Prosím o kontrolu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 14 pro 2013 11:33

Odinstaluj:
IObit Malware Fighter
MWAV
mybrowserbar

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

Firefox::
FF - ProfilePath - c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\
FF - ExtSQL: 2013-12-08 16:21; savingsslider@mybrowserbar.com; c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\extensions\savingsslider@mybrowserbar.com
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
854005
Level 2
Level 2
Příspěvky: 241
Registrován: říjen 12
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod 854005 » 14 pro 2013 15:41

Jak mám prosím odinstalovat MVAW? V seznamu nainstalovanách programů ve Win není, přes CCleaner ani Revo ho taky nevidím...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 15 pro 2013 10:20

Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

854005
Level 2
Level 2
Příspěvky: 241
Registrován: říjen 12
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod 854005 » 15 pro 2013 13:48

Bohužel nepomohl ani ten program. Koukal jsem i na jiné názvy, zda se to nejmenuje třeba e-scan, apod., ale ne. V PC je akorát složka C:\ProgramData\MWAV a v ní nějaký soubor databáze, víc nic...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 16 pro 2013 09:31

tak to nech , potom vyčistíme.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

854005
Level 2
Level 2
Příspěvky: 241
Registrován: říjen 12
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod 854005 » 16 pro 2013 20:45

Combo Fix

ComboFix 13-12-13.01 - Milan . 12. 2013 20:00:15.2.4 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.8005.6442 [GMT 1:00]
Spuštěný z: c:\users\Milan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Milan\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-16 do 2013-12-16 )))))))))))))))))))))))))))))))
.
.
2013-12-16 19:09 . 2013-12-16 19:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-16 19:09 . 2013-12-16 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-15 10:43 . 2013-12-15 10:43 -------- d-----w- c:\program files (x86)\Special Uninstaller
2013-12-12 21:07 . 2013-12-12 21:07 -------- d-----w- c:\windows\ERUNT
2013-12-11 19:16 . 2013-12-12 20:46 -------- d-----w- C:\AdwCleaner
2013-12-11 16:38 . 2013-10-25 06:18 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-12-11 16:35 . 2013-12-11 16:35 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-12-11 16:35 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\VDLL.DLL
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\rundll16.exe
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\RUNDL132.EXE
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\logo1_.exe
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\logo_1.exe
2013-12-10 18:22 . 2013-12-10 18:22 350160 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-12-10 18:22 . 2013-12-10 18:22 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2013-12-10 18:22 . 2013-12-10 18:22 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2013-12-10 18:22 . 2013-12-10 18:22 572928 ----a-w- c:\windows\SysWow64\msvcp90.dll
2013-12-10 18:22 . 2013-12-10 18:22 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2013-12-10 18:22 . 2013-12-10 18:22 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2013-12-10 18:22 . 2013-12-10 18:22 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2013-12-10 18:22 . 2013-12-10 18:22 -------- d-----w- c:\programdata\MicroWorld
2013-12-10 16:47 . 2013-12-10 16:47 -------- d-----w- c:\programdata\Malwarebytes
2013-12-10 16:47 . 2013-12-10 16:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-10 16:47 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-08 15:31 . 2013-12-08 15:31 -------- d-----w- c:\program files (x86)\Wise
2013-12-08 13:30 . 2013-12-08 13:45 -------- d-----w- c:\program files (x86)\eM Client
2013-12-08 11:57 . 2013-12-08 11:57 -------- d-----w- c:\program files (x86)\Analog Clock-7
2013-12-08 11:57 . 2012-02-07 06:35 147456 ----a-w- c:\windows\SysWow64\Analog Clock-7.scr
2013-12-07 14:50 . 2013-12-07 14:50 -------- d-----w- c:\programdata\Logs
2013-12-07 14:46 . 2013-12-07 14:46 -------- d-----w- c:\windows\cs
2013-12-07 14:45 . 2013-12-07 14:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-12-07 14:45 . 2013-12-07 14:45 -------- d-----w- c:\program files\Windows Live
2013-12-07 14:45 . 2013-12-07 14:45 -------- d-----w- c:\windows\PCHEALTH
2013-12-07 14:45 . 2013-12-07 14:45 -------- d-----w- c:\program files (x86)\Windows Live
2013-12-07 14:43 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-12-07 14:43 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-12-07 14:43 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-12-07 14:43 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-12-07 14:43 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-12-07 14:43 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-12-07 14:43 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-12-07 14:43 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-12-07 14:43 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-12-07 14:43 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-12-07 14:43 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-12-07 14:43 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-12-07 14:42 . 2013-12-07 14:42 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-12-03 12:38 . 2001-09-10 17:05 69632 ----a-w- c:\windows\Twunk_32.exe
