Prosím o kontrolu logu HJT

akiller · Příspěvekod **akiller** » 17 led 2015 10:38

Jsem v práci minimálně do šesti hodin, ale vrhnu na to, hned jak přijdu domů. Děkuji velice za snahu :-)

Reklama

Příspěvekod **Orcus** » 17 led 2015 12:16

akiller · Příspěvekod **akiller** » 17 led 2015 19:46

Zde je log z RogueKiller:
(Na záložce Antirootkit nebylo na co kliknout a z prohlížeče mi zmizely doplňky Classical Theme restorer a Pocket a nejspíš i další. To je vcelku jasné, když jsem je označil k smazání, ale budu je moct znovu nainstalovat? Velmi nerad bych se s nimi loučil :huh:

)

RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Petr [Práva správce]
Mód : Smazat -- Datum : 01/17/2015 19:42:23

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 27 ¤¤¤
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\RK_Severus Snape_ON_H_427C\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\RK_uzivatel_ON_D_FC0E\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\RK_uzivatel_ON_D_FC0E\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_873E\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_H_4EA5\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_873E\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_H_4EA5\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_873E\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C6846616-3E73-45D0-840E-DAE156DADA32} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_873E\ControlSet001\Services\Tcpip\Parameters\Interfaces\{48B26D70-1381-4150-B132-B1F047F4A497} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_H_4EA5\ControlSet001\Services\Tcpip\Parameters\Interfaces\{903B650C-63A4-42E4-BAD6-EAC2B1AC0AC3} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C6846616-3E73-45D0-840E-DAE156DADA32} | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_873E\ControlSet002\Services\Tcpip\Parameters\Interfaces\{48B26D70-1381-4150-B132-B1F047F4A497} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_H_4EA5\ControlSet002\Services\Tcpip\Parameters\Interfaces\{903B650C-63A4-42E4-BAD6-EAC2B1AC0AC3} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C6846616-3E73-45D0-840E-DAE156DADA32} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_873E\ControlSet003\Services\Tcpip\Parameters\Interfaces\{48B26D70-1381-4150-B132-B1F047F4A497} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C6846616-3E73-45D0-840E-DAE156DADA32} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_H_589A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_H_589A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x85f2c1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x85f2c1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x85f2c1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x85f2c1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x85f2c1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x85f2c1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x85f2c1e8

¤¤¤ Webové prohlížeče : 18 ¤¤¤
[FIREFX:Addon] msx86ca7.default-1417025753739 : Thumbnail Zoom Plus [thumbnailZoom@dadler.github.com] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Download Manager Tweak [{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : EPUBReader [{5384767E-00D9-40E9-B72F-9CC39D655D6F}] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Memory Fox [{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Classic Theme Restorer (Customize UI) [ClassicThemeRestorer@ArisT2Noia4dev] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Tab Mix Plus [{dc572301-7619-498c-a57d-39143191b318}] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : AdBlock Lite [jid1-dwtFBkQjb3SIQp@jetpack] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Pomocník skrývání prvků pro Adblock Plus [elemhidehelper@adblockplus.org] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : NoScript Security Suite [{73a6fe31-595d-460b-a920-fcc0f8843232}] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Empty Cache Button [{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Flagfox [{1018e4d6-728f-4b20-ad56-37578a4de76b}] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Ghostery [firefox@ghostery.com] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Pocket [isreaditlater@ideashower.com] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Freemake Video Downloader Plugin [fmdownloader@gmail.com] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Freemake Youtube Download Button [ytfmdownloader@gmail.com] -> Smazáno
[FIREFX:Addon] msx86ca7.default-1417025753739 : Freemake Video Converter Plugin [fmconverter@gmail.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] msx86ca7.default-1417025753739 : user_pref("browser.startup.homepage", "http://www.seznam.cz"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DL002-9TT153 ATA Device +++++
--- User ---
[MBR] 2e92f243d9cda3df34ee8b0f7197a587
[BSP] 6ea2a0a3240d75624aa44b632b008c0d : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 250003 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 512007615 | Size: 703863 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3320620AS ATA Device +++++
--- User ---
[MBR] 3d587ea86aab753af1ae05276d8313d8
[BSP] 84ca8f005dac36c956db86d60d557f65 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 149997 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307195904 | Size: 155245 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: KINGSTON SHFS37A120G ATA Device +++++
--- User ---
[MBR] d6528846718121a403e533f444507270
[BSP] 33341d9755143a87c8bdd92eb2c0b221 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114471 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_01142015_073455.log - RKreport_DEL_06082014_222225.log - RKreport_DEL_06092014_113601.log - RKreport_DEL_08072014_092127.log
RKreport_SCN_01142015_073412.log - RKreport_SCN_01162015_205822.log - RKreport_SCN_06082014_210929.log - RKreport_SCN_06092014_111423.log
RKreport_SCN_08072014_091428.log - RKreport_SCN_08072014_091939.log - RKreport_SCN_08092014_111152.log - RKreport_SCN_08092014_112130.log
RKreport_SCN_08092014_112207.log - RKreport_SCN_01172015_193738.log

