Kontrologa logu + problém

[MrKrosian]

AntiRootKit nešiel zaškrtnúť. Tu to máte.
RogueKiller V9.2.2.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows 7 (6.1.7600 ) 32 bits version
Spustené v : Normálny režim
Užívateľ : FOR [Práva Správcu]
Režim : Odebrať -- Dátum : 12/07/2014 19:48:40

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 9 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> VYMAZANÉ
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> VYMAZANÉ
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> VYMAZANÉ
[PUM.Policies] HKEY_USERS\S-1-5-21-2936359417-1160815527-3310792021-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZANÉ
[PUM.Policies] HKEY_USERS\S-1-5-21-2936359417-1160815527-3310792021-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZANÉ
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZANÉ
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NAHRADENÉ (1)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2936359417-1160815527-3310792021-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NAHRADENÉ (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2936359417-1160815527-3310792021-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NAHRADENÉ (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Súbory : 0 ¤¤¤

¤¤¤ Súbor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> VYMAZANÉ
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost -> VYMAZANÉ

¤¤¤ Antirootkit : 0 (Driver: NAHRATÉ) ¤¤¤

¤¤¤ webové prehliadače : 9 ¤¤¤
[FIREFX:Addon] ogk52zdf.default-1400259825833 : Simple Site Blocker [simplesiteblocker@example.com] -> VYMAZANÉ
[CHROME:Addon] Default : Google Slides [aapocclcgogkmnckokdopfmhonfmgoek] -> VYMAZANÉ
[CHROME:Addon] Default : Google Docs [aohghmighlieiainnegkcijnfilokake] -> ERROR [2]
[CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> ERROR [2]
[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2]
[CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2]
[CHROME:Addon] Default : Google Sheets [felcaaldnbdncclmgdcncolpebgiejap] -> ERROR [2]
[CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
[CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2]

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725025VLA SCSI Disk Device +++++
--- User ---
[MBR] 5ac41ed14c2c47786fb72fa6923bf76d
[BSP] f408cbd94fa0f3618bf14f8314b3bdd4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99897 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 138466 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávna funkcia. )


============================================
RKreport_SCN_12072014_194632.log

[Reklama]

[jaro3]

Co si doinstalovat SP1??

Vlož nový log z HJT + info o problémech.

[MrKrosian]

Web normálne funguje.
Akurát sa mi niekedy vypne počítač sám od seba, pri hlavne lachšej práci, napr. dívanie YouTube, písanie textov.
Neviem zdroj to asi neni. By the way, SP1 nebudem inštalovať.
HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:34:50, on 8. 12. 2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)

FIREFOX: 33.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Users\FOR\Downloads\HijackThis(1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKCU\..\Run: [Advanced SystemCare Ultimate] "C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{900BA935-FB99-4D54-A3E6-C79AAD7ABE00}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{900BA935-FB99-4D54-A3E6-C79AAD7ABE00}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{900BA935-FB99-4D54-A3E6-C79AAD7ABE00}: NameServer = 8.8.8.8
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
O23 - Service: AdvancedSystemCareAntivirus (ASCAntivirusSrv) - IOBit - C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RzKLService - Razer Inc. - C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5841 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Proč nechceš instalovat SP1? Jsou tam bezpečnostní záplaty.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[MrKrosian]

