Pomalý netbook Vyřešeno

[miro_]

PS: vložil jsem to na třikrát, protože ty logy byly moc dlouhé

[Reklama]

[jaro3]

V pořádku.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[miro_]

Ahoj,

ten scan vždycky skončí na fázi 50 a nic víc se neděje, okno zůstává otevřeno. A log na ploše nevidím. To asi nebude ok?

[miro_]

tak v nouzovém režimu to šlo:

ComboFix 13-10-21.01 - Martina 22.10.2013 15:09:47.3.4 - x86 MINIMAL
Microsoft Windows 7 Starter 6.1.7601.1.1250.420.1029.18.1012.466 [GMT 2:00]
Spuštěný z: c:\program files\PC\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-22 do 2013-10-22 )))))))))))))))))))))))))))))))
.
.
2013-10-22 13:18 . 2013-10-22 13:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-22 07:46 . 2013-10-22 07:46 -------- d-----w- c:\users\Martina\AppData\Roaming\AVAST Software
2013-10-22 07:11 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AECD488-92A1-4A81-8B8D-866E65342E1E}\mpengine.dll
2013-10-21 06:26 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-21 06:21 . 2013-10-22 09:06 -------- d-----w- c:\program files\PC
2013-10-18 07:06 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-18 07:06 . 2013-09-22 23:27 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-10-18 07:06 . 2013-09-22 23:28 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-10-18 07:06 . 2013-09-22 23:27 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-10-18 07:06 . 2013-09-22 23:27 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-17 09:29 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-17 09:29 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-17 09:29 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-17 09:29 . 2013-09-08 02:07 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-17 09:29 . 2013-09-08 02:03 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-10-17 09:29 . 2013-09-14 00:48 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-17 09:28 . 2013-08-01 11:03 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-17 09:28 . 2013-08-29 01:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-17 09:28 . 2013-08-29 01:51 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-17 09:28 . 2013-08-29 01:50 619520 ----a-w- c:\windows\system32\tdh.dll
2013-10-17 09:28 . 2013-08-29 01:50 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-10-17 09:28 . 2013-08-29 01:48 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-10-17 09:28 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-17 09:16 . 2013-06-06 04:50 10240 ----a-w- c:\windows\system32\dciman32.dll
2013-10-17 09:16 . 2013-06-06 03:01 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-10-17 09:16 . 2013-06-06 04:52 26112 ----a-w- c:\windows\system32\lpk.dll
2013-10-17 09:16 . 2013-06-06 04:51 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-10-17 09:16 . 2013-06-06 03:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-17 09:15 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-17 09:11 . 2013-08-28 01:04 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-17 09:11 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-10-17 09:10 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-17 09:10 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-17 09:10 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-17 09:10 . 2013-07-12 10:08 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-17 09:10 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-17 09:10 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-16 14:53 . 2013-09-04 01:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-16 14:53 . 2013-09-04 01:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-16 14:53 . 2013-09-04 01:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-16 14:53 . 2013-09-04 01:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-16 14:53 . 2013-09-04 01:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-16 14:53 . 2013-09-04 01:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-16 14:53 . 2013-09-04 01:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-16 13:04 . 2013-10-16 13:04 -------- d-----w- c:\users\Martina\AppData\Local\ElevatedDiagnostics
2013-10-15 10:21 . 2013-10-15 10:21 -------- d-----w- c:\windows\ERUNT
2013-10-14 16:58 . 2013-10-14 16:58 -------- d-----w- c:\users\Martina\AppData\Roaming\Malwarebytes
2013-10-14 16:57 . 2013-10-14 16:57 -------- d-----w- c:\programdata\Malwarebytes
2013-10-14 16:57 . 2013-10-22 07:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-14 16:57 . 2013-10-14 16:57 -------- d-----w- c:\users\Martina\AppData\Local\Programs
2013-10-14 16:40 . 2013-10-21 10:15 -------- d-----w- C:\AdwCleaner
2013-10-13 20:42 . 2013-10-13 20:42 388096 ----a-r- c:\users\Martina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-13 20:12 . 2013-10-22 07:25 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-13 20:12 . 2013-10-22 07:25 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-25 07:08 . 2013-10-18 07:20 -------- d-----w- c:\windows\system32\MRT