2013-12-03 12:38 . 2001-09-10 17:05 48560 ----a-w- c:\windows\Twunk_16.exe
2013-12-03 12:38 . 1999-05-06 13:22 27632 ----a-w- c:\windows\SysWow64\CTL3DV2.DLL
2013-12-03 12:38 . 1997-10-14 04:19 11776 ----a-w- c:\windows\SysWow64\pmsbfn32.dll
2013-12-03 12:38 . 2013-12-03 12:38 -------- d-----w- c:\program files (x86)\Common Files\NewSoft
2013-12-03 12:37 . 2013-12-03 12:38 -------- d-----w- c:\program files (x86)\Common Files\PDFView
2013-12-03 12:37 . 2013-12-03 12:37 -------- d-----w- c:\windows\SysWow64\Color
2013-12-03 12:37 . 2013-12-03 12:37 -------- d-----w- c:\program files (x86)\NewSoft
2013-12-03 12:37 . 2005-04-03 22:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-12-03 12:37 . 2005-04-03 22:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-12-03 12:37 . 2005-04-03 22:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-12-03 12:37 . 2005-04-03 22:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-12-03 12:37 . 2005-04-03 22:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-12-03 12:37 . 2005-04-03 21:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-12-03 12:37 . 2013-12-03 12:37 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-12-03 12:37 . 2013-12-03 12:37 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-12-03 12:34 . 2013-12-03 12:34 -------- d-----w- c:\program files (x86)\ArcSoft
2013-12-03 12:34 . 1995-08-01 03:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2013-12-03 12:33 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-12-03 12:33 . 2001-09-05 03:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-12-03 12:33 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-12-03 12:33 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-12-03 12:33 . 2003-04-23 05:34 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-12-03 12:32 . 2013-12-03 12:32 -------- d-----w- c:\program files\Common Files\CANON
2013-12-03 12:31 . 2013-12-03 12:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-12-03 12:31 . 2013-12-03 12:31 -------- d--h--w- c:\program files\CanonBJ
2013-12-03 12:30 . 2013-12-03 12:32 -------- d-----w- c:\program files (x86)\Canon
2013-12-02 17:17 . 2013-12-02 17:17 280752 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-12-02 16:40 . 2013-12-02 16:40 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-12-01 21:27 . 2008-05-07 18:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2013-11-30 19:21 . 2013-11-30 19:21 -------- d-----w- c:\programdata\Advanced Uninstaller PRO
2013-11-30 19:21 . 2013-11-30 19:21 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2013-11-30 19:21 . 2009-11-05 11:24 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl
2013-11-30 19:16 . 2013-11-30 19:21 -------- d-----w- c:\programdata\Innovative Solutions
2013-11-30 19:04 . 2013-11-30 19:04 -------- d-----w- c:\program files (x86)\VideoLAN
2013-11-30 18:56 . 2002-09-25 20:06 87392 ----a-w- c:\windows\twain.dll
2013-11-30 18:48 . 2013-11-30 18:49 -------- d-----w- C:\totalcmd
2013-11-30 18:46 . 2013-11-30 18:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-11-30 18:46 . 2013-11-30 18:46 -------- d-----w- c:\programdata\Oracle
2013-11-30 18:46 . 2013-11-30 18:46 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-30 18:46 . 2013-11-30 18:46 -------- d-----w- c:\program files (x86)\Java
2013-11-30 18:40 . 2013-11-30 18:40 -------- d-----w- c:\program files (x86)\Zoner
2013-11-30 18:39 . 2013-11-30 18:39 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-11-30 18:32 . 2013-11-30 18:32 41899 ----a-w- c:\windows\SysWow64\NeonClockUninstall.exe
2013-11-30 18:17 . 2013-11-30 18:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-11-30 18:04 . 2013-10-08 22:27 3279872 ----a-w- c:\windows\system32\wuaueng.dll
2013-11-30 18:04 . 2013-08-30 05:19 626688 ----a-w- c:\windows\system32\resutils.dll
2013-11-30 18:04 . 2013-08-30 05:18 374784 ----a-w- c:\windows\system32\clusapi.dll
2013-11-30 17:01 . 2013-11-30 17:04 -------- d-----r- c:\windows\BrowserChoice
2013-11-30 16:52 . 2013-11-30 16:54 -------- d-----w- c:\windows\system32\MRT
2013-11-30 16:48 . 2013-08-29 23:48 914432 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2013-11-30 16:48 . 2013-09-13 22:36 247296 ----a-w- c:\windows\SysWow64\ubpm.dll
2013-11-30 16:48 . 2013-09-13 22:33 328192 ----a-w- c:\windows\system32\ubpm.dll
2013-11-30 16:48 . 2013-08-30 05:43 61784 ----a-w- c:\windows\system32\drivers\crashdmp.sys
2013-11-30 16:48 . 2013-08-21 06:39 465240 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-11-30 16:48 . 2013-08-10 06:30 151896 ----a-w- c:\windows\system32\drivers\tpm.sys
2013-11-30 16:48 . 2013-08-10 05:21 817152 ----a-w- c:\windows\system32\kerberos.dll
