Prosím o kontrolu logu (PC se seká a je pomalý) Vyřešeno

[VaclavS]

ComboFix 14-08-05.01 - Patrik 06.08.2014 12:57:14.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2047.1132 [GMT 2:00]
Spuštěný z: c:\users\Patrik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Patrik\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mkdurvhz
-------\Service_pijfszwv
-------\Service_rodecgmj
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-06 do 2014-08-06 )))))))))))))))))))))))))))))))
.
.
2014-08-05 17:26 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{135A01D2-BCF4-4F7C-BA74-386927969464}\mpengine.dll
2014-08-05 17:02 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-04 17:20 . 2014-08-04 17:21 -------- d-----w- C:\AdwCleaner
2014-08-04 12:02 . 2014-08-05 17:30 30312 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-04 12:02 . 2014-08-05 10:41 -------- d-----w- c:\programdata\RogueKiller
2014-08-03 16:43 . 2014-08-03 16:55 -------- d-----w- c:\users\Patrik\AppData\Local\Google
2014-08-03 11:31 . 2014-05-02 10:23 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18AABF85-A942-4CDA-A88A-2B9106B4D734}\gapaengine.dll
2014-07-25 15:50 . 2014-07-25 15:50 -------- d-----w- c:\windows\Downloaded Program Files
2014-07-24 12:51 . 2014-07-24 12:51 -------- d-----r- C:\MSOCache
2014-07-24 12:02 . 2014-07-24 15:51 -------- d-----w- c:\program files (x86)\Macromedia
2014-07-24 12:02 . 2014-07-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Macromedia
2014-07-20 08:04 . 2014-08-04 14:36 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-20 08:01 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-20 08:01 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-20 08:01 . 2014-07-20 08:01 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-13 15:45 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-13 15:45 . 2014-06-18 01:10 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-07-13 15:45 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-07-13 15:45 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-07-13 15:45 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-13 15:45 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-13 15:44 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-13 15:44 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-13 15:44 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-07-13 15:44 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-07-13 15:44 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-13 15:33 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-13 15:33 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-13 15:33 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-21 09:41 . 2012-04-02 10:08 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-21 09:41 . 2011-11-05 09:02 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-13 16:10 . 2009-12-25 20:22 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-31 19:08 . 2014-05-31 19:08 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-05-31 19:08 . 2014-05-31 19:08 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-05-31 19:08 . 2014-05-31 19:08 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-05-31 19:08 . 2014-05-31 19:08 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-05-31 19:08 . 2014-05-31 19:08 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-05-31 19:08 . 2014-05-31 19:08 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-05-31 19:08 . 2014-05-31 19:08 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-05-31 19:08 . 2014-05-31 19:08 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-05-31 19:08 . 2014-05-31 19:08 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-05-31 19:08 . 2014-05-31 19:08 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-05-31 19:08 . 2014-05-31 19:08 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-05-31 19:08 . 2014-05-31 19:08 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-05-31 19:08 . 2014-05-31 19:08 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-05-31 19:08 . 2014-05-31 19:08 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-05-31 19:08 . 2014-05-31 19:08 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-05-31 19:08 . 2014-05-31 19:08 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-05-31 19:08 . 2014-05-31 19:08 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-05-31 19:08 . 2014-05-31 19:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-05-31 19:08 . 2014-05-31 19:08 247808 ----a-w- c:\windows\system32\msls31.dll
2014-05-31 19:08 . 2014-05-31 19:08 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-05-31 19:08 . 2014-05-31 19:08 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-05-31 19:08 . 2014-05-31 19:08 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-05-31 19:08 . 2014-05-31 19:08 81408 ----a-w- c:\windows\system32\icardie.dll
2014-05-31 19:08 . 2014-05-31 19:08 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-05-31 19:08 . 2014-05-31 19:08 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-05-31 19:08 . 2014-05-31 19:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-05-31 19:08 . 2014-05-31 19:08 413696 ----a-w- c:\windows\system32\html.iec
2014-05-31 19:08 . 2014-05-31 19:08 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-05-31 19:08 . 2014-05-31 19:08 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-05-31 19:08 . 2014-05-31 19:08 235520 ----a-w- c:\windows\system32\url.dll
2014-05-31 19:08 . 2014-05-31 19:08 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-05-31 19:08 . 2014-05-31 19:08 143872 ----a-w- c:\windows\system32\wextract.exe
2014-05-31 19:08 . 2014-05-31 19:08 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-05-31 19:08 . 2014-05-31 19:08 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-05-31 19:08 . 2014-05-31 19:08 101376 ----a-w- c:\windows\system32\inseng.dll
2014-05-31 19:08 . 2014-05-31 19:08 774144 ----a-w- c:\windows\system32\jscript.dll
2014-05-31 19:08 . 2014-05-31 19:08 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-05-31 19:08 . 2014-05-31 19:08 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-05-31 19:08 . 2014-05-31 19:08 147968 ----a-w- c:\windows\system32\occache.dll
2014-05-31 19:08 . 2014-05-31 19:08 13824 ----a-w- c:\windows\system32\mshta.exe
2014-05-31 19:08 . 2014-05-31 19:08 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-05-30 07:52 . 2014-07-13 15:48 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-12 05:25 . 2013-12-25 19:02 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys;c:\windows\SYSNATIVE\drivers\rsdrvx64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys;c:\windows\SYSNATIVE\DRIVERS\awealloc.sys [x]
R3 flash;flash;c:\windows\system32\drivers\flash.sys;c:\windows\SYSNATIVE\drivers\flash.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ndfs;ndfs;c:\program files\MacroData Inc\NetDrive\ndfs.sys;c:\program files\MacroData Inc\NetDrive\ndfs.sys [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://centrum.cz/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 10.0.0.1 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-{83DEA4A9-4CA0-C6A8-139C-C24FA21787E3} - c:\progra~3\INSTAL~1\{C9661~1\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Celkový čas: 2014-08-06 13:10:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-06 11:10
ComboFix2.txt 2014-08-05 17:00
.
Před spuštěním: Volných bajtů: 281 312 256 000
Po spuštění: Volných bajtů: 281 071 857 664
.
- - End Of File - - EE657380315BCA9DD3FE3238255D2F8D
5C0B9AA11771DB9CC2EE985718E08DFB