akiller · Příspěvekod **akiller** » 18 led 2015 04:20

Zde je log ze zoek.exe. Oproti očekávání program pracoval od osmi hodin do čtvrt na pět :-)

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Petr on 17.01.2015 at 20:02:23,94.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Petr\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17.01.2015 20:08:40 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\AGEIA Technologies deleted successfully
C:\Program Files\LEGO Company deleted successfully
C:\Program Files\Common Files\MicroWorld deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Petr\AppData\Roaming\Clickteam deleted successfully
C:\Users\Petr\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Petr\AppData\Roaming\Youtube to MP3 Converter deleted successfully
C:\Users\Petr\AppData\Local\CrashDumps deleted successfully
C:\Users\Petr\AppData\Local\GHISLER deleted successfully
C:\Users\Petr\AppData\Local\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\msx86ca7.default-1417025753739\prefs.js:
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\msx86ca7.default-1417025753739\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

Added to C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) not found
C:\Windows\system32\appdata deleted
C:\Users\Petr\AppData\Roaming\MAGIX deleted
C:\PROGRA~2\MAGIX deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\msx86ca7.default-1417025753739\searchplugins\torrents-search.xml deleted
C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\msx86ca7.default-1417025753739\Invalidprefs.js deleted
C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\msx86ca7.default-1417025753739\jetpack deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"fmconverter@gmail.com"="C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [07.02.2014 09:35]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\msx86ca7.default-1417025753739
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\msx86ca7.default-1417025753739
8560995C727974F27F2A1CE68909FEB9 - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll - Shockwave Flash
343BA8F3ABC8CE69700F37DB4A82300F - C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll - Silverlight Plug-In
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
5D2A80BA01A494E9924A466F39C4DAE7 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
39D82BF49A279BF746A7F6A55BCEF99F - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25
238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director
EA768A823B0DE8D2B3FFF8E38F4AFF50 - C:\Program Files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll - Google Updater
1DE714BB4BB48B10BC94FF84C9BC6471 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Web Player
AB3546B509E4B89096078EB2081C39C7 - C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrlui.dll - Microsoft® Silverlight

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Reset Google Chrome ======================

C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully

==== Empty IE Cache ======================

C:\Users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Petr\AppData\Local\Mozilla\Firefox\Profiles\msx86ca7.default-1417025753739\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Petr\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Petr\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied

==== EOF on 18.01.2015 at 4:17:36,81 ======================

akiller · Příspěvekod **akiller** » 18 led 2015 04:55

Zde je log z ComboFix:

