Prosím o kontrolu logu.

junebag · Příspěvekod **junebag** » 14 kvě 2013 06:23

06:16:18.0629 3764 viaagp - ok
06:16:18.0644 3764 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
06:16:18.0644 3764 ViaC7 - ok
06:16:18.0675 3764 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
06:16:18.0675 3764 viaide - ok
06:16:18.0707 3764 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
06:16:18.0707 3764 vmbus - ok
06:16:18.0722 3764 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
06:16:18.0722 3764 VMBusHID - ok
06:16:18.0753 3764 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:16:18.0753 3764 volmgr - ok
06:16:18.0769 3764 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:16:18.0769 3764 volmgrx - ok
06:16:18.0785 3764 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:16:18.0785 3764 volsnap - ok
06:16:18.0816 3764 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
06:16:18.0816 3764 vsmraid - ok
06:16:18.0847 3764 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
06:16:18.0863 3764 VSS - ok
06:16:18.0878 3764 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
06:16:18.0878 3764 vwifibus - ok
06:16:18.0925 3764 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
06:16:18.0941 3764 W32Time - ok
06:16:18.0956 3764 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
06:16:18.0956 3764 WacomPen - ok
06:16:19.0003 3764 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:16:19.0003 3764 WANARP - ok
06:16:19.0003 3764 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:16:19.0019 3764 Wanarpv6 - ok
06:16:19.0065 3764 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:16:19.0081 3764 WatAdminSvc - ok
06:16:19.0112 3764 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
06:16:19.0143 3764 wbengine - ok
06:16:19.0159 3764 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:16:19.0175 3764 WbioSrvc - ok
06:16:19.0206 3764 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:16:19.0237 3764 wcncsvc - ok
06:16:19.0253 3764 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:16:19.0268 3764 WcsPlugInService - ok
06:16:19.0299 3764 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
06:16:19.0299 3764 Wd - ok
06:16:19.0331 3764 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:16:19.0346 3764 Wdf01000 - ok
06:16:19.0362 3764 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:16:19.0377 3764 WdiServiceHost - ok
06:16:19.0377 3764 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:16:19.0393 3764 WdiSystemHost - ok
06:16:19.0409 3764 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
06:16:19.0424 3764 WebClient - ok
06:16:19.0440 3764 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:16:19.0455 3764 Wecsvc - ok
06:16:19.0471 3764 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:16:19.0487 3764 wercplsupport - ok
06:16:19.0502 3764 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
06:16:19.0518 3764 WerSvc - ok
06:16:19.0549 3764 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:16:19.0549 3764 WfpLwf - ok
06:16:19.0580 3764 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:16:19.0580 3764 WIMMount - ok
06:16:19.0643 3764 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