2013-11-30 16:48 . 2013-07-12 01:38 599040 ----a-w- c:\windows\system32\WSDApi.dll
2013-11-30 16:48 . 2013-08-10 03:58 656896 ----a-w- c:\windows\SysWow64\kerberos.dll
2013-11-30 16:48 . 2013-07-12 01:30 485376 ----a-w- c:\windows\SysWow64\WSDApi.dll
2013-11-30 16:46 . 2012-10-11 05:45 3236864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-11-30 16:43 . 2013-06-21 05:04 19187712 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-11-30 16:42 . 2013-05-30 23:24 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-11-30 16:42 . 2013-05-15 02:25 888320 ----a-w- c:\windows\system32\autochk.exe
2013-11-30 16:42 . 2013-05-15 02:25 542208 ----a-w- c:\windows\system32\untfs.dll
2013-11-30 16:42 . 2013-05-15 02:24 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-11-30 16:42 . 2013-05-15 02:24 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-11-30 16:40 . 2012-11-06 07:52 277736 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2013-11-30 16:32 . 2013-11-30 18:14 -------- d-----w- c:\windows\SysWow64\Adobe
2013-11-30 16:26 . 2013-11-05 22:58 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-30 16:26 . 2013-11-05 22:58 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-30 16:05 . 2013-11-30 16:06 -------- d-----w- c:\program files (x86)\LibreOffice 4
2013-11-30 15:13 . 2013-05-22 17:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-11-30 15:04 . 2013-11-30 15:04 8858112 ----a-w- c:\windows\SysWow64\twinui.dll
2013-11-30 15:04 . 2013-11-30 15:04 2304512 ----a-w- c:\windows\system32\authui.dll
2013-11-30 15:04 . 2013-11-30 15:04 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-30 15:04 . 2013-11-30 15:04 10116608 ----a-w- c:\windows\system32\twinui.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-30 14:55 . 2013-11-30 14:55 419328 ----a-w- c:\windows\system32\schannel.dll
2013-11-30 14:55 . 2013-11-30 14:55 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2013-11-30 14:46 . 2013-11-30 14:46 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-11-30 14:46 . 2013-11-30 14:46 39936 ----a-w- c:\windows\apppatch\apppatch64\acspecfc.dll
2013-11-30 14:46 . 2013-11-30 14:46 310784 ----a-w- c:\windows\apppatch\AcRes.dll
2013-11-30 13:37 . 2013-11-30 13:37 1285632 ----a-w- c:\windows\system32\schedsvc.dll
2013-11-29 17:51 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RadioController"="c:\program files (x86)\RadioController\RfBtnHelper.exe" [2013-01-28 111216]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-30 3568312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-11-30 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BrcmCardReader;Broadcom Card Reader Service;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 StartMenuService;StartMenu8 Service;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\System32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\System32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\System32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\System32\drivers\bScsiSDa.sys;c:\windows\SYSNATIVE\drivers\bScsiSDa.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-08 c:\windows\Tasks\ASC7_SkipUac_Milan.job
- c:\program files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2013-11-30 18:03]
.
2013-11-30 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-11-30 10:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-11-30 12:44 2486592 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]
c:\users\Milan\AppData\Roaming\Slick Savings\Coupons64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-30 09:59 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-23 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-23 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-23 441888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-11-30 13662936]
"BtPreLoad"="c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe" [2012-11-06 64640]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =800236&p=
FF - ExtSQL: 2013-11-30 10:59; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-11-30 19:21; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - ExtSQL: 2013-12-08 16:21; savingsslider@mybrowserbar.com; c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\extensions\savingsslider@mybrowserbar.com
FF - ExtSQL: 2013-12-08 16:28; {58d2a791-6199-482f-a9aa-9b725ec61362}; c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-NeonClock - c:\windows\system32\NeonClockUninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Launch Manager\LManager.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\IObit\Start Menu 8\StartMenu8.exe
c:\program files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
.
**************************************************************************
.
Celkový čas: 2013-12-16 20:26:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-16 19:26
ComboFix2.txt 2013-12-13 17:43
.
Před spuštěním: 54 730 117 120 bytes free
Po spuštění: 54 503 895 040 bytes free
.
- - End Of File - - 9BC9447B30AD2422CCAD2AC2999A6F39

HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:33:41, on 16. 12. 2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Users\Milan\Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Broadcom Card Reader Service (BrcmCardReader) - Broadcom Corp. - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StartMenu8 Service (StartMenuService) - IObit - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe

--
End of file - 8626 bytes

aswMBR

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-16 20:40:04
-----------------------------
20:40:04.415 OS Version: Windows x64 6.2.9200
20:40:04.415 Number of processors: 4 586 0x2A07
20:40:04.431 ComputerName: MILAN UserName: Milan
20:40:04.478 Initialze error 1
20:40:08.150 AVAST engine defs: 13121600
20:40:25.275 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039
20:40:25.275 Disk 0 Vendor: ST750LM022_HN-M750MBB 2AR10001 Size: 715404MB BusType: 11
20:40:25.291 Disk 0 MBR read successfully
20:40:25.291 Disk 0 MBR scan
20:40:25.307 Disk 0 unknown MBR code
20:40:25.307 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
20:40:25.322 Disk 0 scanning C:\Windows\system32\drivers
20:40:25.322 Service scanning
20:40:26.463 Modules scanning
20:40:26.463 Disk 0 trace - called modules:
20:40:26.494 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
20:40:26.494 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099bc060]
20:40:26.510 3 CLASSPNP.SYS[fffff8800137ae0a] -> nt!IofCallDriver -> \Device\00000039[0xfffffa8007f81280]
20:40:26.510 AVAST engine scan C:\Windows
20:40:26.526 AVAST engine scan C:\Windows\system32
20:40:26.526 AVAST engine scan C:\Windows\system32\drivers
20:40:26.526 AVAST engine scan C:\Users\Milan
20:40:26.541 AVAST engine scan C:\ProgramData
20:40:26.541 Scan finished successfully
20:40:39.964 Disk 0 MBR has been saved successfully to "C:\Users\Milan\Documents\MBR.dat"
20:40:39.979 The log file has been saved successfully to "C:\Users\Milan\Documents\aswMBR_new.txt"