ComboFix 14-12-10.03 - FOR . 12. 2014 15:26:22.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.421.1051.18.2047.1196 [GMT 1:00]
Running from: c:\users\FOR\Desktop\ComboFix.exe
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-11-11 to 2014-12-11 )))))))))))))))))))))))))))))))
.
.
2014-12-11 14:35 . 2014-12-11 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-11 08:13 . 2014-12-11 08:13 -------- d--h--w- c:\program files\Webstart Studios
2014-12-10 16:11 . 2014-12-10 16:11 82432 ----a-w- c:\windows\system32\msxml4r.dll
2014-12-10 16:11 . 2014-12-10 16:11 1233920 ----a-w- c:\windows\system32\msxml4.dll
2014-12-10 15:45 . 2014-12-10 15:45 -------- d-----r- c:\users\FOR\Creative Cloud Files
2014-12-10 15:42 . 2014-12-10 15:42 -------- d-----w- c:\programdata\Package Cache
2014-12-09 18:12 . 2014-12-10 18:23 -------- d-----w- c:\users\FOR\AppData\Local\CrashDumps
2014-12-09 15:07 . 2014-12-10 15:45 -------- d-----w- c:\users\FOR\AppData\Local\Adobe
2014-12-07 18:53 . 2014-12-07 19:40 -------- d-----w- c:\users\FOR\AppData\Local\VirtualStore
2014-12-07 18:47 . 2014-12-07 18:47 492 ----a-w- C:\EA220F7CC7A19136.reg
2014-12-07 18:47 . 2014-12-07 18:47 486 ----a-w- C:\F516688081534C47.reg
2014-12-07 18:47 . 2014-12-07 18:47 324 ----a-w- C:\0D038211ADB2051B.reg
2014-12-07 18:47 . 2014-12-07 18:47 302 ----a-w- C:\810AFFA1AB6D7A86.reg
2014-12-07 18:47 . 2014-12-07 18:47 402 ----a-w- C:\0F66D1AE6A32113A.reg
2014-12-07 18:47 . 2014-12-07 18:47 390 ----a-w- C:\5267C21367411D7E.reg
2014-12-07 18:47 . 2014-12-07 18:47 314 ----a-w- C:\1D55F997D1D7D614.reg
2014-12-07 18:47 . 2014-12-07 18:47 1548 ----a-w- C:\4E1DBA786C365727.reg
2014-12-07 18:47 . 2014-12-07 18:47 1212 ----a-w- C:\413B0DC1D9E8E7D8.reg
2014-12-07 16:58 . 2014-12-07 16:58 -------- d-----w- c:\programdata\ProductData
2014-12-07 15:45 . 2014-12-11 14:37 -------- d-----w- c:\users\FOR\AppData\Local\Temp
2014-12-07 15:45 . 2014-12-07 15:28 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-07 15:28 . 2014-12-07 15:47 -------- d-----w- C:\zoek_backup
2014-12-07 09:27 . 2014-12-07 09:27 -------- d-----w- c:\windows\ERUNT
2014-12-01 18:17 . 2014-12-01 18:20 -------- d-----r- c:\program files\Skype
2014-12-01 18:17 . 2014-12-01 18:17 -------- d-----w- c:\program files\Common Files\Skype
2014-11-18 14:17 . 2014-09-04 19:14 32928 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-11-17 19:25 . 2014-11-17 19:25 -------- d-----w- c:\users\FOR\AppData\Local\Unity
2014-11-15 20:27 . 2014-11-15 20:27 -------- d-----w- c:\windows\system32\SPReview
2014-11-15 20:26 . 2014-11-15 20:26 -------- d-----w- c:\windows\system32\EventProviders
2014-11-12 18:08 . 2014-11-12 18:08 -------- d-----w- c:\programdata\LHService
2014-11-12 18:06 . 2014-11-12 18:07 -------- d-----w- c:\programdata\LockHunter
2014-11-12 18:06 . 2014-11-12 18:06 -------- d-----w- c:\users\FOR\AppData\Roaming\LockHunter
2014-11-12 18:06 . 2014-11-12 18:06 -------- d--h--w- c:\program files\LockHunter
2014-11-12 17:50 . 2014-11-12 17:50 -------- d-----w- c:\programdata\Malwarebytes
2014-11-12 15:46 . 2014-11-12 15:47 -------- d-----w- c:\users\FOR\AppData\Local\Google
2014-11-12 15:46 . 2014-11-12 15:47 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-07 18:39 . 2014-07-13 07:02 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-11 12:15 . 2014-11-10 07:08 0 ----a-w- c:\windows\winsck.vbs
2014-11-11 12:15 . 2014-11-10 07:08 0 ----a-w- c:\windows\tune.vbs
2014-11-11 12:15 . 2014-11-10 07:08 0 ----a-w- c:\windows\system32\tune.vbs
2014-11-11 12:15 . 2014-11-10 07:08 0 ----a-w- c:\windows\system32\kernel.vbs
2014-11-11 12:15 . 2014-11-10 07:08 0 ----a-w- c:\windows\system32\explorer.vbs
