Prosím o kontrolu logu.

junebag · Příspěvekod **junebag** » 18 srp 2014 15:33

ComboFix 14-08-17.01 - Tomáš 18.08.2014 15:24:30.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3326.2278 [GMT 2:00]
Spuštěný z: c:\users\TomßÜ\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-18 do 2014-08-18 )))))))))))))))))))))))))))))))
.
.
2014-08-18 13:30 . 2014-08-18 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-18 02:35 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-08-18 02:35 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-08-18 02:35 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-08-18 02:35 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-08-18 02:35 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-08-18 02:35 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-08-18 02:35 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-08-18 02:35 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-08-18 02:35 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-08-18 02:35 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-08-18 02:34 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-18 02:34 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-18 02:34 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-18 02:34 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-18 02:34 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-08-18 02:34 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2014-08-18 02:34 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-08-18 02:34 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2014-08-18 02:33 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-08-18 02:33 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-08-18 02:21 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2014-08-18 02:21 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2014-08-18 02:21 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-08-18 02:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-08-18 02:16 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-08-18 02:16 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-08-18 02:15 . 2014-03-22 20:09 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-08-18 02:15 . 2014-03-22 20:09 25400 ----a-w- c:\windows\system32\authuitu.dll
2014-08-18 02:15 . 2014-08-18 02:15 -------- d-----w- c:\program files\AVG
2014-08-18 02:14 . 2014-08-18 02:15 -------- d-----w- c:\programdata\AVG
2014-08-18 02:13 . 2014-08-18 02:13 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-18 02:13 . 2014-08-18 02:13 -------- d--h--w- c:\programdata\Common Files
2014-08-18 02:13 . 2014-08-18 02:13 -------- d-----w- c:\program files\CrystalDiskInfo
2014-08-17 19:05 . 2014-08-17 19:05 -------- d-----w- c:\program files\VideoLAN
2014-08-17 18:10 . 2014-08-17 18:10 -------- d-----w- c:\windows\system32\SPReview
2014-08-17 17:51 . 2014-08-17 17:51 -------- d-----w- c:\windows\system32\EventProviders
2014-08-17 13:17 . 2014-08-17 13:17 -------- d-----w- c:\program files\ESET
2014-08-17 10:08 . 2014-08-17 18:20 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-17 10:08 . 2014-08-17 10:08 -------- d-----w- c:\programdata\RogueKiller
2014-08-17 10:05 . 2014-08-17 10:05 -------- d-----w- c:\windows\ERUNT
2014-08-17 08:44 . 2014-08-17 09:59 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-17 08:44 . 2014-08-17 08:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-17 08:44 . 2014-08-17 08:44 -------- d-----w- c:\programdata\Malwarebytes
2014-08-17 08:44 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-17 08:44 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-17 08:44 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-17 08:38 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-17 08:38 . 2014-08-17 09:58 -------- d-----w- C:\AdwCleaner
2014-08-16 14:55 . 2014-08-16 14:55 -------- d-----w- c:\program files\Rainmeter
2014-08-16 12:04 . 2014-08-16 12:05 -------- d-----w- c:\program files\Google
2014-08-16 09:40 . 2014-08-16 09:40 -------- d-s---w- c:\windows\system32\CompatTel
2014-08-16 05:33 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2014-08-15 17:13 . 2014-08-15 17:13 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-08-15 17:13 . 2014-08-15 17:13 -------- d-----w- c:\program files\Comodo