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 17 pro 2013 09:48

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"


Tak vymažeme ten MWAV a driver od BitDefender.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\VDLL.DLL
c:\windows\SysWow64\runouce.exe
c:\windows\rundll16.exe
c:\windows\RUNDL132.EXE
c:\windows\logo1_.exe
c:\windows\logo_1.exe
c:\windows\system32\drivers\trufos.sys
c:\windows\SysWow64\eEmpty.exe

Folder::
c:\program files (x86)\Common Files\MicroWorld
c:\programdata\MicroWorld

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=-

Firefox::
FF - ProfilePath - c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\
FF - ExtSQL: 2013-11-30 19:21; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - ExtSQL: 2013-12-08 16:21; savingsslider@mybrowserbar.com; c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\extensions\savingsslider@mybrowserbar.com
FF - ExtSQL: 2013-12-08 16:28; {58d2a791-6199-482f-a9aa-9b725ec61362}; c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

854005
Level 2
Level 2
Příspěvky: 241
Registrován: říjen 12
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod 854005 » 17 pro 2013 19:19

ComboFix 13-12-13.01 - Milan . 12. 2013 19:00:51.3.4 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.8005.6470 [GMT 1:00]
Spuštěný z: c:\users\Milan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Milan\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\logo_1.exe"
"c:\windows\logo1_.exe"
"c:\windows\RUNDL132.EXE"
"c:\windows\rundll16.exe"
"c:\windows\system32\drivers\trufos.sys"
"c:\windows\SysWow64\eEmpty.exe"
"c:\windows\SysWow64\runouce.exe"
"c:\windows\VDLL.DLL"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\MicroWorld
c:\programdata\MicroWorld
c:\programdata\MicroWorld\MWAV\ESCANDBX.MDB
c:\windows\system32\drivers\trufos.sys
c:\windows\SysWow64\eEmpty.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-17 do 2013-12-17 )))))))))))))))))))))))))))))))
.
.
2013-12-17 18:05 . 2013-12-17 18:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-17 18:05 . 2013-12-17 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-15 10:43 . 2013-12-15 10:43 -------- d-----w- c:\program files (x86)\Special Uninstaller
2013-12-12 21:07 . 2013-12-12 21:07 -------- d-----w- c:\windows\ERUNT
2013-12-11 19:16 . 2013-12-12 20:46 -------- d-----w- C:\AdwCleaner
2013-12-11 16:38 . 2013-10-25 06:18 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-12-11 16:35 . 2013-12-11 16:35 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-12-11 16:35 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\VDLL.DLL
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\rundll16.exe
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\RUNDL132.EXE
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\logo1_.exe
2013-12-10 18:25 . 2013-12-10 18:25 -------- d---a-w- c:\windows\logo_1.exe
2013-12-10 18:22 . 2013-12-10 18:22 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2013-12-10 18:22 . 2013-12-10 18:22 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2013-12-10 18:22 . 2013-12-10 18:22 572928 ----a-w- c:\windows\SysWow64\msvcp90.dll
2013-12-10 18:22 . 2013-12-10 18:22 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2013-12-10 16:47 . 2013-12-10 16:47 -------- d-----w- c:\programdata\Malwarebytes
2013-12-10 16:47 . 2013-12-10 16:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-10 16:47 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-08 15:31 . 2013-12-08 15:31 -------- d-----w- c:\program files (x86)\Wise
2013-12-08 13:30 . 2013-12-08 13:45 -------- d-----w- c:\program files (x86)\eM Client
2013-12-08 11:57 . 2013-12-08 11:57 -------- d-----w- c:\program files (x86)\Analog Clock-7
2013-12-08 11:57 . 2012-02-07 06:35 147456 ----a-w- c:\windows\SysWow64\Analog Clock-7.scr
2013-12-07 14:50 . 2013-12-07 14:50 -------- d-----w- c:\programdata\Logs
2013-12-07 14:46 . 2013-12-07 14:46 -------- d-----w- c:\windows\cs