[Reklama]

[VaclavS]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:12:44, on 6.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Patrik\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5161 bytes

[VaclavS]

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-08-06 13:19:47
-----------------------------
13:19:47.435 OS Version: Windows x64 6.1.7601 Service Pack 1
13:19:47.435 Number of processors: 2 586 0x170A
13:19:47.435 ComputerName: PATRIK-PC UserName: Patrik
13:19:48.153 Initialize success
13:19:48.200 VM: initialized successfully
13:19:48.215 VM: Intel CPU BiosDisabled
13:19:57.842 VM: disk I/O atapi.sys
13:20:17.195 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:20:17.195 Disk 0 Vendor: Hitachi_HDT721032SLA380 ST2OA39D Size: 305245MB BusType: 3
13:20:17.210 Disk 0 MBR read successfully
13:20:17.210 Disk 0 MBR scan
13:20:17.210 Disk 0 unknown MBR code
13:20:17.226 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:20:17.226 Disk 0 default boot code
13:20:17.242 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305142 MB offset 206848
13:20:17.257 Disk 0 scanning C:\Windows\system32\drivers
13:20:35.478 Service scanning
13:20:55.118 Modules scanning
13:20:55.118 Disk 0 trace - called modules:
13:20:55.134 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80018822c0]<<sptd.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
13:20:55.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027b7060]
13:20:55.150 3 CLASSPNP.SYS[fffff88001a8c43f] -> nt!IofCallDriver -> [0xfffffa800228e520]
13:20:55.165 5 ACPI.sys[fffff8800117f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800228a680]
13:20:55.165 \Driver\atapi[0xfffffa800227e920] -> IRP_MJ_CREATE -> 0xfffffa80018822c0
13:20:55.181 Scan finished successfully
13:21:04.931 Disk 0 MBR has been saved successfully to "C:\Users\Patrik\Desktop\MBR.dat"
13:21:04.931 The log file has been saved successfully to "C:\Users\Patrik\Desktop\aswMBR.txt"

[Orcus]

V HJT fixni:
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

Oprav prosím MBR:
http://www.sezob.cz/navody/win7_oprava_mbr.html

Co problémy?

[VaclavS]

Bohužel i po celé proceduře nevidím žádný rozdíl v chování PC.
Tu opravu MBR moc nechápu a ani nemám žádné instalační médium (je to OEM verze).

PC už je tedy bez virů? Při mazání přes ten RoqueKiller jsem psal včera "v záložce Antirootkit nešlo nic zatrhnout. Před nálezy nebyla zatržítka..." takže ty rootkity jak našel ten RogueKiller se odstranily přes ten ComboFix?

[jaro3]

To je antirootkitová kontrola ovladačů , žádná nákaza!

