Prosím o kontrolu logu-občas zpomalený NTB Vyřešeno

[jaro3]

Odinstaluj Spybot - Search and Destroy , pak nový Combofix.

[Reklama]

[ventovr6]

ComboFix 13-09-17.01 - Petr 18.09.2013 22:21:25.2.1 - x86
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.3062.2043 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-18 do 2013-09-18 )))))))))))))))))))))))))))))))
.
.
2013-09-18 20:28 . 2013-09-18 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-18 09:17 . 2013-09-18 09:17 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D8649C9-C19E-45AC-95C8-394BF3236B3B}\offreg.dll
2013-09-18 09:17 . 2013-09-18 09:17 40392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D8649C9-C19E-45AC-95C8-394BF3236B3B}\MpKsl796ec16c.sys
2013-09-18 08:12 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D8649C9-C19E-45AC-95C8-394BF3236B3B}\mpengine.dll
2013-09-17 16:35 . 2013-09-18 20:28 -------- d-----w- c:\users\Petr\AppData\Local\temp
2013-09-15 17:50 . 2013-09-16 17:12 -------- d-----w- C:\AdwCleaner
2013-09-15 17:38 . 2013-09-15 17:38 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2013-09-15 17:37 . 2013-09-15 17:37 -------- d-----w- c:\programdata\Malwarebytes
2013-09-15 17:37 . 2013-09-15 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-15 17:37 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-12 06:51 . 2013-09-12 06:51 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-12 06:16 . 2013-09-12 06:16 -------- d-----w- c:\windows\ERUNT
2013-09-11 08:08 . 2013-09-04 19:58 718712 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3EDE4B3-50FE-482B-91A3-A283B4437D99}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-05 20:09 . 2013-03-14 20:50 78296 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2013-01-12 09:21 694232 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-13 04:24 . 2013-08-14 04:56 261120 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 04:23 . 2013-08-14 04:56 51712 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 04:23 . 2013-08-14 04:56 1568256 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 04:23 . 2013-08-14 04:56 87040 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 04:56 74240 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-11 02:31 . 2013-08-14 04:56 5573464 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 04:06 . 2013-08-14 04:54 1800024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-01 22:53 . 2013-08-14 04:55 30144 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-14 04:55 211288 ----a-w- c:\windows\system32\drivers\WdFilter.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-11-15 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-6-23 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 NSHE;Guardant Emulator Driver;c:\windows\system32\Drivers\NSHE.SYS [2008-11-23 97792]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 83168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-06-11 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-06-11 8576]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 181344]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-03-05 104720]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\System32\Drivers\VBoxUSB.sys [2013-03-05 84752]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe [2012-09-20 23040]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys [2012-10-27 242240]
S1 MpKsl796ec16c;MpKsl796ec16c;c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D8649C9-C19E-45AC-95C8-394BF3236B3B}\MpKsl796ec16c.sys [2013-09-18 40392]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 11:10 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-26 16:36]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-24 07:49]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-24 07:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.gateway.com/g/startpage.html ... =eMachines E510
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\uw3li98u.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2013-09-18 22:29:47
ComboFix-quarantined-files.txt 2013-09-18 20:29
ComboFix2.txt 2013-09-17 16:35
.
Před spuštěním: 20 761 075 712 bytes free
Po spuštění: 20 717 084 672 bytes free
.
- - End Of File - - D9BBF83BAFB20B7CD8F50D42F6286FE2
B751AF1ACDDD7A1A71313731839F4ECB

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[ventovr6]

