016-04-09 09:54:32 ----SD---- C:\WINDOWS\system32\Microsoft
2016-04-09 09:07:36 ----SHD---- C:\System Volume Information
2016-04-08 18:15:17 ----D---- C:\TRANSLAT
2016-04-08 18:15:16 ----D---- C:\totalcmd
2016-04-08 18:15:13 ----D---- C:\spoolerlogs
2016-04-08 18:15:13 ----D---- C:\sh4ldr
2016-04-08 18:13:34 ----D---- C:\Instant star2
2016-04-08 17:55:33 ----D---- C:\Documents and Settings\lenka\Data aplikací\Yandex
2016-04-08 17:55:32 ----D---- C:\Documents and Settings\lenka\Data aplikací\Skype
2016-04-08 17:55:01 ----D---- C:\Documents and Settings\lenka\Data aplikací\LavasoftStatistics
2016-04-08 17:55:00 ----D---- C:\Documents and Settings\lenka\Data aplikací\HandBrake
2016-04-08 17:55:00 ----D---- C:\Documents and Settings\lenka\Data aplikací\FlvtoConverter
2016-04-08 17:54:48 ----D---- C:\Documents and Settings\lenka\Data aplikací\avidemux
2016-04-08 17:54:46 ----D---- C:\Documents and Settings\lenka\Data aplikací\Ad-Aware Antivirus
2016-04-08 17:53:41 ----D---- C:\AdwCleaner
2016-04-01 19:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2016-03-31 19:50:12 ----D---- C:\WINDOWS\mui
2016-03-30 22:09:06 ----D---- C:\WINDOWS\Help
2016-03-30 22:07:06 ----D---- C:\WINDOWS\system32\NtmsData
2016-03-30 22:06:27 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2016-03-30 20:59:20 ----SHD---- C:\WINDOWS\Installer
2016-03-30 20:59:20 ----D---- C:\Config.Msi
2016-03-30 20:59:16 ----RSD---- C:\WINDOWS\Fonts
2016-03-30 16:03:18 ----D---- C:\WINDOWS\system32\Restore
2016-03-28 15:24:51 ----D---- C:\Documents and Settings\lenka\Data aplikací\BitTorrent
2016-03-27 17:52:30 ----D---- C:\Documents and Settings\lenka\Data aplikací\Canon
2016-03-26 11:09:31 ----A---- C:\WINDOWS\phd2dll.INI
2016-03-22 20:52:19 ----D---- C:\WINDOWS\Minidump
2016-03-21 18:18:42 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2012-01-14 170080]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2015-12-16 55200]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 KBFiltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\KBFiltr.sys [2000-04-08 13620]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2015-12-16 49776]
S0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2015-12-16 209432]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-03-02 812720]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-01-20 449384]
S1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-12-17 31088]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2010-05-13 17465]
S2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2015-12-16 24016]
S2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2015-12-18 81168]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 aswStmXP;Avast StreamFilter Driver; C:\WINDOWS\system32\drivers\aswStmXP.sys [2015-12-16 165104]
S3 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2015-12-16 58016]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-02-20 6312864]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2010-04-16 17136]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\System32\drivers\pivotmou.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2014-08-15 45056]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-01-20 60744]
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-12-16 226440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2010-05-17 121456]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-13 154440]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [2013-04-08 1320496]
S2 PDF Architect Service;PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [2013-04-08 799280]
S2 sesvc;ShadowExplorer Service; C:\Program Files\ShadowExplorer\sesvc.exe [2011-01-02 9216]
S2 Správce výběru OS;Aktivátor Správce výběru OS Acronis; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-07-07 2156952]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-10 269504]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-13 154440]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-01-27 540968]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-19 146888]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2015-04-27 79360]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]

-----------------EOF-----------------

[Rudy]

Zdravím!
Musím vás upozornit, že podle pravidel se žádá o otevření původního tématu. Lze se to dočíst v mém podpisu. Je to proto, abychom zachovali kontinuitu řešení.

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[joj]

Když jsem se odhlašovala z uživatele lenka, tak mi to hlásilo, že štíty jsou vypnuty, po spuštění ComboFix v uživateli správce mi to hlásí, že má avast zapnuté štíty - jsem z toho jelen.

[Rudy]

Přesvědčte se, zda jsou zapnuty. V tom případě je vypněte a případné hlášení pak ignorujte.