06:16:19.0658 3764 WinDefend - ok
06:16:19.0674 3764 WinHttpAutoProxySvc - ok
06:16:19.0736 3764 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:16:19.0736 3764 Winmgmt - ok
06:16:19.0783 3764 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
06:16:19.0845 3764 WinRM - ok
06:16:19.0908 3764 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
06:16:19.0908 3764 WinUsb - ok
06:16:19.0955 3764 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
06:16:20.0001 3764 Wlansvc - ok
06:16:20.0017 3764 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
06:16:20.0017 3764 WmiAcpi - ok
06:16:20.0048 3764 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:16:20.0048 3764 wmiApSrv - ok
06:16:20.0142 3764 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
06:16:20.0157 3764 WMPNetworkSvc - ok
06:16:20.0173 3764 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:16:20.0189 3764 WPCSvc - ok
06:16:20.0220 3764 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:16:20.0251 3764 WPDBusEnum - ok
06:16:20.0267 3764 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:16:20.0267 3764 ws2ifsl - ok
06:16:20.0282 3764 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
06:16:20.0298 3764 wscsvc - ok
06:16:20.0298 3764 WSearch - ok
06:16:20.0360 3764 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
06:16:20.0407 3764 wuauserv - ok
06:16:20.0438 3764 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:16:20.0438 3764 WudfPf - ok
06:16:20.0438 3764 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:16:20.0454 3764 WUDFRd - ok
06:16:20.0485 3764 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:16:20.0516 3764 wudfsvc - ok
06:16:20.0547 3764 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
06:16:20.0579 3764 WwanSvc - ok
06:16:20.0594 3764 ================ Scan global ===============================
06:16:20.0625 3764 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
06:16:20.0657 3764 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
06:16:20.0688 3764 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
06:16:20.0735 3764 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
06:16:20.0781 3764 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
06:16:20.0781 3764 [Global] - ok
06:16:20.0781 3764 ================ Scan MBR ==================================
06:16:20.0828 3764 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:16:21.0359 3764 \Device\Harddisk0\DR0 - ok
06:16:21.0359 3764 ================ Scan VBR ==================================
06:16:21.0374 3764 [ 2804245652DB0C098BD856DFA4C043D0 ] \Device\Harddisk0\DR0\Partition1
06:16:21.0374 3764 \Device\Harddisk0\DR0\Partition1 - ok
06:16:21.0390 3764 [ 9DC30137C951EB57965FD59CE7670381 ] \Device\Harddisk0\DR0\Partition2
06:16:21.0390 3764 \Device\Harddisk0\DR0\Partition2 - ok
06:16:21.0390 3764 ============================================================
06:16:21.0390 3764 Scan finished
06:16:21.0390 3764 ============================================================
06:16:21.0405 4100 Detected object count: 0
06:16:21.0405 4100 Actual detected object count: 0
06:16:24.0666 3612 Deinitialize success