2014-10-26 10:58 . 2014-10-26 10:58 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2006-10-25 13:17 . 2014-03-15 07:27 380928 ----a-w- c:\program files\server.dll
2006-10-25 13:17 . 2014-03-15 07:24 53248 ----a-w- c:\program files\nfs_inst.exe
2006-10-25 13:17 . 2014-03-15 07:24 7577600 ----a-w- c:\program files\nfsc_demo.exe
2006-10-25 13:17 . 2014-03-15 07:24 720896 ----a-w- c:\program files\EAInstall.dll
2006-10-25 13:17 . 2014-03-15 07:24 528384 ----a-w- c:\program files\AutoRunGUI.dll
2006-10-25 13:17 . 2014-03-15 07:24 499712 ----a-w- c:\program files\msvcp71.dll
2006-10-25 13:17 . 2014-03-15 07:24 258 ----a-w- c:\program files\dat.bin
2006-10-25 13:17 . 2014-03-15 07:24 253952 ----a-w- c:\program files\eauninstall.exe
2006-10-25 13:17 . 2014-03-15 07:24 348160 ----a-w- c:\program files\msvcr71.dll
2006-10-25 13:17 . 2014-03-15 07:24 569344 ----a-w- c:\program files\AutoRun.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-04-05 17:33 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare Ultimate"="c:\program files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" [2013-12-02 2562368]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22065760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2460488]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-10-14 557768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare Ultimate]
2013-12-02 12:22 2562368 ----a-w- c:\program files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-09-17 02:15 2460488 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2014-05-29 23:00 1122312 ----a-w- c:\windows\System32\nvspcap.dll
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2013-12-02 2151232]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2011-04-20 1570304]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 usedisk;USEDisk Driver;c:\windows\system32\DRIVERS\usedisk.sys [2014-07-16 17408]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [2013-12-16 886592]
S2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe [2013-12-10 647488]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-09-17 1795912]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-09-17 18044744]
S2 RzKLService;RzKLService;c:\program files\Razer\Razer Game Booster\RzKLService.exe [2013-11-22 105448]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-19 410968]
S2 Web Blocker Service URL;Web Blocker Service URL;c:\program files\Webstart Studios\Web Blocker\TWBService URL.exe [2009-05-26 32768]
S2 Web Blocker Service;Web Blocker Service;c:\program files\Webstart Studios\Web Blocker\TWBService.exe [2009-05-26 36864]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-10-26 243128]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-09-17 19272]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-09-04 32928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 15:52 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09]
.
2014-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-12 15:46]
.
2014-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-12 15:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windowsxlive.net/
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{900BA935-FB99-4D54-A3E6-C79AAD7ABE00}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\FOR\AppData\Roaming\Mozilla\Firefox\Profiles\ogk52zdf.default-1400259825833\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-12-11 15:41:06 - machine was rebooted
ComboFix-quarantined-files.txt 2014-12-11 14:41
.
Pre-Run: 16 210 731 008 bytes free
Post-Run: 16 960 765 952 bytes free
.
- - End Of File - - 6FEAC112DEAD26119DE34B6825C5BC16
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}

