Zpomalený PC Vyřešeno

[TheBigShock]

Poprosil bych o kontrolu logu. Předem děkuji


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:12:42, on 8.5.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
C:\Users\PHENOM LUKAS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PHENOM LUKAS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\PHENOM LUKAS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\trend micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\PHENOM LUKAS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: PS3 Media Server.lnk = C:\Program Files (x86)\PS3 Media Server\PMS.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8816 bytes

[Reklama]

[Žbeky]

Odinstaluj:
BS Player Toolbar
Crawler
Spyware terminator

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\PHENOM LUKAS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[TheBigShock]

Hned se do toho dám. A mám dotaz, proč odinstalovat Spyware Terminator? Já myslel, že to není špatný program.

[Žbeky]

Bývávalo...

[TheBigShock]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6533

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8.5.2011 20:48:15
mbam-log-2011-05-08 (20-48-15).txt

Typ kontroly: Rychlý test
Testované objekty: 158816
Uplynulý čas: 2 minut, 10 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Žbeky]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[TheBigShock]

ComboFix 11-05-08.02 - PHENOM LUKAS 08.05.2011 21:23:30.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.6142.4531 [GMT 2:00]
Spuštěný z: c:\users\PHENOM LUKAS\Downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\local.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-08 do 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 19:25 . 2011-05-08 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-08 18:45 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-08 15:06 . 2011-05-08 15:06 -------- d-----w- c:\program files (x86)\ZAV
2011-05-08 14:05 . 2011-05-08 14:05 388096 ----a-r- c:\users\PHENOM LUKAS\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-08 14:04 . 2011-05-08 14:04 -------- d-----w- C:\Nová složka
2011-05-08 13:26 . 2011-05-08 13:26 -------- d-----w- c:\windows\system32\EventProviders
2011-05-08 12:44 . 2011-05-08 12:44 -------- d-----w- c:\program files (x86)\FinalWire
2011-05-08 10:59 . 2011-05-08 14:12 -------- d-----w- c:\program files (x86)\trend micro
2011-05-08 10:59 . 2011-05-08 11:00 -------- d-----w- C:\rsit
2011-05-08 10:51 . 2011-05-08 10:51 -------- d-----w- c:\users\PHENOM LUKAS\AppData\Roaming\Malwarebytes
2011-05-08 10:51 . 2011-05-08 10:51 -------- d-----w- c:\programdata\Malwarebytes
2011-05-08 10:51 . 2011-05-08 18:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-08 10:51 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-08 01:10 . 2011-05-08 01:10 -------- d-----w- c:\program files\ESET
2011-05-08 01:02 . 2011-05-08 09:41 -------- d-----w- c:\program files (x86)\TNod User & Password Finder
2011-05-07 23:05 . 2011-05-07 23:05 -------- d-----w- c:\windows\AsDmiHtm
2011-05-07 22:40 . 2011-05-07 22:50 -------- d-----w- C:\temp
2011-05-07 22:40 . 2011-05-07 22:50 -------- d-----w- C:\dvmexp
2011-05-07 22:39 . 2011-05-07 22:39 -------- d-----w- C:\ASUS.000
2011-05-07 22:38 . 2011-05-07 22:39 -------- d-----w- C:\ASUS.SYS