2013-12-07 14:45 . 2013-12-07 14:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-12-07 14:45 . 2013-12-07 14:45 -------- d-----w- c:\program files\Windows Live
2013-12-07 14:45 . 2013-12-07 14:45 -------- d-----w- c:\windows\PCHEALTH
2013-12-07 14:45 . 2013-12-07 14:45 -------- d-----w- c:\program files (x86)\Windows Live
2013-12-07 14:43 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-12-07 14:43 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-12-07 14:43 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-12-07 14:43 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-12-07 14:43 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-12-07 14:43 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-12-07 14:43 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-12-07 14:43 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-12-07 14:43 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-12-07 14:43 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-12-07 14:43 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-12-07 14:43 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-12-07 14:42 . 2013-12-07 14:42 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-12-03 12:38 . 2001-09-10 17:05 69632 ----a-w- c:\windows\Twunk_32.exe
2013-12-03 12:38 . 2001-09-10 17:05 48560 ----a-w- c:\windows\Twunk_16.exe
2013-12-03 12:38 . 1999-05-06 13:22 27632 ----a-w- c:\windows\SysWow64\CTL3DV2.DLL
2013-12-03 12:38 . 1997-10-14 04:19 11776 ----a-w- c:\windows\SysWow64\pmsbfn32.dll
2013-12-03 12:38 . 2013-12-03 12:38 -------- d-----w- c:\program files (x86)\Common Files\NewSoft
2013-12-03 12:37 . 2013-12-03 12:38 -------- d-----w- c:\program files (x86)\Common Files\PDFView
2013-12-03 12:37 . 2013-12-03 12:37 -------- d-----w- c:\windows\SysWow64\Color
2013-12-03 12:37 . 2013-12-03 12:37 -------- d-----w- c:\program files (x86)\NewSoft
2013-12-03 12:37 . 2005-04-03 22:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-12-03 12:37 . 2005-04-03 22:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-12-03 12:37 . 2005-04-03 22:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-12-03 12:37 . 2005-04-03 22:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-12-03 12:37 . 2005-04-03 22:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-12-03 12:37 . 2005-04-03 21:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-12-03 12:37 . 2013-12-03 12:37 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-12-03 12:37 . 2013-12-03 12:37 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-12-03 12:34 . 2013-12-03 12:34 -------- d-----w- c:\program files (x86)\ArcSoft
2013-12-03 12:34 . 1995-08-01 03:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2013-12-03 12:33 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-12-03 12:33 . 2001-09-05 03:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-12-03 12:33 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-12-03 12:33 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-12-03 12:33 . 2003-04-23 05:34 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-12-03 12:32 . 2013-12-03 12:32 -------- d-----w- c:\program files\Common Files\CANON
2013-12-03 12:31 . 2013-12-03 12:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-12-03 12:31 . 2013-12-03 12:31 -------- d--h--w- c:\program files\CanonBJ
2013-12-03 12:30 . 2013-12-03 12:32 -------- d-----w- c:\program files (x86)\Canon
2013-12-02 17:17 . 2013-12-02 17:17 280752 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-12-02 16:40 . 2013-12-02 16:40 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-12-01 21:27 . 2008-05-07 18:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2013-11-30 19:21 . 2013-11-30 19:21 -------- d-----w- c:\programdata\Advanced Uninstaller PRO
2013-11-30 19:21 . 2013-11-30 19:21 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2013-11-30 19:21 . 2009-11-05 11:24 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl
2013-11-30 19:16 . 2013-11-30 19:21 -------- d-----w- c:\programdata\Innovative Solutions