DOTAZ - Jak víc chladit ?

Reklama

junebag · Příspěvekod **junebag** » 14 kvě 2013 06:57

Tak jsem rozebral PC,trošku vyčistil od prachu a teplotu výrazně snížil.Ale kvůli prachu přeci Mbam nebude dělat kraviny :)

Zde je screen s teplotou - http://postimg.org/image/6qgzs9zor/

Příspěvekod **jaro3** » 14 kvě 2013 09:35

Teploty OK.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání skončeno "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

junebag · Příspěvekod **junebag** » 14 kvě 2013 10:47

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Tomáš [Práva správce]
Mód : Odebrat -- Datum : 05/14/2013 10:13:24
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 7 ¤¤¤
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Tomáš\AppData\Local\Pokki\ocdeskband_0.dll [x] -> ODEBRÁNO
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Tomáš\AppData\Local\Pokki\ocdeskband_0.dll [x] -> ODEBRÁNO
[RESIDUE] pokki.exe -- C:\Users\Tomáš\AppData\Local\Pokki\Engine\pokki.exe [7] -> SMAZÁNO [TermProc]
[RESIDUE] pokki.exe -- C:\Users\Tomáš\AppData\Local\Pokki\Engine\pokki.exe [7] -> SMAZÁNO [TermThr]
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Tomáš\AppData\Local\Pokki\ocdeskband_0.dll [x] -> ODEBRÁNO
[RESIDUE] pokki.exe -- C:\Users\Tomáš\AppData\Local\Pokki\Engine\pokki.exe [7] -> SMAZÁNO [TermProc]
[RESIDUE] pokki.exe -- C:\Users\Tomáš\AppData\Local\Pokki\Engine\pokki.exe [7] -> SMAZÁNO [TermThr]

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Messenger ("C:\Users\TomßÜ\AppData\Roaming\msnmsgr.exe") [x] -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : Pokki ("C:\Users\Tomáš\AppData\Local\Pokki\Engine\pokki.exe") [7] -> VYMAZÁNO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-003CA0 ATA Device +++++
--- User ---
[MBR] 40908d00251a569177779326aa3dc61b
[BSP] 8b82ed7058835f47adbaedf1b37b27cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 409610240 | Size: 276932 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3]_D_05142013_02d1013.txt >>
RKreport[1]_S_05142013_02d0613.txt ; RKreport[2]_S_05142013_02d1011.txt ; RKreport[3]_D_05142013_02d1013.txt