2011-05-07 22:30 . 2011-05-07 22:30 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-05-07 22:09 . 2008-01-04 11:34 11832 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-05-07 22:09 . 2008-01-04 11:34 10216 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2011-05-07 22:07 . 2011-05-07 22:07 16896 ----a-w- c:\windows\AsTaskSched.dll
2011-05-07 19:52 . 2011-05-07 19:52 -------- d-----w- C:\ATI
2011-05-07 19:46 . 2011-05-07 19:47 -------- d-----w- c:\users\PHENOM LUKAS\AppData\Local\eSupport.com
2011-05-07 19:46 . 2011-05-07 19:46 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-05-07 19:44 . 2011-05-07 19:44 -------- d-----w- c:\program files (x86)\Lavalys
2011-05-07 19:18 . 2011-05-07 19:18 -------- d-----w- c:\users\PHENOM LUKAS\AppData\Roaming\MAXON
2011-05-06 16:29 . 2011-05-06 16:29 -------- d-----w- c:\users\PHENOM LUKAS\AppData\Local\Electronic Arts
2011-04-26 13:29 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A6324AF-EA8C-43F2-AC38-BA244E330CCF}\mpengine.dll
2011-04-19 17:53 . 2011-05-07 18:54 -------- d-----w- c:\program files (x86)\GamePark.cz Klient
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-08 13:43 . 2010-12-25 17:07 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-08 13:43 . 2010-12-24 13:03 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-07 22:48 . 2010-12-24 13:03 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-04-09 14:26 . 2010-12-24 13:03 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-02-23 15:04 . 2011-03-26 14:22 238968 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-07 9919104]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
.
c:\users\PHENOM LUKAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PS3 Media Server.lnk - c:\program files (x86)\PS3 Media Server\PMS.exe [2009-3-9 169367]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2008-08-17 217088]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.23\RivaTuner64.sys [2009-02-15 12288]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [2009-08-24 93336]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/01 13:22];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 11:58 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S4 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469760311-2053617148-4008306589-1000Core.job
- c:\users\PHENOM LUKAS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 13:44]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469760311-2053617148-4008306589-1000UA.job
- c:\users\PHENOM LUKAS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 13:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 120328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-469760311-2053617148-4008306589-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:24,29,61,c7,25,4b,9c,9a,ef,b7,8b,da,ff,ad,ce,73,b1,09,4f,05,9a,20,4c,
4f,fd,2f,7e,98,b7,5d,ce,99,ae,83,a9,00,54,d6,5d,9e,39,97,7b,62,ca,40,7d,85,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-469760311-2053617148-4008306589-1000\Software\SecuROM\License information*]
"datasecu"=hex:1f,46,88,1f,4a,6b,24,72,68,51,51,5d,11,6d,0b,56,8a,21,05,2e,0e,
b4,bb,e0,6c,c1,1e,9e,20,a3,54,1d,51,a2,3e,e3,71,09,7d,3e,e8,ce,a0,cd,28,aa,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-05-08 21:27:17
ComboFix-quarantined-files.txt 2011-05-08 19:27
.
Před spuštěním: Volných bajtů: 523 709 874 176
Po spuštění: Volných bajtů: 523 592 773 632
.
- - End Of File - - C1B640AF0AE695F3D7AA5CE5D963ECCF