ComboFix 13-09-17.01 - Petr 19.09.2013 11:03:55.3.1 - x86
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.3062.2315 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-19 do 2013-09-19 )))))))))))))))))))))))))))))))
.
.
2013-09-19 09:11 . 2013-09-19 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-19 09:03 . 2013-09-19 09:03 40392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3275B875-83C2-4F18-A08D-8A7C122B86BC}\MpKsld7d9a00a.sys
2013-09-19 08:43 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3275B875-83C2-4F18-A08D-8A7C122B86BC}\mpengine.dll
2013-09-18 20:29 . 2013-09-19 09:11 -------- d-----w- c:\users\Petr\AppData\Local\temp
2013-09-15 17:50 . 2013-09-16 17:12 -------- d-----w- C:\AdwCleaner
2013-09-15 17:38 . 2013-09-15 17:38 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2013-09-15 17:37 . 2013-09-15 17:37 -------- d-----w- c:\programdata\Malwarebytes
2013-09-15 17:37 . 2013-09-15 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-15 17:37 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-12 06:51 . 2013-09-12 06:51 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-12 06:16 . 2013-09-12 06:16 -------- d-----w- c:\windows\ERUNT
2013-09-11 08:08 . 2013-09-04 19:58 718712 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3EDE4B3-50FE-482B-91A3-A283B4437D99}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-05 20:09 . 2013-03-14 20:50 78296 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2013-01-12 09:21 694232 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-13 04:24 . 2013-08-14 04:56 261120 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 04:23 . 2013-08-14 04:56 51712 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 04:23 . 2013-08-14 04:56 1568256 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 04:23 . 2013-08-14 04:56 87040 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 04:56 74240 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-11 02:31 . 2013-08-14 04:56 5573464 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 04:06 . 2013-08-14 04:54 1800024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-01 22:53 . 2013-08-14 04:55 30144 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-14 04:55 211288 ----a-w- c:\windows\system32\drivers\WdFilter.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-11-15 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-6-23 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 NSHE;Guardant Emulator Driver;c:\windows\system32\Drivers\NSHE.SYS [2008-11-23 97792]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 83168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-06-11 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-06-11 8576]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 181344]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-03-05 104720]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\System32\Drivers\VBoxUSB.sys [2013-03-05 84752]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe [2012-09-20 23040]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys [2012-10-27 242240]
S1 MpKsld7d9a00a;MpKsld7d9a00a;c:\programdata\Microsoft\Windows Defender\Definition Updates\{3275B875-83C2-4F18-A08D-8A7C122B86BC}\MpKsld7d9a00a.sys [2013-09-19 40392]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 11:10 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-26 16:36]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-24 07:49]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-24 07:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.gateway.com/g/startpage.html ... =eMachines E510
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\uw3li98u.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
.
.
Celkový čas: 2013-09-19 11:12:32
ComboFix-quarantined-files.txt 2013-09-19 09:12
ComboFix2.txt 2013-09-18 20:29
ComboFix3.txt 2013-09-17 16:35
.
Před spuštěním: 20 196 397 056 bytes free
Po spuštění: 20 152 209 408 bytes free
.
- - End Of File - - 7A753E9D9F55A6DA010EAD4D3E10235F
B751AF1ACDDD7A1A71313731839F4ECB

[ventovr6]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-19 11:13:58
-----------------------------
11:13:58.240 OS Version: Windows 6.2.9200
11:13:58.240 Number of processors: 1 586 0x1601
11:13:58.240 ComputerName: PETR-PC UserName: Petr
11:14:01.750 Initialize success
11:14:07.439 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000030
11:14:07.439 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC31P Size: 114473MB BusType: 11
11:14:07.658 Disk 0 MBR read successfully
11:14:07.658 Disk 0 MBR scan
11:14:07.658 Disk 0 unknown MBR code
11:14:07.658 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
11:14:07.705 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 104227 MB offset 20981760
11:14:07.720 Disk 0 scanning sectors +234438656
11:14:07.798 Disk 0 scanning C:\WINDOWS\system32\drivers
11:14:19.795 Service scanning
11:14:31.994 Service MpKsld7d9a00a C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3275B875-83C2-4F18-A08D-8A7C122B86BC}\MpKsld7d9a00a.sys **LOCKED** 32
11:14:50.028 Modules scanning
11:15:00.683 Disk 0 trace - called modules:
11:15:00.730 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys storahci.sys
11:15:00.730 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854651f0]
11:15:00.730 3 CLASSPNP.SYS[8253e0a0] -> nt!IofCallDriver -> [0x84fcbf08]
11:15:00.745 5 ACPI.sys[8aec849a] -> nt!IofCallDriver -> \Device\00000030[0x84fccb48]
11:15:00.745 Scan finished successfully
11:15:10.511 Disk 0 MBR has been saved successfully to "C:\Users\Petr\Desktop\MBR.dat"
11:15:10.511 The log file has been saved successfully to "C:\Users\Petr\Desktop\aswMBR.txt"

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Google\Update

Firefox::
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\uw3li98u.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[ventovr6]