ComboFix 15-01-08.01 - Petr 18.01.2015 4:30.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3326.1795 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-18 do 2015-01-18 )))))))))))))))))))))))))))))))
.
.
2015-01-18 03:15 . 2015-01-17 19:02 24064 ----a-w- c:\windows\zoek-delete.exe
2015-01-18 03:15 . 2015-01-18 03:45 -------- d-----w- c:\users\Petr\AppData\Local\Temp
2015-01-17 19:02 . 2015-01-18 01:41 -------- d-----w- C:\zoek_backup
2015-01-17 18:53 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4B15555-0935-43D8-B8F5-23B5E0257AF3}\mpengine.dll
2015-01-17 02:08 . 2014-09-17 08:28 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4D7548E-C5B7-46DD-BE0E-B736E9562220}\gapaengine.dll
2015-01-17 01:54 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-16 06:07 . 2015-01-16 06:18 -------- d-----w- c:\users\Petr\AppData\Roaming\QuickScan
2015-01-14 07:21 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-01-14 07:21 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 07:20 . 2014-12-11 17:47 46592 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 07:20 . 2014-12-19 02:43 164864 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 07:20 . 2014-12-06 03:50 242688 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 07:20 . 2014-12-19 01:34 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-10 21:48 . 2015-01-10 21:49 -------- d-----w- c:\program files\Carnivores Demo
2014-12-19 23:12 . 2014-12-19 23:18 -------- d-----w- c:\users\Petr\AppData\Roaming\Winamp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-17 18:33 . 2014-06-08 19:01 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-15 06:54 . 2014-07-07 12:51 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-13 23:24 . 2012-04-02 20:26 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-13 23:24 . 2011-11-08 15:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 19:22 . 2014-12-10 19:33 102 ----a-w- C:\Delapp.bat
2014-12-31 11:13 . 2011-11-08 14:42 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 03:33 . 2014-12-18 10:15 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 00:12 . 2014-07-30 09:39 1291464 ----a-w- c:\windows\system32\nvspbridge.dll
2014-12-13 00:12 . 2014-07-21 15:29 2210040 ----a-w- c:\windows\system32\nvspcap.dll
2014-12-04 04:38 . 2014-12-10 00:39 337920 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 04:38 . 2014-12-10 00:39 610304 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 04:38 . 2014-12-10 00:39 315392 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 04:38 . 2014-12-10 00:39 728576 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 04:38 . 2014-12-10 00:39 159744 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 04:38 . 2014-12-10 00:39 202752 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 04:34 . 2014-12-10 00:39 873984 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 00:39 1160872 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-22 10:46 . 2014-12-17 14:22 32912 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-11-22 10:46 . 2014-07-21 15:23 32400 ----a-w- c:\windows\system32\nvaudcap32v.dll
2014-11-22 02:20 . 2014-12-10 00:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-10 00:39 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-10 00:39 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-10 00:39 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-10 00:39 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 00:39 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-10 00:39 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-10 00:39 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-10 00:39 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-10 00:39 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 00:39 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-10 00:39 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 00:39 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-10 00:39 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-21 05:14 . 2014-07-07 12:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-07-07 12:50 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2012-08-20 17:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-13 00:14 . 2014-11-19 06:27 923976 ----a-w- c:\windows\system32\NvIFR.dll
2014-11-13 00:14 . 2014-11-19 06:27 347336 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-11-13 00:14 . 2014-11-19 06:27 303600 ----a-w- c:\windows\system32\nvoglshim32.dll
2014-11-13 00:14 . 2014-11-19 06:27 24557896 ----a-w- c:\windows\system32\nvoglv32.dll
2014-11-13 00:14 . 2014-11-19 06:27 156840 ----a-w- c:\windows\system32\nvinit.dll
2014-11-13 00:14 . 2014-11-19 06:27 11397744 ----a-w- c:\windows\system32\nvopencl.dll
2014-11-13 00:14 . 2014-11-19 06:27 10911040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-11-13 00:14 . 2014-11-19 06:27 906440 ----a-w- c:\windows\system32\nvdispgenco3234475.dll
2014-11-13 00:14 . 2014-11-19 06:27 899728 ----a-w- c:\windows\system32\NvFBC.dll
2014-11-13 00:14 . 2014-11-19 06:27 416912 ----a-w- c:\windows\system32\nvEncodeAPI.dll
2014-11-13 00:14 . 2014-11-19 06:27 4013376 ----a-w- c:\windows\system32\nvcuvid.dll