2014-08-15 17:12 . 2014-08-17 19:02 -------- d-----w- C:\The KMPlayer
2014-08-15 13:19 . 2014-08-17 15:26 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-08-15 13:19 . 2014-08-17 15:25 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-08-15 13:19 . 2014-08-17 15:25 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-08-15 13:19 . 2014-08-15 13:19 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-08-15 13:14 . 2014-08-15 12:21 -------- d-----w- c:\windows\Panther
2014-08-15 12:55 . 2014-08-15 12:55 -------- d-----w- c:\program files\GamePark2
2014-08-15 12:50 . 2014-08-15 12:51 -------- d-----w- C:\totalcmd
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\UC.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\RAR.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\PKZIP.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\PKUNZIP.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\LHA.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\ARJ.PIF
2014-08-15 12:49 . 2014-08-15 12:49 -------- d-sh--w- c:\windows\ftpcache
2014-08-15 12:47 . 2014-08-15 12:47 -------- d-----w- c:\program files\Activision
2014-08-15 12:45 . 2014-07-14 02:12 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{886197BF-9654-4720-B733-A4CC7E602922}\mpengine.dll
2014-08-15 12:45 . 2014-08-05 07:20 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-15 12:39 . 2014-08-16 12:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 12:39 . 2014-08-16 12:04 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-15 12:38 . 2014-08-15 12:38 -------- d-----w- c:\windows\system32\Macromed
2014-08-15 12:37 . 2014-08-15 12:37 -------- d-----w- c:\program files\Common Files\Skype
2014-08-15 12:37 . 2014-08-15 12:37 -------- d-----r- c:\program files\Skype
2014-08-15 12:37 . 2014-08-18 02:16 -------- d-sh--w- c:\windows\Installer
2014-08-15 12:37 . 2014-08-15 12:38 -------- d-----w- c:\programdata\Skype
2014-08-15 12:32 . 2014-08-15 12:32 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-08-15 12:30 . 2014-08-15 12:30 -------- d-----w- c:\program files\ATI Technologies
2014-08-15 12:27 . 2014-08-15 12:27 -------- d-----w- c:\windows\system32\RTCOM
2014-08-15 12:25 . 2014-08-15 12:28 16608 ----a-w- c:\windows\gdrv.sys
2014-08-15 12:21 . 2014-08-15 12:23 -------- d-----w- c:\users\Tomáš
2014-08-15 12:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-15 12:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-08-15 12:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-15 12:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-08-15 12:21 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-08-15 12:21 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-08-15 12:21 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-08-15 12:21 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-15 12:21 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-15 12:17 . 2014-08-15 12:17 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-17 18:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-08-16 05:34 . 2014-08-16 05:34 203776 ----a-w- c:\windows\system32\webcheck.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-24 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
.
c:\users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-29 36024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2014-8-15 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2014-05-27 2139328]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2014-03-22 1805624]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2014-02-10 12320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 12:16 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15 12:04]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-16 12:05]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-16 12:05]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\wemhkut0.default\
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-08-18 15:32:19
ComboFix-quarantined-files.txt 2014-08-18 13:32
.
Před spuštěním: Volných bajtů: 180 542 861 312
Po spuštění: Volných bajtů: 180 282 785 792
.
- - End Of File - - 753D8599C20F49E58FF64B34E185D3CF
A36C5E4F47E84449FF07ED3517B43A31