_________________________________
_________________________________

ComboFix 13-05-13.01 - Tomáš 14.05.2013 10:24:35.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2046.1105 [GMT 2:00]
Spuštěný z: c:\users\Tomáš\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\system32\SET7DC9.tmp
c:\windows\system32\SET84F0.tmp
c:\windows\system32\tmp4AE9.tmp
c:\windows\system32\tmp4B09.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-14 do 2013-05-14 )))))))))))))))))))))))))))))))
.
.
2013-05-14 08:39 . 2013-05-14 08:39 -------- d-----w- c:\users\Táta\AppData\Local\temp
2013-05-14 08:39 . 2013-05-14 08:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-13 20:29 . 2013-05-14 05:48 -------- d-----w- c:\program files\SpeedFan
2013-05-13 12:10 . 2013-05-14 08:09 -------- d-----w- c:\users\Tomáš\AppData\Local\Pokki
2013-05-13 12:07 . 2013-05-13 12:07 -------- d-----w- c:\users\Tomáš\AppData\Roaming\OpenCandy
2013-05-13 12:07 . 2013-05-13 12:08 -------- d-----w- c:\program files\CrystalDiskInfo
2013-05-13 11:44 . 2013-05-14 05:58 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03B2086C-67DF-441D-8B7B-CC73E685E967}\offreg.dll
2013-05-13 08:26 . 2013-05-13 08:26 -------- d-----w- c:\users\Tomáš\AppData\Roaming\Malwarebytes
2013-05-13 08:26 . 2013-05-13 08:26 -------- d-----w- c:\programdata\Malwarebytes
2013-05-13 03:07 . 2013-05-13 03:07 1187697 ----a-w- c:\windows\unins000.exe
2013-05-13 02:58 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-13 02:58 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-13 02:57 . 2013-03-06 22:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-05-13 02:57 . 2013-03-06 22:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-13 02:57 . 2013-03-06 22:33 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-05-13 02:57 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-13 02:57 . 2013-03-06 22:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-05-13 02:57 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-13 02:57 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-13 02:57 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-13 02:57 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-13 02:57 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-13 02:56 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-05-13 02:56 . 2013-03-06 22:11 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-05-13 02:19 . 2013-05-13 02:19 -------- d-----w- c:\program files\Common Files\Java
2013-05-13 02:18 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-10 13:04 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03B2086C-67DF-441D-8B7B-CC73E685E967}\mpengine.dll
2013-04-24 06:13 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 07:15 . 2013-04-21 07:15 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-13 03:16 . 2012-08-20 06:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 03:16 . 2012-08-20 06:54 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-08-20 07:00 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 10:51 . 2012-08-22 07:55 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-01 10:50 . 2012-08-22 07:55 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-01 10:50 . 2012-08-22 07:54 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-30 10:41 . 2012-08-22 07:54 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-20 12:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 05:04 . 2013-04-10 23:02 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 23:02 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 23:02 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 23:02 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-06 08:17 . 2012-11-19 08:11 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 08:17 . 2012-11-19 08:11 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-01 03:09 . 2013-04-10 23:02 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-22 03:46 . 2013-04-10 23:09 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38 . 2013-04-10 23:09 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37 . 2013-04-10 23:09 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 23:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 23:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31 . 2013-04-10 23:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-15 04:37 . 2013-04-10 23:02 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 04:34 . 2013-04-10 23:02 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 03:25 . 2013-04-10 23:02 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-12 06:04 . 2013-04-12 06:04 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-05-02 802136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2013-1-12 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 aswVmm;aswVmm; [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys [x]
S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\system32\fsproflt2.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 03:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout s Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\5hysn8ba.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://email.seznam.cz/#inbox|https:// ... /dorf1.php
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - ExtSQL: 2013-05-13 04:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
BHO-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
Toolbar-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe
HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
HKLM-Run-Sweetpacks Communicator - c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
AddRemove-uTorrentControl_v2 Toolbar - c:\program files\uTorrentControl_v2\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2002973123-1767548463-3795549043-1001\Software\SecuROM\License information*]
"datasecu"=hex:19,e6,fa,f5,f4,1f,8b,29,a6,58,02,04,63,a2,21,e7,90,a1,96,86,5b,
8a,b6,a6,1e,7e,1f,d4,8d,1c,9d,00,da,4e,70,dd,20,0c,e7,c4,85,0a,8c,81,65,6c,\
"rkeysecu"=hex:98,d8,5c,37,e1,e2,d4,4b,71,08,1a,92,94,fc,67,6f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-05-14 10:42:06
ComboFix-quarantined-files.txt 2013-05-14 08:42
.
Před spuštěním: Volných bajtů: 71 014 096 896
Po spuštění: Volných bajtů: 75 891 503 104
.
- - End Of File - - 351529775894122475F5514C8BAED448