2013-11-30 19:04 . 2013-11-30 19:04 -------- d-----w- c:\program files (x86)\VideoLAN
2013-11-30 18:56 . 2002-09-25 20:06 87392 ----a-w- c:\windows\twain.dll
2013-11-30 18:48 . 2013-11-30 18:49 -------- d-----w- C:\totalcmd
2013-11-30 18:46 . 2013-11-30 18:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-11-30 18:46 . 2013-11-30 18:46 -------- d-----w- c:\programdata\Oracle
2013-11-30 18:46 . 2013-11-30 18:46 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-30 18:46 . 2013-11-30 18:46 -------- d-----w- c:\program files (x86)\Java
2013-11-30 18:40 . 2013-11-30 18:40 -------- d-----w- c:\program files (x86)\Zoner
2013-11-30 18:39 . 2013-11-30 18:39 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-11-30 18:32 . 2013-11-30 18:32 41899 ----a-w- c:\windows\SysWow64\NeonClockUninstall.exe
2013-11-30 18:17 . 2013-11-30 18:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-11-30 18:04 . 2013-10-08 22:27 3279872 ----a-w- c:\windows\system32\wuaueng.dll
2013-11-30 18:04 . 2013-08-30 05:19 626688 ----a-w- c:\windows\system32\resutils.dll
2013-11-30 18:04 . 2013-08-30 05:18 374784 ----a-w- c:\windows\system32\clusapi.dll
2013-11-30 17:01 . 2013-11-30 17:04 -------- d-----r- c:\windows\BrowserChoice
2013-11-30 16:52 . 2013-11-30 16:54 -------- d-----w- c:\windows\system32\MRT
2013-11-30 16:48 . 2013-08-29 23:48 914432 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2013-11-30 16:48 . 2013-09-13 22:36 247296 ----a-w- c:\windows\SysWow64\ubpm.dll
2013-11-30 16:48 . 2013-09-13 22:33 328192 ----a-w- c:\windows\system32\ubpm.dll
2013-11-30 16:48 . 2013-08-30 05:43 61784 ----a-w- c:\windows\system32\drivers\crashdmp.sys
2013-11-30 16:48 . 2013-08-21 06:39 465240 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-11-30 16:48 . 2013-08-10 06:30 151896 ----a-w- c:\windows\system32\drivers\tpm.sys
2013-11-30 16:48 . 2013-08-10 05:21 817152 ----a-w- c:\windows\system32\kerberos.dll
2013-11-30 16:48 . 2013-07-12 01:38 599040 ----a-w- c:\windows\system32\WSDApi.dll
2013-11-30 16:48 . 2013-08-10 03:58 656896 ----a-w- c:\windows\SysWow64\kerberos.dll
2013-11-30 16:48 . 2013-07-12 01:30 485376 ----a-w- c:\windows\SysWow64\WSDApi.dll
2013-11-30 16:46 . 2012-10-11 05:45 3236864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-11-30 16:43 . 2013-06-21 05:04 19187712 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-11-30 16:42 . 2013-05-30 23:24 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-11-30 16:42 . 2013-05-15 02:25 888320 ----a-w- c:\windows\system32\autochk.exe
2013-11-30 16:42 . 2013-05-15 02:25 542208 ----a-w- c:\windows\system32\untfs.dll
2013-11-30 16:42 . 2013-05-15 02:24 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-11-30 16:42 . 2013-05-15 02:24 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-11-30 16:40 . 2012-11-06 07:52 277736 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2013-11-30 16:32 . 2013-11-30 18:14 -------- d-----w- c:\windows\SysWow64\Adobe
2013-11-30 16:26 . 2013-11-05 22:58 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-30 16:26 . 2013-11-05 22:58 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-30 16:05 . 2013-11-30 16:06 -------- d-----w- c:\program files (x86)\LibreOffice 4
2013-11-30 15:13 . 2013-05-22 17:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-11-30 15:04 . 2013-11-30 15:04 8858112 ----a-w- c:\windows\SysWow64\twinui.dll
2013-11-30 15:04 . 2013-11-30 15:04 2304512 ----a-w- c:\windows\system32\authui.dll
2013-11-30 15:04 . 2013-11-30 15:04 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-30 15:04 . 2013-11-30 15:04 10116608 ----a-w- c:\windows\system32\twinui.dll
2013-11-30 15:02 . 2013-11-30 15:02 2062848 ----a-w- c:\windows\system32\d3d11.dll
2013-11-30 15:02 . 2013-11-30 15:02 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-11-30 15:00 . 2013-11-30 15:00 1890816 ----a-w- c:\windows\system32\crypt32.dll
2013-11-30 15:00 . 2013-11-30 15:00 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-30 14:55 . 2013-11-30 14:55 419328 ----a-w- c:\windows\system32\schannel.dll