[joj]

Pokud se přihlásím jako administrátor, tak se mi avast ani ve spodní liště nezobrazí. Přes správce souborů ho ve spuštěných aplikacích taky nevidím, ale po spuštění combofix zobrazuje se mi hláška že je spuštěný a že se avast nepodařilo vypnout a pokud budu pokračovat, tak můžu zničit pc.

[Rudy]

OK. Spusťte ho v nouz. režimu, tam tu hlášku lze ignorovat.

[joj]

OK. Už to nechám na zítra. Zatím díky moc.

[Rudy]

OK, zatím není zač.

[joj]

Zdravím. Tak jsem ten test spustila. Nahlásilo to infikování adresáře C:\windows\system 32 a že to bylo spraveno. Pak proběhl restart a objevilo se okno, že se vytváří log. Počítač však zamrzl - myší hýbat můžu, ale to je vše, čas se zastavil na 16:31.

[Rudy]

Vypněte na tvrdo a zkuste ještě jednou.

[joj]

Znovu spustit combofix ve stavu nouze a pohlídat si, ať se restartuje do stavu nouze? Raději se ptám ať něco nezkazím.

[Rudy]

Asi tak.

[joj]

Uf. Tady to je.

ComboFix 16-04-06.01 - Administrator 11.04.2016 19:15:30.2.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3549.3263 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\_ctypes.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\_hashlib.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\_socket.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\_ssl.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\bz2.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\hid.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\LIBEAY32.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\libmysql.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\msvcm90.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\msvcp90.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\msvcr90.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\pyexpat.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\PyQt4.Qt.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\PyQt4.QtCore.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\PyQt4.QtGui.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\PyQt4.QtNetwork.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\PyQt4.QtOpenGL.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\PyQt4.QtSql.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\PyQt4.QtSvg.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\PyQt4.QtTest.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\PyQt4.QtWebKit.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\PyQt4.QtXml.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\python27.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\pywintypes27.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\accessible\qtaccessiblewidgets4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\bearer\qgenericbearer4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\bearer\qnativewifibearer4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\codecs\qcncodecs4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\codecs\qjpcodecs4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\codecs\qkrcodecs4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\codecs\qtwcodecs4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\graphicssystems\qglgraphicssystem4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\iconengines\qsvgicon4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\imageformats\qgif4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\imageformats\qico4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\imageformats\qjpeg4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\imageformats\qmng4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\imageformats\qsvg4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\imageformats\qtga4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\imageformats\qtiff4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\sqldrivers\qsqlite4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\sqldrivers\qsqlmysql4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\sqldrivers\qsqlodbc4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\qt4_plugins\sqldrivers\qsqlpsql4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\QtCore4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\QtGui4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\QtNetwork4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\QtOpenGL4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\QtSql4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\QtSvg4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\QtTest4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\QtWebKit4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\QtXml4.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\select.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\sip.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\SSLEAY32.dll
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\unicodedata.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\win32api.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\win32pipe.pyd
c:\documents and settings\lenka\Local Settings\Temp\_MEI18602\win32wnet.pyd
c:\documents and settings\lenka\Local Settings\Temp\PRDecrypt\md5hash.dll
.
---- Předchozí spuštění -------
.
C:\Thumbs.db
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\Services.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\services.exe
.
--------
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-03-11 do 2016-04-11 )))))))))))))))))))))))))))))))
.
.
2016-04-10 16:17 . 2016-04-10 16:17 -------- d-----w- c:\documents and settings\Administrator
2016-04-10 15:26 . 2015-12-16 15:19 322760 ----a-w- c:\windows\system32\aswBoot.exe