Příspěvekod **jaro3** » 14 kvě 2013 20:49

avast! Antivirus
ESET Smart Security

jeden odinstaluj!!!

Pak nový log z CF...

pomůcky:
Jak odinstalovat avast! za použití nástroje aswClear:
Stáhněte aswClear.exe
http://files.avast.com/files/eng/aswclear.exe

na vaší pracovní plochu
Spusťte jej
Pokud jste instalovali avast! do jiného než výchozího adresáře, nalistujte jej. (Poznámka: Buďte opatrní! Obsah adresáře, který vyberete, bude smazán!!!
Stiskněte SMAZAT
Restartujte počítač

ESS:
http://kb.eset.com/esetkb/index?page=content&id=SOLN93

junebag · Příspěvekod **junebag** » 14 kvě 2013 21:28

Asi to nebude ono.Avast se mi mazat nechce a ESET nikde nemám i když v cf ho vidím.Smazal sem složku,kde Eset byl a udělal cf,ale stále ho vidím.Jak smazat Eset uplně z PC ? Neměl sem ani tušení,že tam je.

ComboFix 13-05-13.01 - Tomáš 14.05.2013 21:11:19.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2046.1370 [GMT 2:00]
Spuštěný z: c:\users\TomßÜ\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-14 do 2013-05-14 )))))))))))))))))))))))))))))))
.
.
2013-05-14 19:23 . 2013-05-14 19:23 -------- d-----w- c:\users\TomßÜ\AppData\Local\temp
2013-05-14 19:23 . 2013-05-14 19:23 -------- d-----w- c:\users\Táta\AppData\Local\temp
2013-05-14 19:23 . 2013-05-14 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 13:06 . 2013-05-14 13:06 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03B2086C-67DF-441D-8B7B-CC73E685E967}\offreg.dll
2013-05-13 12:07 . 2013-05-13 12:07 -------- d-----w- c:\users\Tomáš\AppData\Roaming\OpenCandy
2013-05-13 12:07 . 2013-05-13 12:08 -------- d-----w- c:\program files\CrystalDiskInfo
2013-05-13 08:26 . 2013-05-13 08:26 -------- d-----w- c:\users\Tomáš\AppData\Roaming\Malwarebytes
2013-05-13 08:26 . 2013-05-13 08:26 -------- d-----w- c:\programdata\Malwarebytes
2013-05-13 03:07 . 2013-05-13 03:07 1187697 ----a-w- c:\windows\unins000.exe
2013-05-13 02:58 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-13 02:58 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-13 02:57 . 2013-03-06 22:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-05-13 02:57 . 2013-03-06 22:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-13 02:57 . 2013-03-06 22:33 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-05-13 02:57 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-13 02:57 . 2013-03-06 22:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-05-13 02:57 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-13 02:57 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-13 02:57 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-13 02:57 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-13 02:57 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-13 02:56 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-05-13 02:56 . 2013-03-06 22:11 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-05-13 02:19 . 2013-05-13 02:19 -------- d-----w- c:\program files\Common Files\Java
2013-05-13 02:18 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-10 13:04 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03B2086C-67DF-441D-8B7B-CC73E685E967}\mpengine.dll
2013-04-24 06:13 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 07:15 . 2013-04-21 07:15 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-13 03:16 . 2012-08-20 06:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 03:16 . 2012-08-20 06:54 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-08-20 07:00 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 10:51 . 2012-08-22 07:55 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-01 10:50 . 2012-08-22 07:55 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-01 10:50 . 2012-08-22 07:54 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-30 10:41 . 2012-08-22 07:54 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-20 12:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 05:04 . 2013-04-10 23:02 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 23:02 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 23:02 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 23:02 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-06 08:17 . 2012-11-19 08:11 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 08:17 . 2012-11-19 08:11 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-01 03:09 . 2013-04-10 23:02 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-22 03:46 . 2013-04-10 23:09 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38 . 2013-04-10 23:09 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37 . 2013-04-10 23:09 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 23:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 23:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31 . 2013-04-10 23:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-15 04:37 . 2013-04-10 23:02 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 04:34 . 2013-04-10 23:02 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 03:25 . 2013-04-10 23:02 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-12 06:04 . 2013-04-12 06:04 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-05-02 802136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2013-1-12 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 aswVmm;aswVmm; [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys [x]
S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\system32\fsproflt2.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 03:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout s Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\5hysn8ba.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://email.seznam.cz/#inbox|https:// ... /dorf1.php
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - ExtSQL: 2013-05-13 04:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2002973123-1767548463-3795549043-1001\Software\SecuROM\License information*]
"datasecu"=hex:19,e6,fa,f5,f4,1f,8b,29,a6,58,02,04,63,a2,21,e7,90,a1,96,86,5b,
8a,b6,a6,1e,7e,1f,d4,8d,1c,9d,00,da,4e,70,dd,20,0c,e7,c4,85,0a,8c,81,65,6c,\
"rkeysecu"=hex:98,d8,5c,37,e1,e2,d4,4b,71,08,1a,92,94,fc,67,6f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-05-14 21:25:25
ComboFix-quarantined-files.txt 2013-05-14 19:25
ComboFix2.txt 2013-05-14 08:42
.
Před spuštěním: Volných bajtů: 73 154 449 408
Po spuštění: Volných bajtů: 73 108 725 760
.
- - End Of File - - 5E149A38627A536AA98A1D1F1EA1877D