nevhodný antivr , odinstaluj a nainstaluj free antivir , Avast , Avira nebo AVG.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\winsck.vbs
c:\windows\tune.vbs
c:\windows\system32\tune.vbs
c:\windows\system32\kernel.vbs
c:\windows\system32\explorer.vbs
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Skype\Updater
c:\program files\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Pokud si nedoinstaluješ SP1 , tak tady budeš za chvíli zase.

[MrKrosian]

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-12 14:22:35
-----------------------------
14:22:35.486 OS Version: Windows 6.1.7600
14:22:35.486 Number of processors: 2 586 0x6B01
14:22:35.486 ComputerName: TU UserName:
14:22:47.751 Initialize success
14:22:47.798 VM: initialized successfully
14:22:47.798 VM: Amd CPU virtualization not supported
14:22:51.979 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
14:22:51.995 Disk 0 Vendor: Hitachi_ V5DO Size: 238475MB BusType: 3
14:22:52.151 Disk 0 MBR read successfully
14:22:52.151 Disk 0 MBR scan
14:22:52.151 Disk 0 Windows 7 default MBR code
14:22:52.182 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99897 MB offset 206848
14:22:52.198 Disk 0 default boot code
14:22:52.198 Disk 0 Partition - 00 0F Extended LBA 138466 MB offset 204796620
14:22:52.229 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 80003 MB offset 204796683
14:22:52.229 Disk 0 Partition - 00 05 Extended 58463 MB offset 368643555
14:22:52.276 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 58463 MB offset 368643618
14:22:52.276 Disk 0 scanning sectors +488376000
14:22:52.416 Disk 0 scanning C:\Windows\system32\drivers
14:22:58.041 Service scanning
14:23:13.166 Modules scanning
14:23:13.166 Disk 0 trace - called modules:
14:23:13.198 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys watchdog.sys
14:23:13.213 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c6a030]
14:23:13.213 3 CLASSPNP.SYS[88f9459e] -> nt!IofCallDriver -> [0x85963128]
14:23:13.213 5 ACPI.sys[88a473b2] -> nt!IofCallDriver -> \Device\00000066[0x85963c10]
14:23:13.229 Disk 0 statistics 82279/0/0 @ 9,13 MB/s
14:23:13.229 Scan finished successfully
14:30:17.932 Disk 0 MBR has been saved successfully to "C:\Users\FOR\Desktop\MBR.dat"
14:30:17.932 The log file has been saved successfully to "C:\Users\FOR\Desktop\aswMBR.txt"

[MrKrosian]