2014-11-13 00:14 . 2014-11-19 06:27 11336432 ----a-w- c:\windows\system32\nvcuda.dll
2014-11-13 00:14 . 2014-11-19 06:27 1042064 ----a-w- c:\windows\system32\nvdispco3234475.dll
2014-11-13 00:14 . 2014-11-19 06:27 17258696 ----a-w- c:\windows\system32\nvcompiler.dll
2014-11-13 00:14 . 2014-07-21 15:26 60744 ----a-w- c:\windows\system32\OpenCL.dll
2014-11-13 00:14 . 2014-07-21 15:23 871648 ----a-w- c:\windows\system32\nvumdshim.dll
2014-11-13 00:14 . 2014-07-21 15:23 18514616 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-11-13 00:14 . 2014-07-21 15:23 16884632 ----a-w- c:\windows\system32\nvd3dum.dll
2014-11-13 00:14 . 2014-07-21 15:23 2874456 ----a-w- c:\windows\system32\nvapi.dll
2014-11-12 21:43 . 2014-07-21 15:26 3073680 ----a-w- c:\windows\system32\nvsvc.dll
2014-11-12 21:43 . 2014-07-21 15:26 4463432 ----a-w- c:\windows\system32\nvcpl.dll
2014-11-12 21:43 . 2014-07-21 15:26 672064 ----a-w- c:\windows\system32\nvvsvc.exe
2014-11-12 21:43 . 2014-07-30 09:53 2554184 ----a-w- c:\windows\system32\nvsvcr.dll
2014-11-12 21:43 . 2014-07-21 15:26 61584 ----a-w- c:\windows\system32\nvshext.dll
2014-11-12 21:43 . 2014-07-21 15:26 376128 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-12 20:50 . 2014-11-19 06:30 615624 ----a-w- c:\windows\system32\nvStreaming.exe
2014-11-11 02:44 . 2014-12-10 00:39 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 10:11 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 10:11 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32 . 2014-12-10 00:39 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 14:58 . 2014-05-02 05:06 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-08 02:45 . 2014-12-10 00:38 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-04 00:05 . 2014-11-13 04:23 907592 ----a-w- c:\windows\system32\nvdispgenco3234465.dll
2014-11-04 00:05 . 2014-11-13 04:23 1043264 ----a-w- c:\windows\system32\nvdispco3234465.dll
2014-10-30 01:45 . 2014-12-10 00:38 155136 ----a-w- c:\windows\system32\charmap.exe
2014-10-25 01:32 . 2014-11-12 10:37 67584 ----a-w- c:\windows\system32\packager.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
"Spotify Web Helper"="c:\users\Petr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-19 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-12-13 2210040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent.lnk
backup=c:\windows\pss\BitTorrent.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Registrace produktu.lnk
backup=c:\windows\pss\Logitech . Registrace produktu.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 18:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2014-11-29 20:20 1388888 ----a-w- c:\users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-11-21 18:41 5282584 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2011-10-21 11:19 2193000 ----a-w- c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-12-13 00:13 2531472 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2014-12-13 00:12 2210040 ----a-w- c:\windows\System32\nvspcap.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-10-01 08:43 22065760 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-12-19 11:37 6737976 ----a-w- c:\users\Petr\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-12-19 11:37 1676344 ----a-w- c:\users\Petr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-10-07 14:39 507776 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-12-14 20:02 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-08 79360]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-01-15 114904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 104280]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-12 1343400]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 494416]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 36072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-10-12 243128]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-07-16 8704]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 915600]
S2 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\HWiNFO32\HWiNFO32.SYS [2011-05-22 20216]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 18186896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-12 410768]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 19:29 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 23:24]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{C6846616-3E73-45D0-840E-DAE156DADA32}: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\msx86ca7.default-1417025753739\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MBAMSwissArmy
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*03Äf\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*j!4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*„cD\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(5308)
c:\windows\system32\guard32.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2015-01-18 04:51:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-18 03:51
.
Před spuštěním: Volných bajtů: 69.895.593.984
Po spuštění: Volných bajtů: 69.338.562.560
.
- - End Of File - - 94CF15B77017AEDC63EA6461750FB201
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **Orcus** » 18 led 2015 09:44