2013-09-24 21:05 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-09-24 16:08 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-09-24 16:06 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-24 16:06 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-24 16:06 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-24 16:04 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-09-24 16:04 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-09-24 16:04 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-09-24 15:55 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-22 07:25 . 2012-10-20 08:18 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-22 07:25 . 2012-10-20 08:18 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-22 07:25 . 2012-10-20 08:18 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-22 07:25 . 2012-10-20 08:18 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-22 07:25 . 2012-10-20 08:18 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-22 07:25 . 2012-10-20 08:18 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-22 07:25 . 2012-10-20 08:17 43152 ----a-w- c:\windows\avastSS.scr
2013-10-22 07:25 . 2012-10-20 08:17 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-13 21:23 . 2012-10-20 02:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-13 21:23 . 2012-01-05 19:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 21:08 . 2013-03-10 18:33 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-09-25 06:56 . 2013-09-25 06:56 204800 ----a-w- c:\windows\system32\webcheck.dll
2013-09-03 12:35 . 2012-10-20 08:03 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-10-13 21:13 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-10-13 21:13 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-10-13 21:13 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-22 07:24 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GfxServiceInstall"="c:\windows\system32\GfxCUIServiceInstall.vbs" [2011-12-13 131]
"HotkeyMon"="AsusSender.exe" [2011-11-10 34728]
"HotkeyService"="AsusSender.exe" [2011-11-10 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-11-10 34728]
"CapsHook"="AsusSender.exe" [2011-11-10 34728]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 112632]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-10-20 218448]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-08-19 45448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-26 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-26 175896]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-26 168216]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-09-28 11004520]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-03-10 1813800]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2012-01-05 3331312]
"iSeriesCharge"="AsusSender.exe" [2011-11-10 34728]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-22 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 01:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2011-11-10 22:01 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-03 14:27 19603048 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-22 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-22 403440]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 64080]
R2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\ASUS\InstantOn for EPC\InsOnSrv.exe [2011-12-01 92800]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2011-08-08 224680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-22 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-22 70384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-09-06 1320120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 161104]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-26 91464]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 DCDhcpService;DCDhcpService;c:\program files\WiSharing\DCDhcpService.exe [2011-09-16 108544]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2011-12-13 1336320]
R3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-12-13 417280]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-08 278528]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-11-01 91760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S3 AiDriver;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiDriver.sys [2012-05-07 14720]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-03-10 118568]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 10:11 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 21:24]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-20 02:52]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-20 02:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://asus.msn.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(580)
c:\progra~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
.
Celkový čas: 2013-10-22 15:22:32
ComboFix-quarantined-files.txt 2013-10-22 13:22
.
Před spuštěním: Volných bajtů: 78 505 746 432
Po spuštění: Volných bajtů: 77 985 603 584
.
- - End Of File - - F24898D731469469D7C7D2FAB933DDFE
A36C5E4F47E84449FF07ED3517B43A31