ComboFix 13-09-17.01 - Petr 19.09.2013 19:30:35.4.1 - x86
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.3062.2264 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.153\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.153\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.153\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.153\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.153\goopdate.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.153\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.153\psmachine.dll
c:\program files\Google\Update\1.3.21.153\psuser.dll
c:\program files\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\0.0.0.0\GoogleEarth-Win-Plugin-7.0.3.8542.exe
c:\program files\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\7.1.1.1888\GoogleEarth-Win-Plugin-7.1.1.1888.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.66\29.0.1547.66_29.0.1547.62_chrome_updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gupdate
-------\Legacy_gupdatem
-------\Legacy_gupdate
-------\Legacy_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-19 do 2013-09-19 )))))))))))))))))))))))))))))))
.
.
2013-09-19 17:40 . 2013-09-19 17:40 40392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3275B875-83C2-4F18-A08D-8A7C122B86BC}\MpKslf3233ecd.sys
2013-09-19 17:37 . 2013-09-19 17:40 -------- d-----w- c:\users\Petr\AppData\Local\temp
2013-09-19 17:37 . 2013-09-19 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-19 09:03 . 2013-09-19 09:03 40392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3275B875-83C2-4F18-A08D-8A7C122B86BC}\MpKsld7d9a00a.sys
2013-09-19 08:43 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3275B875-83C2-4F18-A08D-8A7C122B86BC}\mpengine.dll
2013-09-15 17:50 . 2013-09-16 17:12 -------- d-----w- C:\AdwCleaner
2013-09-15 17:38 . 2013-09-15 17:38 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2013-09-15 17:37 . 2013-09-15 17:37 -------- d-----w- c:\programdata\Malwarebytes
2013-09-15 17:37 . 2013-09-15 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-15 17:37 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-12 06:51 . 2013-09-12 06:51 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-12 06:16 . 2013-09-12 06:16 -------- d-----w- c:\windows\ERUNT
2013-09-11 08:08 . 2013-09-04 19:58 718712 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3EDE4B3-50FE-482B-91A3-A283B4437D99}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-05 20:09 . 2013-03-14 20:50 78296 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2013-01-12 09:21 694232 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-13 04:24 . 2013-08-14 04:56 261120 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 04:23 . 2013-08-14 04:56 51712 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 04:23 . 2013-08-14 04:56 1568256 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 04:23 . 2013-08-14 04:56 87040 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 04:56 74240 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-11 02:31 . 2013-08-14 04:56 5573464 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 04:06 . 2013-08-14 04:54 1800024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-01 22:53 . 2013-08-14 04:55 30144 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-14 04:55 211288 ----a-w- c:\windows\system32\drivers\WdFilter.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-11-15 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-6-23 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 NSHE;Guardant Emulator Driver;c:\windows\system32\Drivers\NSHE.SYS [2008-11-23 97792]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 83168]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-06-11 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-06-11 8576]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 181344]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-03-05 104720]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\System32\Drivers\VBoxUSB.sys [2013-03-05 84752]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe [2012-09-20 23040]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys [2012-10-27 242240]
S1 MpKsld7d9a00a;MpKsld7d9a00a;c:\programdata\Microsoft\Windows Defender\Definition Updates\{3275B875-83C2-4F18-A08D-8A7C122B86BC}\MpKsld7d9a00a.sys [2013-09-19 40392]
S1 MpKslf3233ecd;MpKslf3233ecd;c:\programdata\Microsoft\Windows Defender\Definition Updates\{3275B875-83C2-4F18-A08D-8A7C122B86BC}\MpKslf3233ecd.sys [2013-09-19 40392]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 11:10 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-26 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.gateway.com/g/startpage.html ... =eMachines E510
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\uw3li98u.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.2.9200 Disk: Hitachi_HTS542512K9SA00 rev.BB2OC31P -> Harddisk0\DR0 -> \Device\00000045
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
error: Read Parametr není správný.
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\dashost.exe

[ventovr6]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:47:15, on 19.9.2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16688)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Users\Petr\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... =eMachines E510
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3238 bytes

[ventovr6]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-19 19:50:48
-----------------------------
19:50:48.712 OS Version: Windows 6.2.9200
19:50:48.712 Number of processors: 1 586 0x1601
19:50:48.712 ComputerName: PETR-PC UserName: Petr
19:50:49.648 Initialize success
19:50:52.150 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000030
19:50:52.150 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC31P Size: 114473MB BusType: 11
19:50:52.338 Disk 0 MBR read successfully
19:50:52.338 Disk 0 MBR scan
19:50:52.338 Disk 0 unknown MBR code
19:50:52.338 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
19:50:52.353 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 104227 MB offset 20981760
19:50:52.369 Disk 0 scanning sectors +234438656
19:50:52.431 Disk 0 scanning C:\WINDOWS\system32\drivers
19:51:05.504 Service scanning
19:51:18.530 Service MpKslf3233ecd C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3275B875-83C2-4F18-A08D-8A7C122B86BC}\MpKslf3233ecd.sys **LOCKED** 32
19:51:36.860 Modules scanning
19:51:47.609 Disk 0 trace - called modules:
19:51:47.640 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll dxgkrnl.sys igdkmd32.sys dxgmms1.sys
19:51:47.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e53030]
19:51:47.656 3 CLASSPNP.SYS[8b3870a0] -> nt!IofCallDriver -> [0x8599fb90]
19:51:47.656 Scan finished successfully
19:52:02.304 Disk 0 MBR has been saved successfully to "C:\Users\Petr\Desktop\MBR.dat"
19:52:02.320 The log file has been saved successfully to "C:\Users\Petr\Desktop\aswMBR.txt"

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Co problémy?

[ventovr6]

Je to Ok běží to svižně a žádný problémy nepozoruji