Doplňky pak nainstalovat budeš moct. :-)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::

KillAll::

File::
c:\windows\Tasks\Adobe Flash Player Updater.job

Folder::
c:\program files\Skype\Updater\

Driver::
SkypeUpdate

FireFox::
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\msx86ca7.default-1417025753739\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=

RegLock::
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*03Äf\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*j!4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*„cD\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

====================================================

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

akiller · Příspěvekod **akiller** » 18 led 2015 15:47

Zde je log z ComboFix:

ComboFix 15-01-18.01 - Petr 18.01.2015 15:21:59.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3326.2392 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-18 do 2015-01-18 )))))))))))))))))))))))))))))))
.
.
2015-01-18 14:33 . 2015-01-18 14:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-01-18 14:33 . 2015-01-18 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-18 13:13 . 2015-01-18 13:13 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{207614EA-3729-4A32-A107-2ED33E08F4B7}\MpKsl2660b56e.sys
2015-01-18 03:57 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{207614EA-3729-4A32-A107-2ED33E08F4B7}\mpengine.dll
2015-01-18 03:52 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-18 03:31 . 2015-01-18 03:31 -------- d-----w- c:\users\Petr\AppData\Local\CrashDumps
2015-01-18 03:15 . 2015-01-17 19:02 24064 ----a-w- c:\windows\zoek-delete.exe
2015-01-18 03:15 . 2015-01-18 14:36 -------- d-----w- c:\users\Petr\AppData\Local\Temp
2015-01-17 19:02 . 2015-01-18 01:41 -------- d-----w- C:\zoek_backup
2015-01-17 02:08 . 2014-09-17 08:28 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4D7548E-C5B7-46DD-BE0E-B736E9562220}\gapaengine.dll
2015-01-16 06:07 . 2015-01-16 06:18 -------- d-----w- c:\users\Petr\AppData\Roaming\QuickScan
2015-01-14 07:21 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-01-14 07:21 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 07:20 . 2014-12-11 17:47 46592 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 07:20 . 2014-12-19 02:43 164864 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 07:20 . 2014-12-06 03:50 242688 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 07:20 . 2014-12-19 01:34 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-10 21:48 . 2015-01-10 21:49 -------- d-----w- c:\program files\Carnivores Demo
2014-12-19 23:12 . 2014-12-19 23:18 -------- d-----w- c:\users\Petr\AppData\Roaming\Winamp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-17 18:33 . 2014-06-08 19:01 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-15 06:54 . 2014-07-07 12:51 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-13 23:24 . 2012-04-02 20:26 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-13 23:24 . 2011-11-08 15:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 19:22 . 2014-12-10 19:33 102 ----a-w- C:\Delapp.bat
2014-12-31 11:13 . 2011-11-08 14:42 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 03:33 . 2014-12-18 10:15 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 00:12 . 2014-07-30 09:39 1291464 ----a-w- c:\windows\system32\nvspbridge.dll
2014-12-13 00:12 . 2014-07-21 15:29 2210040 ----a-w- c:\windows\system32\nvspcap.dll
2014-12-04 04:38 . 2014-12-10 00:39 337920 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 04:38 . 2014-12-10 00:39 610304 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 04:38 . 2014-12-10 00:39 315392 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 04:38 . 2014-12-10 00:39 728576 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 04:38 . 2014-12-10 00:39 159744 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 04:38 . 2014-12-10 00:39 202752 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 04:34 . 2014-12-10 00:39 873984 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 00:39 1160872 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-22 10:46 . 2014-12-17 14:22 32912 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-11-22 10:46 . 2014-07-21 15:23 32400 ----a-w- c:\windows\system32\nvaudcap32v.dll
2014-11-22 02:20 . 2014-12-10 00:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-10 00:39 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-10 00:39 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-10 00:39 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-10 00:39 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 00:39 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-10 00:39 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-10 00:39 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-10 00:39 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-10 00:39 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 00:39 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-10 00:39 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 00:39 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-10 00:39 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-21 05:14 . 2014-07-07 12:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-07-07 12:50 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2012-08-20 17:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-13 00:14 . 2014-11-19 06:27 923976 ----a-w- c:\windows\system32\NvIFR.dll
2014-11-13 00:14 . 2014-11-19 06:27 347336 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-11-13 00:14 . 2014-11-19 06:27 303600 ----a-w- c:\windows\system32\nvoglshim32.dll
2014-11-13 00:14 . 2014-11-19 06:27 24557896 ----a-w- c:\windows\system32\nvoglv32.dll
2014-11-13 00:14 . 2014-11-19 06:27 156840 ----a-w- c:\windows\system32\nvinit.dll