[memphisto]

Máš tam dva antiviry. AVAST a Trend Micro. Jeden odinstaluj a znovu Combofix. Pokud máš zaplaceno Trend, tak nech to...

[miro_]

ok. ten Trend musel být předinstalován při koupi, resp. je tam jen free trial version. Ani nevím jestli se spouští při startu počítače. Takže ho raději zruším.

[miro_]

nový log z Combofixu:

ComboFix 13-10-21.01 - Martina 23.10.2013 15:53:47.4.4 - x86 MINIMAL
Microsoft Windows 7 Starter 6.1.7601.1.1250.420.1029.18.1012.473 [GMT 2:00]
Spuštěný z: c:\program files\PC\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-23 do 2013-10-23 )))))))))))))))))))))))))))))))
.
.
2013-10-23 14:02 . 2013-10-23 14:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-22 07:46 . 2013-10-22 07:46 -------- d-----w- c:\users\Martina\AppData\Roaming\AVAST Software
2013-10-22 07:11 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AECD488-92A1-4A81-8B8D-866E65342E1E}\mpengine.dll
2013-10-21 06:26 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-21 06:21 . 2013-10-22 09:06 -------- d-----w- c:\program files\PC
2013-10-18 07:06 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-18 07:06 . 2013-09-22 23:27 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-10-18 07:06 . 2013-09-22 23:28 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-10-18 07:06 . 2013-09-22 23:27 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-10-18 07:06 . 2013-09-22 23:27 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-17 09:29 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-17 09:29 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-17 09:29 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-17 09:29 . 2013-09-08 02:07 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-17 09:29 . 2013-09-08 02:03 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-10-17 09:29 . 2013-09-14 00:48 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-17 09:28 . 2013-08-01 11:03 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-17 09:28 . 2013-08-29 01:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-17 09:28 . 2013-08-29 01:51 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-17 09:28 . 2013-08-29 01:50 619520 ----a-w- c:\windows\system32\tdh.dll
2013-10-17 09:28 . 2013-08-29 01:50 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-10-17 09:28 . 2013-08-29 01:48 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-10-17 09:28 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-17 09:16 . 2013-06-06 04:50 10240 ----a-w- c:\windows\system32\dciman32.dll
2013-10-17 09:16 . 2013-06-06 03:01 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-10-17 09:16 . 2013-06-06 04:52 26112 ----a-w- c:\windows\system32\lpk.dll
2013-10-17 09:16 . 2013-06-06 04:51 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-10-17 09:16 . 2013-06-06 03:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-17 09:15 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-17 09:11 . 2013-08-28 01:04 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-17 09:11 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-10-17 09:10 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-17 09:10 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-17 09:10 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-17 09:10 . 2013-07-12 10:08 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-17 09:10 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-17 09:10 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-16 14:53 . 2013-09-04 01:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-16 14:53 . 2013-09-04 01:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-16 14:53 . 2013-09-04 01:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-16 14:53 . 2013-09-04 01:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-16 14:53 . 2013-09-04 01:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-16 14:53 . 2013-09-04 01:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-16 14:53 . 2013-09-04 01:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-16 13:04 . 2013-10-16 13:04 -------- d-----w- c:\users\Martina\AppData\Local\ElevatedDiagnostics
2013-10-15 10:21 . 2013-10-15 10:21 -------- d-----w- c:\windows\ERUNT
2013-10-14 16:58 . 2013-10-14 16:58 -------- d-----w- c:\users\Martina\AppData\Roaming\Malwarebytes
2013-10-14 16:57 . 2013-10-14 16:57 -------- d-----w- c:\programdata\Malwarebytes
2013-10-14 16:57 . 2013-10-22 07:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-14 16:57 . 2013-10-14 16:57 -------- d-----w- c:\users\Martina\AppData\Local\Programs
2013-10-14 16:40 . 2013-10-21 10:15 -------- d-----w- C:\AdwCleaner
2013-10-13 20:42 . 2013-10-13 20:42 388096 ----a-r- c:\users\Martina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-13 20:12 . 2013-10-22 07:25 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-13 20:12 . 2013-10-22 07:25 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-25 07:08 . 2013-10-18 07:20 -------- d-----w- c:\windows\system32\MRT