Příspěvekod **jaro3** » 14 kvě 2013 21:31

Nepsal jsem mazat , ale odinstalovat tímto:

ESS:
http://kb.eset.com/esetkb/index?page=content&id=SOLN93

zbyla tam fůra ovladačů , tak to zkus ještě jednou
+
nový log z CF.

junebag · Příspěvekod **junebag** » 14 kvě 2013 22:07

Tak snad už :)

ComboFix 13-05-13.01 - Tomáš 14.05.2013 21:53:07.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2046.1168 [GMT 2:00]
Spuštěný z: c:\users\Tomáš\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-14 do 2013-05-14 )))))))))))))))))))))))))))))))
.
.
2013-05-14 20:04 . 2013-05-14 20:04 -------- d-----w- c:\users\TomßÜ\AppData\Local\temp
2013-05-14 20:04 . 2013-05-14 20:04 -------- d-----w- c:\users\Táta\AppData\Local\temp
2013-05-14 20:04 . 2013-05-14 20:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-13 12:07 . 2013-05-13 12:07 -------- d-----w- c:\users\Tomáš\AppData\Roaming\OpenCandy
2013-05-13 12:07 . 2013-05-13 12:08 -------- d-----w- c:\program files\CrystalDiskInfo
2013-05-13 08:26 . 2013-05-13 08:26 -------- d-----w- c:\users\Tomáš\AppData\Roaming\Malwarebytes
2013-05-13 08:26 . 2013-05-13 08:26 -------- d-----w- c:\programdata\Malwarebytes
2013-05-13 03:07 . 2013-05-13 03:07 1187697 ----a-w- c:\windows\unins000.exe
2013-05-13 02:58 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-13 02:58 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-13 02:57 . 2013-03-06 22:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-05-13 02:57 . 2013-03-06 22:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-13 02:57 . 2013-03-06 22:33 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-05-13 02:57 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-13 02:57 . 2013-03-06 22:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-05-13 02:57 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-13 02:57 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-13 02:57 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-13 02:57 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-13 02:57 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-13 02:56 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-05-13 02:56 . 2013-03-06 22:11 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-05-13 02:19 . 2013-05-13 02:19 -------- d-----w- c:\program files\Common Files\Java
2013-05-13 02:18 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-10 13:04 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03B2086C-67DF-441D-8B7B-CC73E685E967}\mpengine.dll
2013-04-24 06:13 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 07:15 . 2013-04-21 07:15 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-13 03:16 . 2012-08-20 06:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 03:16 . 2012-08-20 06:54 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-08-20 07:00 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 10:51 . 2012-08-22 07:55 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-01 10:50 . 2012-08-22 07:55 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-01 10:50 . 2012-08-22 07:54 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-30 10:41 . 2012-08-22 07:54 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-20 12:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 05:04 . 2013-04-10 23:02 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 23:02 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 23:02 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 23:02 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-06 08:17 . 2012-11-19 08:11 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 08:17 . 2012-11-19 08:11 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-01 03:09 . 2013-04-10 23:02 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-22 03:46 . 2013-04-10 23:09 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38 . 2013-04-10 23:09 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37 . 2013-04-10 23:09 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 23:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 23:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31 . 2013-04-10 23:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-15 04:37 . 2013-04-10 23:02 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 04:34 . 2013-04-10 23:02 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 03:25 . 2013-04-10 23:02 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-12 06:04 . 2013-04-12 06:04 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-05-02 802136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2013-1-12 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 aswVmm;aswVmm; [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys [x]
S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\system32\fsproflt2.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 03:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout s Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\5hysn8ba.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://email.seznam.cz/#inbox|https:// ... /dorf1.php
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - ExtSQL: 2013-05-13 04:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2002973123-1767548463-3795549043-1001\Software\SecuROM\License information*]
"datasecu"=hex:19,e6,fa,f5,f4,1f,8b,29,a6,58,02,04,63,a2,21,e7,90,a1,96,86,5b,
8a,b6,a6,1e,7e,1f,d4,8d,1c,9d,00,da,4e,70,dd,20,0c,e7,c4,85,0a,8c,81,65,6c,\
"rkeysecu"=hex:98,d8,5c,37,e1,e2,d4,4b,71,08,1a,92,94,fc,67,6f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-05-14 22:06:18
ComboFix-quarantined-files.txt 2013-05-14 20:06
ComboFix2.txt 2013-05-14 19:25
ComboFix3.txt 2013-05-14 08:42
.
Před spuštěním: Volných bajtů: 73 362 137 088
Po spuštění: Volných bajtů: 73 313 587 200
.
- - End Of File - - B849476048F24BDEE43BA33FF85DC0DD

Příspěvekod **memphisto** » 15 kvě 2013 09:02

Je tam pořád... odmažeme skriptem ;-)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\program files\Skype\Updater

File::
c:\windows\system32\DRIVERS\eamonm.sys
c:\windows\system32\DRIVERS\epfwwfp.sys
c:\windows\system32\DRIVERS\EpfwLWF.sys

Driver::
SkypeUpdate
eamonm
epfwwfp
EpfwLWF

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť?.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

junebag · Příspěvekod **junebag** » 15 kvě 2013 10:08

Tak už snad.