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si Registry Defrag

na svojí plochu a spusť ho. Program se nainstaluje a potom se spustí.
Zavři si nejprve všechny ostatní programy a prohlížeče a deaktivuj antivir.

Klikni na „Next“.
Program proskenuje registry a vytvoří nový bod obnovy. Poté restartuje PC. Po restartu program můžeš zavřít.

**********************

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.


Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

[VaclavS]

Právě v té antirootkitové kontrole ovladačů se mi zdálo, že byly některé ovladače zvýrazněny oranžově a infikovány (Hook.IRP).

Udělal jsem si nový test v RogueKilleru (log viz. níže) a je to tam stále. Samozřejmě odborník jste tu vy, takže to berete jen jako planý poplach nebo něco takového? Děkuji za objasnění.

Jinak PC je sice stále pomalý, ale dnes se (zatím) nesekl.

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Patrik [Práva správce]
Mód : Kontrola -- Datum : 08/06/2014 16:05:48

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 18 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DF7612E2-A871-41E9-B25C-8EA1BE721582} | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF7612E2-A871-41E9-B25C-8EA1BE721582} | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DF7612E2-A871-41E9-B25C-8EA1BE721582} | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NALEZENO
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NALEZENO
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NALEZENO
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NALEZENO
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 7 (Driver: NAHRÁNO) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_CREATE[0] : C:\Windows\System32\drivers\tcpip.sys @ 0x18812c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_CLOSE[2] : C:\Windows\System32\drivers\tcpip.sys @ 0x18812c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_DEVICE_CONTROL[14] : C:\Windows\System32\drivers\tcpip.sys @ 0x18812c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : C:\Windows\System32\drivers\tcpip.sys @ 0x18812c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_POWER[22] : C:\Windows\System32\drivers\tcpip.sys @ 0x18812c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_SYSTEM_CONTROL[23] : C:\Windows\System32\drivers\tcpip.sys @ 0x18812c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_PNP[27] : C:\Windows\System32\drivers\tcpip.sys @ 0x18812c0

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721032SLA380 ATA Device +++++
--- User ---
[MBR] d09e92181b62e45a5537a59de20c9505
[BSP] 2fb87da8191ebfc52e46ea59f1df65e1 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305142 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_08052014_125900.log - RKreport_SCN_08052014_125817.log

[VaclavS]

Zde je log z CrystalDiskInfo

----------------------------------------------------------------------------
CrystalDiskInfo 6.1.13 (C) 2008-2014 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium SP1 [6.1 Build 7601] (x64)
Date : 2014/08/06 17:07:35

-- Controller Map ----------------------------------------------------------
+ Řadič úložiště Intel(R) 82801GB/GR/GH (řada ICH7) s rozhraním Serial ATA - 27C0 [ATA]
+ ATA Channel 0 (0)
- hp CDDVDW TS-H653R ATA Device
- Hitachi HDT721032SLA380 ATA Device
- ATA Channel 1 (1)