Reklama

Příspěvekod **jaro3** » 18 srp 2014 19:05

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\ativpsrm.bin
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\AVG
c:\programdata\AVG
c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
c:\program files\ESET
c:\program files\Skype\Updater
c:\program files\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Doinstaluj si antivir , Avira nebo Avast.

junebag · Příspěvekod **junebag** » 18 srp 2014 21:12

ComboFix 14-08-17.01 - Tomáš 18.08.2014 20:56:35.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3326.2452 [GMT 2:00]
Spuštěný z: c:\users\TomßÜ\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\TomßÜ\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

_____________________________

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-08-18 21:06:59
-----------------------------
21:06:59.603 OS Version: Windows 6.1.7601 Service Pack 1
21:06:59.603 Number of processors: 4 586 0x203
21:06:59.604 ComputerName: TOMÁŠ-PC UserName: Tomáš
21:07:00.475 Initialize success
21:07:00.499 VM: initialized successfully
21:07:00.512 VM: Amd CPU BiosDisabled
21:07:05.773 VM: not used
21:07:13.459 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:07:13.459 Disk 0 Vendor: WDC_WD5000AAKX-003CA0 15.01H15 Size: 476938MB BusType: 3
21:07:13.599 Disk 0 MBR read successfully
21:07:13.599 Disk 0 MBR scan
21:07:13.599 Disk 0 Windows 7 default MBR code
21:07:13.599 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 200003 MB offset 2048
21:07:13.631 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 276932 MB offset 409610240
21:07:13.646 Disk 0 Boot: NTFS code=2
21:07:13.646 Disk 0 scanning sectors +976766976
21:07:13.709 Disk 0 scanning C:\Windows\system32\drivers
21:07:18.014 Service scanning
21:09:02.113 Modules scanning
21:09:09.570 Disk 0 trace - called modules:
21:09:09.601 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:09:09.601 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863af648]
21:09:09.617 3 CLASSPNP.SYS[8bd9b59e] -> nt!IofCallDriver -> [0x85ec6340]
21:09:09.617 5 ACPI.sys[8b8143d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85574908]
21:09:09.617 Scan finished successfully
21:11:24.011 Disk 0 MBR has been saved successfully to "C:\Users\Tomáš\Desktop\MBR.dat"
21:11:24.011 The log file has been saved successfully to "C:\Users\Tomáš\Desktop\aswMBR.txt"