2014-11-13 00:14 . 2014-11-19 06:27 11397744 ----a-w- c:\windows\system32\nvopencl.dll
2014-11-13 00:14 . 2014-11-19 06:27 10911040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-11-13 00:14 . 2014-11-19 06:27 906440 ----a-w- c:\windows\system32\nvdispgenco3234475.dll
2014-11-13 00:14 . 2014-11-19 06:27 899728 ----a-w- c:\windows\system32\NvFBC.dll
2014-11-13 00:14 . 2014-11-19 06:27 416912 ----a-w- c:\windows\system32\nvEncodeAPI.dll
2014-11-13 00:14 . 2014-11-19 06:27 4013376 ----a-w- c:\windows\system32\nvcuvid.dll
2014-11-13 00:14 . 2014-11-19 06:27 11336432 ----a-w- c:\windows\system32\nvcuda.dll
2014-11-13 00:14 . 2014-11-19 06:27 1042064 ----a-w- c:\windows\system32\nvdispco3234475.dll
2014-11-13 00:14 . 2014-11-19 06:27 17258696 ----a-w- c:\windows\system32\nvcompiler.dll
2014-11-13 00:14 . 2014-07-21 15:26 60744 ----a-w- c:\windows\system32\OpenCL.dll
2014-11-13 00:14 . 2014-07-21 15:23 871648 ----a-w- c:\windows\system32\nvumdshim.dll
2014-11-13 00:14 . 2014-07-21 15:23 18514616 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-11-13 00:14 . 2014-07-21 15:23 16884632 ----a-w- c:\windows\system32\nvd3dum.dll
2014-11-13 00:14 . 2014-07-21 15:23 2874456 ----a-w- c:\windows\system32\nvapi.dll
2014-11-12 21:43 . 2014-07-21 15:26 3073680 ----a-w- c:\windows\system32\nvsvc.dll
2014-11-12 21:43 . 2014-07-21 15:26 4463432 ----a-w- c:\windows\system32\nvcpl.dll
2014-11-12 21:43 . 2014-07-21 15:26 672064 ----a-w- c:\windows\system32\nvvsvc.exe
2014-11-12 21:43 . 2014-07-30 09:53 2554184 ----a-w- c:\windows\system32\nvsvcr.dll
2014-11-12 21:43 . 2014-07-21 15:26 61584 ----a-w- c:\windows\system32\nvshext.dll
2014-11-12 21:43 . 2014-07-21 15:26 376128 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-12 20:50 . 2014-11-19 06:30 615624 ----a-w- c:\windows\system32\nvStreaming.exe
2014-11-11 02:44 . 2014-12-10 00:39 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 10:11 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 10:11 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32 . 2014-12-10 00:39 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 14:58 . 2014-05-02 05:06 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-08 02:45 . 2014-12-10 00:38 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-04 00:05 . 2014-11-13 04:23 907592 ----a-w- c:\windows\system32\nvdispgenco3234465.dll
2014-11-04 00:05 . 2014-11-13 04:23 1043264 ----a-w- c:\windows\system32\nvdispco3234465.dll
2014-10-30 01:45 . 2014-12-10 00:38 155136 ----a-w- c:\windows\system32\charmap.exe
2014-10-25 01:32 . 2014-11-12 10:37 67584 ----a-w- c:\windows\system32\packager.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
"Spotify Web Helper"="c:\users\Petr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-19 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-12-13 2210040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent.lnk
backup=c:\windows\pss\BitTorrent.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Registrace produktu.lnk
backup=c:\windows\pss\Logitech . Registrace produktu.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 18:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2014-11-29 20:20 1388888 ----a-w- c:\users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-11-21 18:41 5282584 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2011-10-21 11:19 2193000 ----a-w- c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-12-13 00:13 2531472 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2014-12-13 00:12 2210040 ----a-w- c:\windows\System32\nvspcap.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-10-01 08:43 22065760 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-12-19 11:37 6737976 ----a-w- c:\users\Petr\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-12-19 11:37 1676344 ----a-w- c:\users\Petr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-10-07 14:39 507776 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-12-14 20:02 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-08 79360]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-01-15 114904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 104280]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-12 1343400]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 494416]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 36072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-10-12 243128]
S1 MpKsl2660b56e;MpKsl2660b56e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{207614EA-3729-4A32-A107-2ED33E08F4B7}\MpKsl2660b56e.sys [2015-01-18 39464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-07-16 8704]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 915600]
S2 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\HWiNFO32\HWiNFO32.SYS [2011-05-22 20216]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 18186896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-12 410768]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 19:29 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{C6846616-3E73-45D0-840E-DAE156DADA32}: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\msx86ca7.default-1417025753739\
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*03Äf\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*j!4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*„cD\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(604)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(2640)
c:\windows\system32\EXPLORERFRAME.dll
c:\windows\system32\guard32.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2015-01-18 15:44:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-18 14:44
ComboFix2.txt 2015-01-18 03:51
.
Před spuštěním: Volných bajtů: 69.106.454.528
Po spuštění: Volných bajtů: 68.674.625.536
.
- - End Of File - - 94BE578142A3A5224F85C3FF83002925
A36C5E4F47E84449FF07ED3517B43A31