2013-09-24 21:05 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-09-24 16:08 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-09-24 16:06 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-24 16:06 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-24 16:06 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-24 16:04 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-09-24 16:04 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-09-24 16:04 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-09-24 15:55 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-22 07:25 . 2012-10-20 08:18 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-22 07:25 . 2012-10-20 08:18 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-22 07:25 . 2012-10-20 08:18 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-22 07:25 . 2012-10-20 08:18 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-22 07:25 . 2012-10-20 08:18 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-22 07:25 . 2012-10-20 08:18 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-22 07:25 . 2012-10-20 08:17 43152 ----a-w- c:\windows\avastSS.scr
2013-10-22 07:25 . 2012-10-20 08:17 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-13 21:23 . 2012-10-20 02:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-13 21:23 . 2012-01-05 19:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 21:08 . 2013-03-10 18:33 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-09-25 06:56 . 2013-09-25 06:56 204800 ----a-w- c:\windows\system32\webcheck.dll
2013-09-03 12:35 . 2012-10-20 08:03 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-10-13 21:13 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-10-13 21:13 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-10-13 21:13 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-22 07:24 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GfxServiceInstall"="c:\windows\system32\GfxCUIServiceInstall.vbs" [2011-12-13 131]
"HotkeyMon"="AsusSender.exe" [2011-11-10 34728]
"HotkeyService"="AsusSender.exe" [2011-11-10 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-11-10 34728]
"CapsHook"="AsusSender.exe" [2011-11-10 34728]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-08-19 45448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-26 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-26 175896]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-26 168216]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-09-28 11004520]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-03-10 1813800]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2012-01-05 3331312]
"iSeriesCharge"="AsusSender.exe" [2011-11-10 34728]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-22 3568312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"000_TmTdiUninstall"="c:\windows\TmNSCIns.dll" [2010-09-17 203600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 01:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2011-11-10 22:01 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-03 14:27 19603048 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-22 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-22 403440]
R2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\ASUS\InstantOn for EPC\InsOnSrv.exe [2011-12-01 92800]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2011-08-08 224680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-22 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-22 70384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-09-06 1320120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-26 91464]
R3 DCDhcpService;DCDhcpService;c:\program files\WiSharing\DCDhcpService.exe [2011-09-16 108544]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2011-12-13 1336320]
R3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-12-13 417280]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-08 278528]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-11-01 91760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S3 AiDriver;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiDriver.sys [2012-05-07 14720]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-03-10 118568]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 10:11 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 21:24]
.
2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-20 02:52]
.
2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-20 02:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://asus.msn.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1200)
c:\progra~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
.
Celkový čas: 2013-10-23 16:06:24
ComboFix-quarantined-files.txt 2013-10-23 14:06
ComboFix2.txt 2013-10-22 13:22
.
Před spuštěním: Volných bajtů: 77 402 669 056
Po spuštění: Volných bajtů: 77 314 637 824
.
- - End Of File - - 28E656EE8D537A9AC2F86BDED4E17F23
A36C5E4F47E84449FF07ED3517B43A31