-- Disk List ---------------------------------------------------------------
(1) Hitachi HDT721032SLA380 : 320,0 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) Hitachi HDT721032SLA380
----------------------------------------------------------------------------
Model : Hitachi HDT721032SLA380
Firmware : ST2OA39D
Serial Number : STD207MT2BWG4S
Disk Size : 320,0 GB (8,4/137,4/320,0/320,0)
Buffer Size : 7058 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : ---- | SATA/300
Power On Hours : 19934 hod.
Power On Count : 1925 krát
Temperature : 40 C (104 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : 8080h [ON]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _83 _71 _16 0000000001D2 Počet chyb čtení
02 100 100 _54 000000000000 Průchodnost disku
03 142 100 _24 000300D1008F Čas na roztočení ploten
04 100 100 __0 00000000078D Počet spuštění/zastavení
05 100 100 __5 000000000000 Počet přemapovaných sektorů
07 100 100 _67 000000000000 Počet chybných hledání
08 123 100 _20 000000000022 Čas potřebný na vyhledání
09 _98 _98 __0 000000004DDE Hodin v činnosti
0A 100 100 _60 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 000000000785 Počet cyklů zapnutí zařízení
C0 _99 _99 __0 00000000078F Počet vypnutí disku
C1 _99 _99 __0 00000000078F Počet cyklů načítání/vymazání
C2 150 127 __0 002F00130028 Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 045A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 5354 4432 3037 4D54 3242 5747 3453
020: 0003 3724 0038 5354 324F 4133 3944 4869 7461 6368
030: 6920 4844 5437 3231 3033 3253 4C41 3338 3020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 005E 0040
080: 01FC 0029 3069 7E09 4773 3069 BE01 4763 207F 0000
090: 0000 0000 FFFE 0000 8080 0008 00CA 00F9 2710 0000
100: EAB0 2542 0000 0000 00CA 0000 0000 5A87 5000 CCA3
110: 5FE1 9628 0000 0000 0000 0000 0000 0000 0000 4014
120: 4014 0000 0000 0000 0000 0000 0000 0000 0000 000B
130: 0000 0000 2980 0DB1 3E20 0001 4000 0404 8531 0000
140: 0000 0604 0604 0404 0404 0404 0404 5CFF 268A 109A
150: 8000 0000 3248 4133 0000 A802 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003D 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0021 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 03E0 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 D3A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2B 00 53 47 D2 01 00 00 00 00 00 02 25
010: 00 64 64 00 00 00 00 00 00 00 03 27 00 8E 64 8F
020: 00 D1 00 03 00 00 04 32 00 64 64 8D 07 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 00 00 00 07 2B
040: 00 64 64 00 00 00 00 00 00 00 08 25 00 7B 64 22
050: 00 00 00 00 00 00 09 12 00 62 62 DE 4D 00 00 00
060: 00 00 0A 33 00 64 64 00 00 00 00 00 00 00 0C 32
070: 00 64 64 85 07 00 00 00 00 00 C0 32 00 63 63 8F
080: 07 00 00 00 00 00 C1 12 00 63 63 8F 07 00 00 00
090: 00 00 C2 02 00 96 7F 28 00 13 00 2F 00 00 C4 32
0A0: 00 64 64 00 00 00 00 00 00 00 C5 22 00 64 64 00
0B0: 00 00 00 00 00 00 C6 28 00 64 64 00 00 00 00 00
0C0: 00 00 C7 0A 00 C8 C8 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 84 00 66 12 01 5B
170: 03 00 01 00 01 4F 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9E

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 10 00 00 00 00 00 00 00 00 00 00 02 36
010: 00 00 00 00 00 00 00 00 00 00 03 18 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 05 00 00 00 00 00 00 00 00 00 00 07 43
040: 00 00 00 00 00 00 00 00 00 00 08 14 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 3C 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
080: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C4 00
0A0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0B0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0C0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64

[jaro3]

ovladače jsou OK..

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Co Memtest? Co problémy?

[VaclavS]

Memtest běžel 2,5 hodiny a nenašel žádnou chybu.
PC už se neseká, ale rychlé rozhodně není...

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Patrik [Práva správce]
Mód : Odebrat -- Datum : 08/06/2014 20:19:05

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 20 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DF7612E2-A871-41E9-B25C-8EA1BE721582} | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF7612E2-A871-41E9-B25C-8EA1BE721582} | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DF7612E2-A871-41E9-B25C-8EA1BE721582} | DhcpNameServer : 10.0.0.1 192.168.0.1 -> NAHRAZENO ()
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> VYMAZÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NAHRAZENO (1)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NAHRAZENO (1)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NAHRAZENO (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NAHRAZENO (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NAHRAZENO (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NAHRAZENO (1)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3953349268-363739067-3603535564-1014\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 8 (Driver: NAHRÁNO) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_CREATE[0] : C:\Windows\System32\drivers\tcpip.sys @ 0x18822c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_CLOSE[2] : C:\Windows\System32\drivers\tcpip.sys @ 0x18822c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_DEVICE_CONTROL[14] : C:\Windows\System32\drivers\tcpip.sys @ 0x18822c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : C:\Windows\System32\drivers\tcpip.sys @ 0x18822c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_POWER[22] : C:\Windows\System32\drivers\tcpip.sys @ 0x18822c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_SYSTEM_CONTROL[23] : C:\Windows\System32\drivers\tcpip.sys @ 0x18822c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_PNP[27] : C:\Windows\System32\drivers\tcpip.sys @ 0x18822c0
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\Disk @ \Device\Harddisk0\DR0 (\SystemRoot\System32\drivers\rdyboost.sys)

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721032SLA380 ATA Device +++++
--- User ---
[MBR] d09e92181b62e45a5537a59de20c9505
[BSP] 2fb87da8191ebfc52e46ea59f1df65e1 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305142 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_08062014_201837.log

[VaclavS]

MSE asi není moc dobrý antivir, když propouští viry, že? Je lepší používat nějaký jiný? Např. avast?

[jaro3]

Ano , MSE bych vyměnil za Avast , Aviru nebo AVG ši Comodo.

Co ty problémy?