2016-04-10 15:22 . 2016-04-10 15:22 -------- d-----w- c:\windows\system32\wbem\Repository
2016-04-10 15:21 . 2016-04-10 15:21 -------- d-----w- c:\program files\Electrum
2016-04-10 15:21 . 2016-04-10 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2016-04-10 08:37 . 2015-12-16 15:20 58016 ----a-w- c:\windows\system32\drivers\asw4DD.tmp
2016-04-10 08:37 . 2015-12-16 15:20 165104 ----a-w- c:\windows\system32\drivers\asw4DC.tmp
2016-04-10 08:37 . 2016-01-20 15:01 449384 ----a-w- c:\windows\system32\drivers\asw4DA.tmp
2016-04-10 08:37 . 2015-12-16 15:20 49776 ----a-w- c:\windows\system32\drivers\asw4D9.tmp
2016-04-10 08:37 . 2015-12-16 15:20 209432 ----a-w- c:\windows\system32\drivers\asw4DB.tmp
2016-04-10 08:36 . 2015-12-18 15:20 81168 ----a-w- c:\windows\system32\drivers\asw4D8.tmp
2016-04-10 08:36 . 2015-12-16 15:20 55200 ----a-w- c:\windows\system32\drivers\asw4D6.tmp
2016-04-10 08:36 . 2015-12-16 15:20 24016 ----a-w- c:\windows\system32\drivers\asw4D7.tmp
2016-04-10 08:36 . 2016-03-02 14:58 812720 ----a-w- c:\windows\system32\drivers\asw4D5.tmp
2016-04-08 15:38 . 2016-04-08 15:38 -------- d-----w- C:\locky
2016-04-07 17:30 . 2016-04-07 17:30 -------- d-----w- c:\program files\Runtime Software
2016-04-07 14:44 . 2016-04-07 14:44 -------- d-----w- C:\rsit
2016-04-01 17:53 . 2016-04-01 17:53 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2016-03-31 20:03 . 2016-04-07 17:30 -------- d-----w- C:\testdisk-7.0
2016-03-30 19:23 . 2016-03-30 19:23 -------- d-----w- c:\program files\ShadowExplorer
2016-03-30 19:12 . 2016-03-30 19:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2016-03-30 19:12 . 2016-03-30 19:12 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-03-30 19:12 . 2016-03-10 12:09 123264 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-30 19:12 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-10 15:25 . 2012-04-10 15:56 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-04-10 15:25 . 2012-01-14 17:23 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-03-02 14:58 . 2012-01-14 15:01 812720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-01-20 15:01 . 2012-01-14 15:01 449384 ----a-w- c:\windows\system32\drivers\aswSP.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-16 15:19 750216 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 142360]
"MediaKey"="c:\progra~1\MediaKey\MediaKey.EXE" [2001-01-15 135168]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-05-17 121456]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-20 60712]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-16 7021880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2014-10-02 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-13 1085656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\TRANSLAT\\WEBTRANS.EXE"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule1
"4672:TCP"= 4672:TCP:emule2
.
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10.4.2013 21:34 49776]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10.4.2013 21:34 209432]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.1.2012 17:01 812720]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.1.2012 17:01 449384]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 12:28 85344]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [26.7.2014 18:49 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10.4.2013 21:34 81168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30.3.2016 21:29 701512]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [8.4.2013 19:44 1320496]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [8.4.2013 19:43 799280]
S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [30.3.2016 21:23 9216]
S2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [7.7.2010 17:17 2156952]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14.1.2012 15:27 1684736]
S3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [13.9.2015 19:12 165104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30.3.2016 21:12 22856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1.4.2016 19:53 40776]
S4 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [21.2.2012 18:13 109168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-31 13:57 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.110\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 15:25]
.
2016-04-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-16 15:19]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 10.0.0.3 8.8.8.8
TCP: Interfaces\{76BC75D0-CB1A-489A-A9A9-BC91C891C314}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
HKLM_ActiveSetup-installed components - c:\program files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe
AddRemove-Flvto Youtube Downloader - c:\documents and settings\lenka\Local Settings\Data aplikací\Flvto\UninstallFlvtoYoutubeDownloader.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-04-11 19:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2016-04-11 19:23:01
ComboFix-quarantined-files.txt 2016-04-11 17:22
.
Před spuštěním: 8 515 407 872
Po spuštění: 8 515 706 880
.
- - End Of File - - A69AF4511AE3713E11E3D3BB9D8DB617
413FC2A0C716421B3158746D63736515

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\system32\drivers\asw4DD.tmp
c:\windows\system32\drivers\asw4DC.tmp
c:\windows\system32\drivers\asw4DA.tmp
c:\windows\system32\drivers\asw4D9.tmp
c:\windows\system32\drivers\asw4DB.tmp
c:\windows\system32\drivers\asw4D8.tmp
c:\windows\system32\drivers\asw4D6.tmp
c:\windows\system32\drivers\asw4D7.tmp
c:\windows\system32\drivers\asw4D5.tmp

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[joj]

Provedu. Jen dotaz - mám nechat restartovat pc do stavu nouze nebo ho už nechat normálně naběhnout?