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

SecCenter::
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

Folder::
c:\program files\ESET
c:\program files (x86)\TNod User & Password Finder

File::
c:\windows\system32\aswBoot.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469760311-2053617148-4008306589-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469760311-2053617148-4008306589-1000UA.job
c:\windows\system32\DRIVERS\ehdrv.sys
c:\windows\system32\DRIVERS\epfwwfp.sys
c:\windows\system32\DRIVERS\eamonm.sys
c:\windows\system32\DRIVERS\stflt.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableUIADesktopToggle"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"=-

Driver::
ehdrv
ekrn
epfwwfp
eamonm
sp_rsdrv2

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[TheBigShock]

ComboFix 11-05-08.02 - PHENOM LUKAS 08.05.2011 21:56:25.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.6142.4542 [GMT 2:00]
Spuštěný z: c:\users\PHENOM LUKAS\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\PHENOM LUKAS\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\system32\aswBoot.exe"
"c:\windows\system32\DRIVERS\eamonm.sys"
"c:\windows\system32\DRIVERS\ehdrv.sys"
"c:\windows\system32\DRIVERS\epfwwfp.sys"
"c:\windows\system32\DRIVERS\stflt.sys"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469760311-2053617148-4008306589-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469760311-2053617148-4008306589-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TNod User & Password Finder
c:\program files (x86)\TNod User & Password Finder\config.bat
c:\program files (x86)\TNod User & Password Finder\CREDITOS.txt
c:\program files (x86)\TNod User & Password Finder\download licenses.bat
c:\program files (x86)\TNod User & Password Finder\Insert License with the maximum expiration date.bat
c:\program files (x86)\TNod User & Password Finder\LEEME.txt
c:\program files (x86)\TNod User & Password Finder\Licenses Downloader.bat
c:\program files (x86)\TNod User & Password Finder\Recover data of current License.bat
c:\program files (x86)\TNod User & Password Finder\tnodicons.icl
c:\program files (x86)\TNod User & Password Finder\uninst-tnod.exe
c:\program files\ESET
c:\program files\ESET\ESET Smart Security\callmsi.exe
c:\program files\ESET\ESET Smart Security\DMON.dll
c:\program files\ESET\ESET Smart Security\Drivers\eamonm\eamonm.cat
c:\program files\ESET\ESET Smart Security\Drivers\eamonm\eamonm.inf
c:\program files\ESET\ESET Smart Security\Drivers\eamonm\eamonm.sys
c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.cat
c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.inf
c:\program files\ESET\ESET Smart Security\Drivers\ehdrv\ehdrv.sys
c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.cat
c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.inf
c:\program files\ESET\ESET Smart Security\Drivers\epfw\epfw.sys
c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwnd_m.inf
c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.cat
c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.inf
c:\program files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys
c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\epfwwfp.cat
c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.inf
c:\program files\ESET\ESET Smart Security\Drivers\epfwwfp\EpfwWfp.sys
c:\program files\ESET\ESET Smart Security\ecls.exe
c:\program files\ESET\ESET Smart Security\eclsLang.dll
c:\program files\ESET\ESET Smart Security\ecmd.exe
c:\program files\ESET\ESET Smart Security\eeclnt.exe
c:\program files\ESET\ESET Smart Security\egui.exe
c:\program files\ESET\ESET Smart Security\eguiAmon.dll
c:\program files\ESET\ESET Smart Security\eguiAmonLang.dll
c:\program files\ESET\ESET Smart Security\eguiDmon.dll
c:\program files\ESET\ESET Smart Security\eguiDmonLang.dll
c:\program files\ESET\ESET Smart Security\eguiEmon.dll
c:\program files\ESET\ESET Smart Security\eguiEmonLang.dll
c:\program files\ESET\ESET Smart Security\eguiEpfw.dll
c:\program files\ESET\ESET Smart Security\eguiEpfwLang.dll
c:\program files\ESET\ESET Smart Security\eguiLang.dll
c:\program files\ESET\ESET Smart Security\eguiMailPlugins.dll