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
SecCenter::
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

Driver::
SkypeUpdate

Folder::
c:\program files\Skype\Updater

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[miro_]

ComboFix 13-10-21.01 - Martina 23.10.2013 19:33:33.5.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.420.1029.18.1012.155 [GMT 2:00]
Spuštěný z: c:\users\Martina\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martina\Desktop\CFscript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-23 do 2013-10-23 )))))))))))))))))))))))))))))))
.
.
2013-10-23 17:48 . 2013-10-23 17:51 -------- d-----w- c:\users\Martina\AppData\Local\temp
2013-10-23 17:48 . 2013-10-23 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-22 07:46 . 2013-10-22 07:46 -------- d-----w- c:\users\Martina\AppData\Roaming\AVAST Software
2013-10-22 07:11 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AECD488-92A1-4A81-8B8D-866E65342E1E}\mpengine.dll
2013-10-21 06:26 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-21 06:21 . 2013-10-22 09:06 -------- d-----w- c:\program files\PC
2013-10-18 07:06 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-18 07:06 . 2013-09-22 23:27 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-10-18 07:06 . 2013-09-22 23:28 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-10-18 07:06 . 2013-09-22 23:27 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-10-18 07:06 . 2013-09-22 23:27 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-17 09:29 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-17 09:29 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-17 09:29 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-17 09:29 . 2013-09-08 02:07 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-17 09:29 . 2013-09-08 02:03 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-10-17 09:29 . 2013-09-14 00:48 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-17 09:28 . 2013-08-01 11:03 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-17 09:28 . 2013-08-29 01:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-17 09:28 . 2013-08-29 01:51 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-17 09:28 . 2013-08-29 01:50 619520 ----a-w- c:\windows\system32\tdh.dll
2013-10-17 09:28 . 2013-08-29 01:50 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-10-17 09:28 . 2013-08-29 01:48 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-10-17 09:28 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-17 09:16 . 2013-06-06 04:50 10240 ----a-w- c:\windows\system32\dciman32.dll
2013-10-17 09:16 . 2013-06-06 03:01 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-10-17 09:16 . 2013-06-06 04:52 26112 ----a-w- c:\windows\system32\lpk.dll
2013-10-17 09:16 . 2013-06-06 04:51 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-10-17 09:16 . 2013-06-06 03:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-17 09:15 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-17 09:11 . 2013-08-28 01:04 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-17 09:11 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-10-17 09:10 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-17 09:10 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-17 09:10 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-17 09:10 . 2013-07-12 10:08 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-17 09:10 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-17 09:10 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-16 14:53 . 2013-09-04 01:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-16 14:53 . 2013-09-04 01:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-16 14:53 . 2013-09-04 01:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-16 14:53 . 2013-09-04 01:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-16 14:53 . 2013-09-04 01:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-16 14:53 . 2013-09-04 01:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-16 14:53 . 2013-09-04 01:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-16 13:04 . 2013-10-16 13:04 -------- d-----w- c:\users\Martina\AppData\Local\ElevatedDiagnostics
2013-10-15 10:21 . 2013-10-15 10:21 -------- d-----w- c:\windows\ERUNT
2013-10-14 16:58 . 2013-10-14 16:58 -------- d-----w- c:\users\Martina\AppData\Roaming\Malwarebytes
2013-10-14 16:57 . 2013-10-14 16:57 -------- d-----w- c:\programdata\Malwarebytes
2013-10-14 16:57 . 2013-10-22 07:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-14 16:57 . 2013-10-14 16:57 -------- d-----w- c:\users\Martina\AppData\Local\Programs
2013-10-14 16:40 . 2013-10-21 10:15 -------- d-----w- C:\AdwCleaner
2013-10-13 20:42 . 2013-10-13 20:42 388096 ----a-r- c:\users\Martina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-13 20:12 . 2013-10-22 07:25 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-13 20:12 . 2013-10-22 07:25 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-25 07:08 . 2013-10-18 07:20 -------- d-----w- c:\windows\system32\MRT
2013-09-24 21:05 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-09-24 16:08 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-09-24 16:06 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-24 16:06 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-24 16:06 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-24 16:04 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-09-24 16:04 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-09-24 16:04 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-09-24 15:55 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-22 07:25 . 2012-10-20 08:18 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-22 07:25 . 2012-10-20 08:18 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-22 07:25 . 2012-10-20 08:18 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-22 07:25 . 2012-10-20 08:18 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-22 07:25 . 2012-10-20 08:18 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-22 07:25 . 2012-10-20 08:18 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-22 07:25 . 2012-10-20 08:17 43152 ----a-w- c:\windows\avastSS.scr
2013-10-22 07:25 . 2012-10-20 08:17 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-13 21:23 . 2012-10-20 02:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-13 21:23 . 2012-01-05 19:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 21:08 . 2013-03-10 18:33 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-09-25 06:56 . 2013-09-25 06:56 204800 ----a-w- c:\windows\system32\webcheck.dll
2013-09-03 12:35 . 2012-10-20 08:03 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-10-13 21:13 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-10-13 21:13 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-10-13 21:13 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-22 07:24 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GfxServiceInstall"="c:\windows\system32\GfxCUIServiceInstall.vbs" [2011-12-13 131]
"HotkeyMon"="AsusSender.exe" [2011-11-10 34728]
"HotkeyService"="AsusSender.exe" [2011-11-10 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-11-10 34728]
"CapsHook"="AsusSender.exe" [2011-11-10 34728]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-08-19 45448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-26 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-26 175896]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-26 168216]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-09-28 11004520]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-03-10 1813800]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2012-01-05 3331312]
"iSeriesCharge"="AsusSender.exe" [2011-11-10 34728]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-22 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 01:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2011-11-10 22:01 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-03 14:27 19603048 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 DCDhcpService;DCDhcpService;c:\program files\WiSharing\DCDhcpService.exe [2011-09-16 108544]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-22 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-22 403440]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\ASUS\InstantOn for EPC\InsOnSrv.exe [2011-12-01 92800]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2011-08-08 224680]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-22 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-22 70384]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-09-06 1320120]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-26 91464]
S3 AiDriver;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiDriver.sys [2012-05-07 14720]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-03-10 118568]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2011-12-13 1336320]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-12-13 417280]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-08 278528]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-11-01 91760]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 10:11 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 21:24]
.
2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-20 02:52]
.
2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-20 02:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://asus.msn.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2396)
c:\progra~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ASUS\InstantOn for EPC\InsOnWMI.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2013-10-23 19:57:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-23 17:57
ComboFix2.txt 2013-10-23 14:06
ComboFix3.txt 2013-10-22 13:22
.
Před spuštěním: Volných bajtů: 77 153 120 256
Po spuštění: Volných bajtů: 76 937 150 464
.
- - End Of File - - A052B241495272BDA64CC354E8269CDE
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Vlož nový log z HJT+info o problémech.