.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-18 do 2014-08-18 )))))))))))))))))))))))))))))))
.
.
2014-08-18 19:02 . 2014-08-18 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-18 02:35 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-08-18 02:35 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-08-18 02:35 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-08-18 02:35 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-08-18 02:35 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-08-18 02:35 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-08-18 02:35 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-08-18 02:35 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-08-18 02:35 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-08-18 02:35 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-08-18 02:34 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-18 02:34 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-18 02:34 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-18 02:34 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-18 02:34 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-08-18 02:34 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2014-08-18 02:34 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-08-18 02:34 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2014-08-18 02:33 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-08-18 02:33 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-08-18 02:21 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2014-08-18 02:21 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2014-08-18 02:21 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-08-18 02:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-08-18 02:16 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-08-18 02:16 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-08-18 02:15 . 2014-03-22 20:09 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-08-18 02:15 . 2014-03-22 20:09 25400 ----a-w- c:\windows\system32\authuitu.dll
2014-08-18 02:15 . 2014-08-18 02:15 -------- d-----w- c:\program files\AVG
2014-08-18 02:14 . 2014-08-18 02:15 -------- d-----w- c:\programdata\AVG
2014-08-18 02:13 . 2014-08-18 02:13 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-18 02:13 . 2014-08-18 02:13 -------- d--h--w- c:\programdata\Common Files
2014-08-18 02:13 . 2014-08-18 02:13 -------- d-----w- c:\program files\CrystalDiskInfo
2014-08-17 19:05 . 2014-08-17 19:05 -------- d-----w- c:\program files\VideoLAN
2014-08-17 18:10 . 2014-08-17 18:10 -------- d-----w- c:\windows\system32\SPReview
2014-08-17 17:51 . 2014-08-17 17:51 -------- d-----w- c:\windows\system32\EventProviders
2014-08-17 13:17 . 2014-08-17 13:17 -------- d-----w- c:\program files\ESET
2014-08-17 10:08 . 2014-08-17 18:20 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-17 10:08 . 2014-08-17 10:08 -------- d-----w- c:\programdata\RogueKiller
2014-08-17 10:05 . 2014-08-17 10:05 -------- d-----w- c:\windows\ERUNT
2014-08-17 08:44 . 2014-08-17 09:59 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-17 08:44 . 2014-08-17 08:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-17 08:44 . 2014-08-17 08:44 -------- d-----w- c:\programdata\Malwarebytes
2014-08-17 08:44 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-17 08:44 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-17 08:44 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-17 08:38 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-17 08:38 . 2014-08-17 09:58 -------- d-----w- C:\AdwCleaner
2014-08-16 14:55 . 2014-08-16 14:55 -------- d-----w- c:\program files\Rainmeter
2014-08-16 12:04 . 2014-08-16 12:05 -------- d-----w- c:\program files\Google
2014-08-16 09:40 . 2014-08-16 09:40 -------- d-s---w- c:\windows\system32\CompatTel
2014-08-16 05:33 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2014-08-15 17:13 . 2014-08-15 17:13 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-08-15 17:13 . 2014-08-15 17:13 -------- d-----w- c:\program files\Comodo
2014-08-15 17:12 . 2014-08-18 13:40 -------- d-----w- C:\The KMPlayer
2014-08-15 13:19 . 2014-08-17 15:26 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-08-15 13:19 . 2014-08-17 15:25 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-08-15 13:19 . 2014-08-17 15:25 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-08-15 13:19 . 2014-08-15 13:19 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-08-15 13:14 . 2014-08-15 12:21 -------- d-----w- c:\windows\Panther
2014-08-15 12:55 . 2014-08-15 12:55 -------- d-----w- c:\program files\GamePark2
2014-08-15 12:50 . 2014-08-15 12:51 -------- d-----w- C:\totalcmd
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\UC.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\RAR.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\PKZIP.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\PKUNZIP.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\LHA.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\ARJ.PIF
2014-08-15 12:49 . 2014-08-15 12:49 -------- d-sh--w- c:\windows\ftpcache
2014-08-15 12:47 . 2014-08-15 12:47 -------- d-----w- c:\program files\Activision
2014-08-15 12:45 . 2014-07-14 02:12 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{886197BF-9654-4720-B733-A4CC7E602922}\mpengine.dll
2014-08-15 12:45 . 2014-08-05 07:20 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-15 12:39 . 2014-08-16 12:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 12:39 . 2014-08-16 12:04 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-15 12:38 . 2014-08-15 12:38 -------- d-----w- c:\windows\system32\Macromed
2014-08-15 12:37 . 2014-08-15 12:37 -------- d-----w- c:\program files\Common Files\Skype
2014-08-15 12:37 . 2014-08-15 12:37 -------- d-----r- c:\program files\Skype
2014-08-15 12:37 . 2014-08-18 02:16 -------- d-sh--w- c:\windows\Installer
2014-08-15 12:37 . 2014-08-15 12:38 -------- d-----w- c:\programdata\Skype
2014-08-15 12:32 . 2014-08-15 12:32 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-08-15 12:30 . 2014-08-15 12:30 -------- d-----w- c:\program files\ATI Technologies
2014-08-15 12:27 . 2014-08-15 12:27 -------- d-----w- c:\windows\system32\RTCOM
2014-08-15 12:25 . 2014-08-15 12:28 16608 ----a-w- c:\windows\gdrv.sys
2014-08-15 12:21 . 2014-08-15 12:23 -------- d-----w- c:\users\Tomáš
2014-08-15 12:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-15 12:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-08-15 12:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-15 12:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-08-15 12:21 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-08-15 12:21 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-08-15 12:21 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-08-15 12:21 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-15 12:21 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-15 12:17 . 2014-08-15 12:17 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-17 18:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-08-16 05:34 . 2014-08-16 05:34 203776 ----a-w- c:\windows\system32\webcheck.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-24 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
.
c:\users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-29 36024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2014-8-15 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2014-05-27 2139328]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2014-03-22 1805624]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2014-02-10 12320]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 12:16 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15 12:04]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-16 12:05]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-16 12:05]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\wemhkut0.default\
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-08-18 21:04:20
ComboFix-quarantined-files.txt 2014-08-18 19:04
ComboFix2.txt 2014-08-18 13:32
.
Před spuštěním: Volných bajtů: 180 182 732 800
Po spuštění: Volných bajtů: 179 889 172 480
.
- - End Of File - - 3BCC6148EB9B7E92C1119BFF4CF0A99F
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 19 srp 2014 09:53