c:\program files\ESET\ESET Smart Security\eguiMailPluginsLang.dll
c:\program files\ESET\ESET Smart Security\eguiProduct.dll
c:\program files\ESET\ESET Smart Security\eguiProductRcd.dll
c:\program files\ESET\ESET Smart Security\eguiScan.dll
c:\program files\ESET\ESET Smart Security\eguiScanLang.dll
c:\program files\ESET\ESET Smart Security\eguiSmon.dll
c:\program files\ESET\ESET Smart Security\eguiSmonLang.dll
c:\program files\ESET\ESET Smart Security\eguiUpdate.dll
c:\program files\ESET\ESET Smart Security\eguiUpdateLang.dll
c:\program files\ESET\ESET Smart Security\eh64.exe
c:\program files\ESET\ESET Smart Security\EHttpSrv.exe
c:\program files\ESET\ESET Smart Security\ekrnDmonLang.dll
c:\program files\ESET\ESET Smart Security\ekrnEpfwLang.dll
c:\program files\ESET\ESET Smart Security\ekrnLang.dll
c:\program files\ESET\ESET Smart Security\ekrnMailPluginsLang.dll
c:\program files\ESET\ESET Smart Security\ekrnScanLang.dll
c:\program files\ESET\ESET Smart Security\ekrnSmonLang.dll
c:\program files\ESET\ESET Smart Security\ekrnUpdateLang.dll
c:\program files\ESET\ESET Smart Security\em000_32.dat
c:\program files\ESET\ESET Smart Security\em000_64.dat
c:\program files\ESET\ESET Smart Security\em001_32.dat
c:\program files\ESET\ESET Smart Security\em002_32.dat
c:\program files\ESET\ESET Smart Security\em003_32.dat
c:\program files\ESET\ESET Smart Security\em004_32.dat
c:\program files\ESET\ESET Smart Security\em005_32.dat
c:\program files\ESET\ESET Smart Security\em006_32.dat
c:\program files\ESET\ESET Smart Security\em006_64.dat
c:\program files\ESET\ESET Smart Security\em008_32.dat
c:\program files\ESET\ESET Smart Security\em008_64.dat
c:\program files\ESET\ESET Smart Security\em009_32.dat
c:\program files\ESET\ESET Smart Security\em009_64.dat
c:\program files\ESET\ESET Smart Security\em010_32.dat
c:\program files\ESET\ESET Smart Security\em013_32.dat
c:\program files\ESET\ESET Smart Security\em013_64.dat
c:\program files\ESET\ESET Smart Security\em015_32.dat
c:\program files\ESET\ESET Smart Security\em015_64.dat
c:\program files\ESET\ESET Smart Security\eplgHooks.dll
c:\program files\ESET\ESET Smart Security\eplgOE.dll
c:\program files\ESET\ESET Smart Security\eplgOEEmon.dll
c:\program files\ESET\ESET Smart Security\eplgOELang.dll
c:\program files\ESET\ESET Smart Security\eplgOESmon.dll
c:\program files\ESET\ESET Smart Security\eplgOESmonLang.dll
c:\program files\ESET\ESET Smart Security\eplgOutlook.dll
c:\program files\ESET\ESET Smart Security\eplgOutlookEmon.dll
c:\program files\ESET\ESET Smart Security\eplgOutlookEmonLang.dll
c:\program files\ESET\ESET Smart Security\eplgOutlookLang.dll
c:\program files\ESET\ESET Smart Security\eplgOutlookSmon.dll
c:\program files\ESET\ESET Smart Security\eplgOutlookSmonLang.dll
c:\program files\ESET\ESET Smart Security\eplgTbLang.dll
c:\program files\ESET\ESET Smart Security\eplgTbSmonLang.dll
c:\program files\ESET\ESET Smart Security\eset.chm
c:\program files\ESET\ESET Smart Security\eula.rtf
c:\program files\ESET\ESET Smart Security\http_dll.dll
c:\program files\ESET\ESET Smart Security\mfc80.dll
c:\program files\ESET\ESET Smart Security\mfc80u.dll
c:\program files\ESET\ESET Smart Security\Microsoft.VC80.CRT.manifest
c:\program files\ESET\ESET Smart Security\Microsoft.VC80.MFC.manifest
c:\program files\ESET\ESET Smart Security\Microsoft.VC80.MFCLOC.manifest
c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\eplgTb.dll
c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\chrome.manifest
c:\program files\ESET\ESET Smart Security\Mozilla Thunderbird\install.rdf
c:\program files\ESET\ESET Smart Security\msvcr80.dll
c:\program files\ESET\ESET Smart Security\shellExt.dll
c:\program files\ESET\ESET Smart Security\ShellExtLang.dll
c:\program files\ESET\ESET Smart Security\SysInspector.exe
c:\program files\ESET\ESET Smart Security\SysInspectorLang.dll
c:\program files\ESET\ESET Smart Security\SysRescue.exe
c:\program files\ESET\ESET Smart Security\SysRescueLang.dll
c:\program files\ESET\ESET Smart Security\updater.dll
c:\program files\ESET\ESET Smart Security\x86\DMON.dll
c:\program files\ESET\ESET Smart Security\x86\ekrn.exe
c:\program files\ESET\ESET Smart Security\x86\ekrnAmon.dll