akiller · Příspěvekod **akiller** » 18 led 2015 15:50

Zde je log z aswMBR:

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-01-18 15:47:53
-----------------------------
15:47:53.534 OS Version: Windows 6.1.7601 Service Pack 1
15:47:53.534 Number of processors: 2 586 0x1706
15:47:53.534 ComputerName: INTEL UserName: Petr
15:48:21.848 Initialize success
15:48:21.879 VM: initialized successfully
15:48:21.879 VM: Intel CPU supported
15:48:27.944 VM: disk I/O atapi.sys
15:48:49.200 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:48:49.200 Disk 0 Vendor: ST1000DL002-9TT153 CC32 Size: 953868MB BusType: 3
15:48:49.215 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
15:48:49.215 Disk 1 Vendor: ST3320620AS 3.AAG Size: 305244MB BusType: 3
15:48:49.215 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-7
15:48:49.215 Disk 2 Vendor: KINGSTON_SHFS37A120G 580ABBF0 Size: 114473MB BusType: 3
15:48:49.231 Disk 1 MBR read successfully
15:48:49.247 Disk 1 MBR scan
15:48:49.247 Disk 1 Windows 7 default MBR code
15:48:49.247 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
15:48:49.247 Disk 1 default boot code
15:48:49.262 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 155245 MB offset 307195904
15:48:49.262 Disk 1 scanning sectors +625137664
15:48:49.309 Disk 1 scanning C:\Windows\system32\drivers
15:49:00.978 Service scanning
15:49:12.522 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:49:15.938 Modules scanning
15:49:15.938 Disk 1 trace - called modules:
15:49:15.954 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85f2b1e8]<<
15:49:15.970 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86d6f950]
15:49:15.970 3 CLASSPNP.SYS[8ccf459e] -> nt!IofCallDriver -> [0x86cb6918]
15:49:15.970 5 ACPI.sys[8c5553d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0x86c89908]
15:49:15.985 \Driver\atapi[0x86874338] -> IRP_MJ_CREATE -> 0x85f2b1e8
15:49:15.985 Disk 1 statistics 81226/0/0 @ 5,12 MB/s
15:49:15.985 Scan finished successfully
15:49:27.311 Disk 1 MBR has been saved successfully to "C:\Users\Petr\Desktop\MBR.dat"
15:49:27.311 The log file has been saved successfully to "C:\Users\Petr\Desktop\aswMBR.txt"

Příspěvekod **Orcus** » 19 led 2015 07:54

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy? + nový log z HJT

akiller · Příspěvekod **akiller** » 19 led 2015 09:27

Zde je log z delfix:

# DelFix v10.8 - Logfile created 19/01/2015 at 09:26:26
# Updated 29/07/2014 by Xplode
# Username : Petr - INTEL
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Petr\Desktop\AdwCleaner.exe
Deleted : C:\Users\Petr\Desktop\aswmbr.exe
Deleted : C:\Users\Petr\Desktop\aswMBR.txt
Deleted : C:\Users\Petr\Desktop\JRT.exe
Deleted : C:\Users\Petr\Desktop\MBR.dat
Deleted : C:\Users\Petr\Desktop\RogueKiller.exe
Deleted : C:\Users\Petr\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #609 [ComboFix created restore point | 01/19/2015 08:16:04]

New restore point created !

########## - EOF - ##########

akiller · Příspěvekod **akiller** » 19 led 2015 09:30

Problémy zmizely. Prohlížeč i ostatní aplikace startují rychleji, počítač nezamrzá... V podstatě ty problémy, kvůli kterým jsem sem opět zavítal, neeviduji :inlove:

Zde je nový log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:28:40, on 19.01.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
G:\Instalačky\Správa počítače\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Petr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4599 bytes

Příspěvekod **jaro3** » 19 led 2015 10:02

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Prosím o kontrolu logu HJT Vyřešeno

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Re: Prosím o kontrolu logu HJT

Kdo je online