ComboFix 13-05-13.01 - Tomáš 15.05.2013 9:54.4.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2046.1148 [GMT 2:00]
Spuštěný z: c:\users\TomßÜ\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\TomßÜ\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-15 do 2013-05-15 )))))))))))))))))))))))))))))))
.
.
2013-05-15 08:05 . 2013-05-15 08:05 -------- d-----w- c:\users\TomßÜ\AppData\Local\temp
2013-05-15 08:05 . 2013-05-15 08:05 -------- d-----w- c:\users\Táta\AppData\Local\temp
2013-05-15 08:05 . 2013-05-15 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-15 05:30 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 03:28 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9961F6B8-E931-4698-BB64-878E03EE0735}\mpengine.dll
2013-05-15 03:27 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 03:27 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 03:27 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 03:26 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 03:26 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-13 12:07 . 2013-05-13 12:07 -------- d-----w- c:\users\Tomáš\AppData\Roaming\OpenCandy
2013-05-13 12:07 . 2013-05-13 12:08 -------- d-----w- c:\program files\CrystalDiskInfo
2013-05-13 08:26 . 2013-05-13 08:26 -------- d-----w- c:\users\Tomáš\AppData\Roaming\Malwarebytes
2013-05-13 08:26 . 2013-05-13 08:26 -------- d-----w- c:\programdata\Malwarebytes
2013-05-13 03:07 . 2013-05-13 03:07 1187697 ----a-w- c:\windows\unins000.exe
2013-05-13 02:58 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-13 02:58 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-13 02:57 . 2013-03-06 22:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-05-13 02:57 . 2013-03-06 22:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-13 02:57 . 2013-03-06 22:33 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-05-13 02:57 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-13 02:57 . 2013-03-06 22:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-05-13 02:57 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-13 02:57 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-13 02:57 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-13 02:57 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-13 02:57 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-13 02:56 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-05-13 02:56 . 2013-03-06 22:11 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-05-13 02:19 . 2013-05-13 02:19 -------- d-----w- c:\program files\Common Files\Java
2013-05-13 02:18 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-24 06:13 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 07:15 . 2013-04-21 07:15 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-13 03:16 . 2012-08-20 06:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 03:16 . 2012-08-20 06:54 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-08-20 07:00 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 10:51 . 2012-08-22 07:55 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-01 10:50 . 2012-08-22 07:55 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-01 10:50 . 2012-08-22 07:54 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-30 10:41 . 2012-08-22 07:54 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-04-13 04:45 . 2013-05-15 03:26 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 03:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-20 12:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 05:04 . 2013-04-10 23:02 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 23:02 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 23:02 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 23:02 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-06 08:17 . 2012-11-19 08:11 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 08:17 . 2012-11-19 08:11 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-15 04:37 . 2013-04-10 23:02 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 04:34 . 2013-04-10 23:02 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 03:25 . 2013-04-10 23:02 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-12 06:04 . 2013-04-12 06:04 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-05-02 802136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2013-1-12 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 aswVmm;aswVmm; [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys [x]
S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\system32\fsproflt2.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 03:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout s Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\5hysn8ba.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://email.seznam.cz/#inbox|https:// ... /dorf1.php
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - ExtSQL: 2013-05-13 04:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2002973123-1767548463-3795549043-1001\Software\SecuROM\License information*]
"datasecu"=hex:19,e6,fa,f5,f4,1f,8b,29,a6,58,02,04,63,a2,21,e7,90,a1,96,86,5b,
8a,b6,a6,1e,7e,1f,d4,8d,1c,9d,00,da,4e,70,dd,20,0c,e7,c4,85,0a,8c,81,65,6c,\
"rkeysecu"=hex:98,d8,5c,37,e1,e2,d4,4b,71,08,1a,92,94,fc,67,6f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-05-15 10:07:31
ComboFix-quarantined-files.txt 2013-05-15 08:07
ComboFix2.txt 2013-05-14 20:06
ComboFix3.txt 2013-05-14 19:25
ComboFix4.txt 2013-05-14 08:42
.
Před spuštěním: Volných bajtů: 72 338 444 288
Po spuštění: Volných bajtů: 71 976 194 048
.
- - End Of File - - 8E29FA12F32CC32853497C3BA6834417

Příspěvekod **jaro3** » 15 kvě 2013 11:08

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KLillAll::
File::
c:\windows\system32\DRIVERS\eamonm.sys
c:\windows\system32\DRIVERS\epfwwfp.sys