c:\program files\ESET\ESET Smart Security\x86\ekrnDmon.dll
c:\program files\ESET\ESET Smart Security\x86\ekrnEmon.dll
c:\program files\ESET\ESET Smart Security\x86\ekrnEpfw.dll
c:\program files\ESET\ESET Smart Security\x86\ekrnMailPlugins.dll
c:\program files\ESET\ESET Smart Security\x86\ekrnScan.dll
c:\program files\ESET\ESET Smart Security\x86\ekrnSmon.dll
c:\program files\ESET\ESET Smart Security\x86\ekrnSmonEngine.dll
c:\program files\ESET\ESET Smart Security\x86\ekrnUpdate.dll
c:\program files\ESET\ESET Smart Security\x86\eplgOE.dll
c:\program files\ESET\ESET Smart Security\x86\eplgOEEmon.dll
c:\program files\ESET\ESET Smart Security\x86\eplgOESmon.dll
c:\program files\ESET\ESET Smart Security\x86\eplgOutlook.dll
c:\program files\ESET\ESET Smart Security\x86\eplgOutlookEmon.dll
c:\program files\ESET\ESET Smart Security\x86\eplgOutlookSmon.dll
c:\program files\ESET\ESET Smart Security\x86\eplgTbEmon.dll
c:\program files\ESET\ESET Smart Security\x86\eplgTbSmon.dll
c:\program files\ESET\ESET Smart Security\x86\Microsoft.VC80.CRT.manifest
c:\program files\ESET\ESET Smart Security\x86\msvcp80.dll
c:\program files\ESET\ESET Smart Security\x86\msvcr80.dll
c:\program files\ESET\ESET Smart Security\x86\PPESET.dll
c:\program files\ESET\ESET Smart Security\x86\PPEset.inf
c:\program files\ESET\ESET Smart Security\x86\shellExt.dll
c:\program files\ESET\ESET Smart Security\x86\updater.dll
c:\windows\system32\aswBoot.exe
c:\windows\system32\DRIVERS\eamonm.sys
c:\windows\system32\DRIVERS\ehdrv.sys
c:\windows\system32\DRIVERS\epfwwfp.sys
c:\windows\system32\DRIVERS\stflt.sys
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469760311-2053617148-4008306589-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469760311-2053617148-4008306589-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAMONM
-------\Legacy_EHDRV
-------\Legacy_EPFWWFP
-------\Legacy_SP_RSDRV2
-------\Service_eamonm
-------\Service_ehdrv
-------\Service_ekrn
-------\Service_epfwwfp
-------\Service_sp_rsdrv2
-------\Service_EhttpSrv
-------\Service_EhttpSrv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-08 do 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 19:58 . 2011-05-08 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-08 18:45 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-08 15:06 . 2011-05-08 15:06 -------- d-----w- c:\program files (x86)\ZAV
2011-05-08 14:05 . 2011-05-08 14:05 388096 ----a-r- c:\users\PHENOM LUKAS\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-08 14:04 . 2011-05-08 14:04 -------- d-----w- C:\Nová složka
2011-05-08 13:26 . 2011-05-08 13:26 -------- d-----w- c:\windows\system32\EventProviders
2011-05-08 12:44 . 2011-05-08 12:44 -------- d-----w- c:\program files (x86)\FinalWire
2011-05-08 10:59 . 2011-05-08 14:12 -------- d-----w- c:\program files (x86)\trend micro
2011-05-08 10:59 . 2011-05-08 11:00 -------- d-----w- C:\rsit
2011-05-08 10:51 . 2011-05-08 10:51 -------- d-----w- c:\users\PHENOM LUKAS\AppData\Roaming\Malwarebytes
2011-05-08 10:51 . 2011-05-08 10:51 -------- d-----w- c:\programdata\Malwarebytes
2011-05-08 10:51 . 2011-05-08 19:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-08 10:51 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 23:05 . 2011-05-07 23:05 -------- d-----w- c:\windows\AsDmiHtm
2011-05-07 22:40 . 2011-05-07 22:50 -------- d-----w- C:\temp
2011-05-07 22:40 . 2011-05-07 22:50 -------- d-----w- C:\dvmexp
2011-05-07 22:39 . 2011-05-07 22:39 -------- d-----w- C:\ASUS.000
2011-05-07 22:38 . 2011-05-07 22:39 -------- d-----w- C:\ASUS.SYS
2011-05-07 22:30 . 2011-05-07 22:30 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-05-07 22:09 . 2008-01-04 11:34 11832 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-05-07 22:09 . 2008-01-04 11:34 10216 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2011-05-07 22:07 . 2011-05-07 22:07 16896 ----a-w- c:\windows\AsTaskSched.dll
2011-05-07 19:52 . 2011-05-07 19:52 -------- d-----w- C:\ATI
2011-05-07 19:46 . 2011-05-07 19:47 -------- d-----w- c:\users\PHENOM LUKAS\AppData\Local\eSupport.com
2011-05-07 19:46 . 2011-05-07 19:46 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-05-07 19:44 . 2011-05-07 19:44 -------- d-----w- c:\program files (x86)\Lavalys