2013-11-30 14:55 . 2013-11-30 14:55 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2013-11-30 14:46 . 2013-11-30 14:46 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-11-30 14:46 . 2013-11-30 14:46 39936 ----a-w- c:\windows\apppatch\apppatch64\acspecfc.dll
2013-11-30 14:46 . 2013-11-30 14:46 310784 ----a-w- c:\windows\apppatch\AcRes.dll
2013-11-30 13:37 . 2013-11-30 13:37 1285632 ----a-w- c:\windows\system32\schedsvc.dll
2013-11-29 17:51 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RadioController"="c:\program files (x86)\RadioController\RfBtnHelper.exe" [2013-01-28 111216]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-30 3568312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-11-30 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BrcmCardReader;Broadcom Card Reader Service;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 StartMenuService;StartMenu8 Service;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\System32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\System32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\System32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\System32\drivers\bScsiSDa.sys;c:\windows\SYSNATIVE\drivers\bScsiSDa.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-08 c:\windows\Tasks\ASC7_SkipUac_Milan.job
- c:\program files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2013-11-30 18:03]
.
2013-11-30 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-11-30 10:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-11-30 12:44 2486592 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]
c:\users\Milan\AppData\Roaming\Slick Savings\Coupons64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-30 09:59 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-23 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-23 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-23 441888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-11-30 13662936]
"BtPreLoad"="c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe" [2012-11-06 64640]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =800236&p=
FF - ExtSQL: 2013-11-30 10:59; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-11-30 19:21; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - ExtSQL: 2013-12-08 16:28; {58d2a791-6199-482f-a9aa-9b725ec61362}; c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\d5hj2ziy.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-NeonClock - c:\windows\system32\NeonClockUninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Launch Manager\LManager.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\IObit\Start Menu 8\StartMenu8.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-12-17 19:12:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-17 18:12
ComboFix2.txt 2013-12-16 19:26
ComboFix3.txt 2013-12-13 17:43
.
Před spuštěním: 54 454 521 856 bytes free
Po spuštění: 56 829 587 456 bytes free
.
- - End Of File - - 8C70C436FA4EA1DA88C4ABAC65B470B5


HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:53, on 17. 12. 2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Users\Milan\Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Broadcom Card Reader Service (BrcmCardReader) - Broadcom Corp. - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StartMenu8 Service (StartMenuService) - IObit - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe

--
End of file - 8252 bytes

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 18 pro 2013 10:05

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

854005
Level 2
Level 2
Příspěvky: 241
Registrován: říjen 12
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu  Vyřešeno

Příspěvekod 854005 » 18 pro 2013 20:46

Ano, je to vše. Děkuji za pomoc.

Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod memphisto » 18 pro 2013 22:37

I za jara není zač ;)
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 119 hostů