Folder::
c:\program files\Skype\Updater

Driver::
SkypeUpdate
eamonm
epfwwfp

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

junebag · Příspěvekod **junebag** » 15 kvě 2013 11:57

ComboFix 13-05-13.01 - Tomáš 15.05.2013 11:43:11.5.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2046.1098 [GMT 2:00]
Spuštěný z: c:\users\TomßÜ\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\TomßÜ\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-15 do 2013-05-15 )))))))))))))))))))))))))))))))
.
.
2013-05-15 09:53 . 2013-05-15 09:53 -------- d-----w- c:\users\TomßÜ\AppData\Local\temp
2013-05-15 09:53 . 2013-05-15 09:53 -------- d-----w- c:\users\Táta\AppData\Local\temp
2013-05-15 09:53 . 2013-05-15 09:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-15 05:30 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 03:28 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9961F6B8-E931-4698-BB64-878E03EE0735}\mpengine.dll
2013-05-15 03:27 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 03:27 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 03:27 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 03:26 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 03:26 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-13 12:07 . 2013-05-13 12:07 -------- d-----w- c:\users\Tomáš\AppData\Roaming\OpenCandy
2013-05-13 12:07 . 2013-05-13 12:08 -------- d-----w- c:\program files\CrystalDiskInfo
2013-05-13 08:26 . 2013-05-13 08:26 -------- d-----w- c:\users\Tomáš\AppData\Roaming\Malwarebytes
2013-05-13 08:26 . 2013-05-13 08:26 -------- d-----w- c:\programdata\Malwarebytes
2013-05-13 03:07 . 2013-05-13 03:07 1187697 ----a-w- c:\windows\unins000.exe
2013-05-13 02:58 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-13 02:58 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-13 02:57 . 2013-03-06 22:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-05-13 02:57 . 2013-03-06 22:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-13 02:57 . 2013-03-06 22:33 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-05-13 02:57 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-13 02:57 . 2013-03-06 22:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-05-13 02:57 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-13 02:57 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-13 02:57 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-13 02:57 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-13 02:57 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-13 02:56 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-05-13 02:56 . 2013-03-06 22:11 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-05-13 02:19 . 2013-05-13 02:19 -------- d-----w- c:\program files\Common Files\Java
2013-05-13 02:18 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-24 06:13 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 07:15 . 2013-04-21 07:15 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 09:12 . 2012-08-20 06:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 09:12 . 2012-08-20 06:54 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 08:40 . 2012-08-22 07:55 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-15 08:40 . 2012-08-22 07:55 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-15 08:40 . 2012-08-22 07:54 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-05-02 00:06 . 2012-08-20 07:00 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 10:50 . 2012-08-22 07:54 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-04-13 04:45 . 2013-05-15 03:26 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 03:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-20 12:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 05:04 . 2013-04-10 23:02 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 23:02 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 23:02 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 23:02 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-06 08:17 . 2012-11-19 08:11 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 08:17 . 2012-11-19 08:11 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-15 04:37 . 2013-04-10 23:02 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 04:34 . 2013-04-10 23:02 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 03:25 . 2013-04-10 23:02 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-12 06:04 . 2013-04-12 06:04 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-05-02 802136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2013-1-12 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 aswVmm;aswVmm; [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys [x]
S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\system32\fsproflt2.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 09:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout s Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\5hysn8ba.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://email.seznam.cz/#inbox|https:// ... /dorf1.php
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - ExtSQL: 2013-05-13 04:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2002973123-1767548463-3795549043-1001\Software\SecuROM\License information*]
"datasecu"=hex:19,e6,fa,f5,f4,1f,8b,29,a6,58,02,04,63,a2,21,e7,90,a1,96,86,5b,
8a,b6,a6,1e,7e,1f,d4,8d,1c,9d,00,da,4e,70,dd,20,0c,e7,c4,85,0a,8c,81,65,6c,\
"rkeysecu"=hex:98,d8,5c,37,e1,e2,d4,4b,71,08,1a,92,94,fc,67,6f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-05-15 11:55:03
ComboFix-quarantined-files.txt 2013-05-15 09:55
ComboFix2.txt 2013-05-15 08:07
ComboFix3.txt 2013-05-14 20:06
ComboFix4.txt 2013-05-14 19:25
ComboFix5.txt 2013-05-15 09:41
.
Před spuštěním: Volných bajtů: 76 981 145 600
Po spuštění: Volných bajtů: 76 696 371 200
.
- - End Of File - - 3CB422DA970561562E42F30FC9E2A501

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:57:33, on 15.5.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Users\Tomáš\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: FSPro Filter Service 2 (fsproflt2) - FSPro Labs - C:\Windows\system32\fsproflt2.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7125 bytes

Prosím o kontrolu logu. Vyřešeno

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Kdo je online