ComboFix 14-12-10.03 - FOR . 12. 2014 14:35:12.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.421.1051.18.2047.1211 [GMT 1:00]
Running from: c:\users\FOR\Desktop\ComboFix.exe
Command switches used :: c:\users\FOR\Desktop\CFScript.txt
AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\explorer.vbs"
"c:\windows\system32\kernel.vbs"
"c:\windows\system32\tune.vbs"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tune.vbs"
"c:\windows\winsck.vbs"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdate.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.25.11\goopdate.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_am.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ar.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_bg.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_bn.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ca.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_cs.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_da.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_de.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_el.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_en.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_es.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_et.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fa.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fi.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fil.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_gu.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_hi.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_hr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_hu.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_id.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_is.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_it.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_iw.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ja.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_kn.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ko.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_lt.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_lv.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ml.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_mr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ms.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_nl.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_no.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_pl.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ro.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ru.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sk.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sl.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sv.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sw.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ta.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_te.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_th.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_tr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_uk.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ur.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_vi.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.25.11\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.25.11\psmachine.dll
c:\program files\Google\Update\1.3.25.11\psmachine_64.dll
c:\program files\Google\Update\1.3.25.11\psuser.dll
c:\program files\Google\Update\1.3.25.11\psuser_64.dll
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.71\39.0.2171.71_39.0.2171.65_chrome_updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2014-11-12 to 2014-12-12 )))))))))))))))))))))))))))))))
.
.
2014-12-12 13:45 . 2014-12-12 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-07 18:53 . 2014-12-07 19:40 -------- d-----w- c:\users\FOR\AppData\Local\VirtualStore
2014-12-07 18:47 . 2014-12-07 18:47 492 ----a-w- C:\EA220F7CC7A19136.reg
2014-12-07 18:47 . 2014-12-07 18:47 486 ----a-w- C:\F516688081534C47.reg
2014-12-07 18:47 . 2014-12-07 18:47 324 ----a-w- C:\0D038211ADB2051B.reg
2014-12-07 18:47 . 2014-12-07 18:47 302 ----a-w- C:\810AFFA1AB6D7A86.reg
2014-12-07 18:47 . 2014-12-07 18:47 402 ----a-w- C:\0F66D1AE6A32113A.reg
2014-12-07 18:47 . 2014-12-07 18:47 390 ----a-w- C:\5267C21367411D7E.reg
2014-12-07 18:47 . 2014-12-07 18:47 314 ----a-w- C:\1D55F997D1D7D614.reg
2014-12-07 18:47 . 2014-12-07 18:47 1548 ----a-w- C:\4E1DBA786C365727.reg
2014-12-07 18:47 . 2014-12-07 18:47 1212 ----a-w- C:\413B0DC1D9E8E7D8.reg
2014-12-07 16:58 . 2014-12-07 16:58 -------- d-----w- c:\programdata\ProductData
2014-12-07 15:45 . 2014-12-12 13:47 -------- d-----w- c:\users\FOR\AppData\Local\Temp
2014-12-07 15:45 . 2014-12-07 15:28 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-07 15:28 . 2014-12-07 15:47 -------- d-----w- C:\zoek_backup
2014-12-07 09:27 . 2014-12-07 09:27 -------- d-----w- c:\windows\ERUNT
2014-12-01 18:17 . 2014-12-12 13:44 -------- d-----r- c:\program files\Skype
2014-12-01 18:17 . 2014-12-01 18:17 -------- d-----w- c:\program files\Common Files\Skype
2014-11-18 14:17 . 2014-09-04 19:14 32928 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-11-17 19:25 . 2014-11-17 19:25 -------- d-----w- c:\users\FOR\AppData\Local\Unity