[miro_]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-24 16:58:25
-----------------------------
16:58:25.828 OS Version: Windows 6.1.7601 Service Pack 1
16:58:25.828 Number of processors: 4 586 0x3601
16:58:25.828 ComputerName: MARTINA-PC UserName: Martina
16:58:27.310 Initialize success
16:58:28.948 AVAST engine defs: 13102300
16:58:44.080 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:58:44.096 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
16:58:44.236 Disk 0 MBR read successfully
16:58:44.252 Disk 0 MBR scan
16:58:44.267 Disk 0 Windows 7 default MBR code
16:58:44.283 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102400 MB offset 2048
16:58:44.345 Disk 0 Partition 2 00 1B Hidd FAT32 MSDOS5.0 15360 MB offset 209717248
16:58:44.408 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 187468 MB offset 241174528
16:58:44.470 Disk 0 Partition 4 00 EF EFI FAT 16 MB offset 625108992
16:58:44.548 Disk 0 scanning sectors +625141760
16:58:44.829 Disk 0 scanning C:\windows\system32\drivers
16:58:59.805 Service scanning
16:59:39.710 Modules scanning
17:00:06.152 Disk 0 trace - called modules:
17:00:06.183 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
17:00:06.199 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f9eac8]
17:00:06.214 3 CLASSPNP.SYS[86f9c59e] -> nt!IofCallDriver -> [0x84491f08]
17:00:06.230 5 ACPI.sys[868b23d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84461028]
17:00:07.306 AVAST engine scan C:\windows
17:00:10.099 AVAST engine scan C:\windows\system32
17:03:35.411 AVAST engine scan C:\windows\system32\drivers
17:03:54.755 AVAST engine scan C:\Users\Martina
17:04:56.156 AVAST engine scan C:\ProgramData
17:05:16.967 Scan finished successfully
17:06:44.530 Disk 0 MBR has been saved successfully to "C:\Users\Martina\Desktop\MBR.dat"
17:06:44.561 The log file has been saved successfully to "C:\Users\Martina\Desktop\aswMBR.txt"

-------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:08:16, on 24.10.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GfxServiceInstall] C:\windows\system32\GfxCUIServiceInstall.vbs
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [iSeriesCharge] AsusSender.exe C:\Program Files\ASUS\USBChargeSetting\iSeriesCharge.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\InstantOn for EPC\InsOnSrv.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\windows\system32\AsusService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DCDhcpService - Atheros Communication Inc. - C:\Program Files\WiSharing\DCDhcpService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe

--
End of file - 7415 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Stáhni si Registry Defrag


na svojí plochu a spusť ho. Program se nainstaluje a potom se spustí.
Zavři si nejprve všechny ostatní programy a prohlížeče a deaktivuj antivir.

Klikni na „Next“.
Program proskenuje registry a vytvoří nový bod obnovy. Poté restartuje PC. Po restartu program můžeš zavřít.

Co problémy?