2011-05-07 19:18 . 2011-05-07 19:18 -------- d-----w- c:\users\PHENOM LUKAS\AppData\Roaming\MAXON
2011-05-06 16:29 . 2011-05-06 16:29 -------- d-----w- c:\users\PHENOM LUKAS\AppData\Local\Electronic Arts
2011-04-26 13:29 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A6324AF-EA8C-43F2-AC38-BA244E330CCF}\mpengine.dll
2011-04-19 17:53 . 2011-05-07 18:54 -------- d-----w- c:\program files (x86)\GamePark.cz Klient
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-08 13:43 . 2010-12-25 17:07 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-08 13:43 . 2010-12-24 13:03 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-07 22:48 . 2010-12-24 13:03 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-04-09 14:26 . 2010-12-24 13:03 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-08_19.25.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-12-24 12:25 . 2011-05-08 14:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-24 12:25 . 2011-05-08 20:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-24 12:25 . 2011-05-08 20:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-24 12:25 . 2011-05-08 14:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-24 12:25 . 2011-05-08 14:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-24 12:25 . 2011-05-08 20:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-24 12:25 . 2011-05-08 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-24 12:25 . 2011-05-08 14:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-24 12:25 . 2011-05-08 14:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-24 12:25 . 2011-05-08 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-08 13:31 . 2011-05-08 14:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-08 19:59 . 2011-05-08 19:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-08 19:59 . 2011-05-08 19:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-08 13:31 . 2011-05-08 14:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-24 14:38 . 2011-05-08 19:58 6523752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-07 9919104]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
.
c:\users\PHENOM LUKAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PS3 Media Server.lnk - c:\program files (x86)\PS3 Media Server\PMS.exe [2009-3-9 169367]
.
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2008-08-17 217088]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.23\RivaTuner64.sys [2009-02-15 12288]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [2009-08-24 93336]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/01 13:22];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 11:58 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF19531.cfxxe" [X]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 120328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-egui - c:\program files\ESET\ESET Smart Security\egui.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-469760311-2053617148-4008306589-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:24,29,61,c7,25,4b,9c,9a,ef,b7,8b,da,ff,ad,ce,73,b1,09,4f,05,9a,20,4c,
4f,fd,2f,7e,98,b7,5d,ce,99,ae,83,a9,00,54,d6,5d,9e,39,97,7b,62,ca,40,7d,85,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-469760311-2053617148-4008306589-1000\Software\SecuROM\License information*]
"datasecu"=hex:1f,46,88,1f,4a,6b,24,72,68,51,51,5d,11,6d,0b,56,8a,21,05,2e,0e,
b4,bb,e0,6c,c1,1e,9e,20,a3,54,1d,51,a2,3e,e3,71,09,7d,3e,e8,ce,a0,cd,28,aa,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\DAODx.exe
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Java\jre6\bin\javaw.exe
.
**************************************************************************
.
Celkový čas: 2011-05-08 22:03:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-08 20:03
ComboFix2.txt 2011-05-08 19:27
.
Před spuštěním: Volných bajtů: 523 642 953 728
Po spuštění: Volných bajtů: 523 448 107 008
.
- - End Of File - - 7603B7797967352A42E89CBABCE5305F

[Žbeky]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

[TheBigShock]

Děkuji ti moc za strávený čas mým problém. :)

[Žbeky]

To ještě není konec. Jasně tam píšu že chci nový log z HJT a zprávu, jak se chová PC