2014-11-15 20:27 . 2014-11-15 20:27 -------- d-----w- c:\windows\system32\SPReview
2014-11-15 20:26 . 2014-11-15 20:26 -------- d-----w- c:\windows\system32\EventProviders
2014-11-12 18:08 . 2014-11-12 18:08 -------- d-----w- c:\programdata\LHService
2014-11-12 18:06 . 2014-11-12 18:07 -------- d-----w- c:\programdata\LockHunter
2014-11-12 18:06 . 2014-11-12 18:06 -------- d-----w- c:\users\FOR\AppData\Roaming\LockHunter
2014-11-12 18:06 . 2014-11-12 18:06 -------- d--h--w- c:\program files\LockHunter
2014-11-12 17:50 . 2014-11-12 17:50 -------- d-----w- c:\programdata\Malwarebytes
2014-11-12 15:46 . 2014-11-12 15:47 -------- d-----w- c:\users\FOR\AppData\Local\Google
2014-11-12 15:46 . 2014-11-12 15:47 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-07 18:39 . 2014-07-13 07:02 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-11 12:15 . 2014-11-10 07:08 0 ----a-w- c:\windows\winsck.vbs
2014-11-11 12:15 . 2014-11-10 07:08 0 ----a-w- c:\windows\tune.vbs
2014-11-11 12:15 . 2014-11-10 07:08 0 ----a-w- c:\windows\system32\tune.vbs
2014-11-11 12:15 . 2014-11-10 07:08 0 ----a-w- c:\windows\system32\kernel.vbs
2014-11-11 12:15 . 2014-11-10 07:08 0 ----a-w- c:\windows\system32\explorer.vbs
2014-10-26 10:58 . 2014-10-26 10:58 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2006-10-25 13:17 . 2014-03-15 07:27 380928 ----a-w- c:\program files\server.dll
2006-10-25 13:17 . 2014-03-15 07:24 53248 ----a-w- c:\program files\nfs_inst.exe
2006-10-25 13:17 . 2014-03-15 07:24 7577600 ----a-w- c:\program files\nfsc_demo.exe
2006-10-25 13:17 . 2014-03-15 07:24 720896 ----a-w- c:\program files\EAInstall.dll
2006-10-25 13:17 . 2014-03-15 07:24 528384 ----a-w- c:\program files\AutoRunGUI.dll
2006-10-25 13:17 . 2014-03-15 07:24 499712 ----a-w- c:\program files\msvcp71.dll
2006-10-25 13:17 . 2014-03-15 07:24 258 ----a-w- c:\program files\dat.bin
2006-10-25 13:17 . 2014-03-15 07:24 253952 ----a-w- c:\program files\eauninstall.exe
2006-10-25 13:17 . 2014-03-15 07:24 348160 ----a-w- c:\program files\msvcr71.dll
2006-10-25 13:17 . 2014-03-15 07:24 569344 ----a-w- c:\program files\AutoRun.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-04-05 17:33 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare Ultimate"="c:\program files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" [2013-12-02 2562368]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22065760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2460488]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-10-14 557768]
.
c:\users\FOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare Ultimate]
2013-12-02 12:22 2562368 ----a-w- c:\program files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-09-17 02:15 2460488 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2014-05-29 23:00 1122312 ----a-w- c:\windows\System32\nvspcap.dll
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2013-12-02 2151232]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2011-04-20 1570304]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 usedisk;USEDisk Driver;c:\windows\system32\DRIVERS\usedisk.sys [2014-07-16 17408]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [2013-12-16 886592]
S2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe [2013-12-10 647488]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-09-17 1795912]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-09-17 18044744]
S2 RzKLService;RzKLService;c:\program files\Razer\Razer Game Booster\RzKLService.exe [2013-11-22 105448]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-19 410968]
S2 Web Blocker Service URL;Web Blocker Service URL;c:\program files\Webstart Studios\Web Blocker\TWBService URL.exe [2009-05-26 32768]
S2 Web Blocker Service;Web Blocker Service;c:\program files\Webstart Studios\Web Blocker\TWBService.exe [2009-05-26 36864]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-10-26 243128]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-09-17 19272]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-09-04 32928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 15:52 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windowsxlive.net/
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{900BA935-FB99-4D54-A3E6-C79AAD7ABE00}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\FOR\AppData\Roaming\Mozilla\Firefox\Profiles\ogk52zdf.default-1400259825833\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\windows\system32\rundll32.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2014-12-12 14:51:42 - machine was rebooted
ComboFix-quarantined-files.txt 2014-12-12 13:51
ComboFix2.txt 2014-12-11 14:41
.
Pre-Run: 15 710 060 544 bytes free
Post-Run: 15 065 268 224 bytes free
.
- - End Of File - - 57EB78C6E5ABB3C66D18CAD345FAC810
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Vlož nový log z HJT

Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\EA220F7CC7A19136.reg
C:\F516688081534C47.reg
C:\0D038211ADB2051B.reg
C:\810AFFA1AB6D7A86.reg
C:\0F66D1AE6A32113A.reg
C:\5267C21367411D7E.reg
C:\1D55F997D1D7D614.reg
C:\4E1DBA786C365727.reg
C:\413B0DC1D9E8E7D8.reg
c:\windows\winsck.vbs
c:\windows\tune.vbs
c:\windows\system32\tune.vbs
c:\windows\system32\kernel.vbs
c:\windows\system32\explorer.vbs

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
C:\_OTMoveIt\MovedFiles\********_******.log