Script v Combofixu udělej znovu , v nouz. režimu.+nový log z HJT.

junebag · Příspěvekod **junebag** » 19 srp 2014 15:13

ComboFix 14-08-17.01 - Tomáš 19.08.2014 14:59:22.3.4 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3326.2638 [GMT 2:00]
Spuštěný z: c:\users\TomßÜ\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\TomßÜ\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-19 do 2014-08-19 )))))))))))))))))))))))))))))))
.
.
2014-08-19 13:04 . 2014-08-19 13:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-18 20:06 . 2014-08-18 20:06 -------- d-----w- c:\program files\Microsoft.NET
2014-08-18 20:06 . 2014-08-18 20:06 -------- d-----w- c:\windows\Migration
2014-08-18 19:21 . 2014-08-18 19:21 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-08-18 19:21 . 2014-08-18 19:21 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-08-18 19:19 . 2014-08-18 19:19 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-08-18 12:43 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2014-08-18 12:43 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-08-18 12:43 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-08-18 12:43 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2014-08-18 12:41 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2014-08-18 12:40 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2014-08-18 12:39 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2014-08-18 12:38 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-18 12:38 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-18 12:38 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-18 12:38 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-18 12:36 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-08-18 02:37 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-08-18 02:36 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2014-08-18 02:35 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-08-18 02:35 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-08-18 02:35 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-08-18 02:35 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-08-18 02:35 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-08-18 02:35 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-08-18 02:35 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-08-18 02:35 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-08-18 02:35 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-08-18 02:34 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-18 02:34 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-18 02:34 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-18 02:34 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-18 02:34 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-08-18 02:34 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2014-08-18 02:33 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-08-18 02:33 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-08-18 02:21 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-08-18 02:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-08-18 02:16 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-08-18 02:15 . 2014-03-22 20:09 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-08-18 02:15 . 2014-03-22 20:09 25400 ----a-w- c:\windows\system32\authuitu.dll
2014-08-18 02:15 . 2014-08-18 02:15 -------- d-----w- c:\program files\AVG
2014-08-18 02:14 . 2014-08-18 02:15 -------- d-----w- c:\programdata\AVG
2014-08-18 02:13 . 2014-08-18 02:13 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-18 02:13 . 2014-08-18 02:13 -------- d--h--w- c:\programdata\Common Files
2014-08-18 02:13 . 2014-08-18 02:13 -------- d-----w- c:\program files\CrystalDiskInfo
2014-08-17 19:05 . 2014-08-17 19:05 -------- d-----w- c:\program files\VideoLAN
2014-08-17 18:10 . 2014-08-17 18:10 -------- d-----w- c:\windows\system32\SPReview
2014-08-17 17:51 . 2014-08-17 17:51 -------- d-----w- c:\windows\system32\EventProviders
2014-08-17 13:17 . 2014-08-17 13:17 -------- d-----w- c:\program files\ESET
2014-08-17 10:08 . 2014-08-17 18:20 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-17 10:08 . 2014-08-17 10:08 -------- d-----w- c:\programdata\RogueKiller
2014-08-17 10:05 . 2014-08-17 10:05 -------- d-----w- c:\windows\ERUNT
2014-08-17 08:44 . 2014-08-17 09:59 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-17 08:44 . 2014-08-17 08:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-17 08:44 . 2014-08-17 08:44 -------- d-----w- c:\programdata\Malwarebytes
2014-08-17 08:44 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-17 08:44 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-17 08:44 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-17 08:38 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-17 08:38 . 2014-08-17 09:58 -------- d-----w- C:\AdwCleaner
2014-08-16 14:55 . 2014-08-16 14:55 -------- d-----w- c:\program files\Rainmeter
2014-08-16 12:04 . 2014-08-16 12:05 -------- d-----w- c:\program files\Google
2014-08-16 09:40 . 2014-08-19 02:29 -------- d-s---w- c:\windows\system32\CompatTel
2014-08-16 05:33 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2014-08-15 17:13 . 2014-08-15 17:13 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-08-15 17:13 . 2014-08-15 17:13 -------- d-----w- c:\program files\Comodo
2014-08-15 17:12 . 2014-08-19 12:52 -------- d-----w- C:\The KMPlayer
2014-08-15 13:19 . 2014-08-17 15:26 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-08-15 13:19 . 2014-08-17 15:25 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-08-15 13:19 . 2014-08-17 15:25 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-08-15 13:19 . 2014-08-15 13:19 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-08-15 13:14 . 2014-08-15 12:21 -------- d-----w- c:\windows\Panther
2014-08-15 12:55 . 2014-08-15 12:55 -------- d-----w- c:\program files\GamePark2
2014-08-15 12:50 . 2014-08-15 12:51 -------- d-----w- C:\totalcmd
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\UC.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\RAR.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\PKZIP.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\PKUNZIP.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\LHA.PIF
2014-08-15 12:50 . 2014-04-23 06:51 545 ----a-w- c:\windows\ARJ.PIF
2014-08-15 12:49 . 2014-08-15 12:49 -------- d-sh--w- c:\windows\ftpcache
2014-08-15 12:47 . 2014-08-15 12:47 -------- d-----w- c:\program files\Activision
2014-08-15 12:45 . 2014-07-14 02:12 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{886197BF-9654-4720-B733-A4CC7E602922}\mpengine.dll
2014-08-15 12:45 . 2014-08-05 07:20 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-15 12:39 . 2014-08-16 12:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 12:39 . 2014-08-16 12:04 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-15 12:38 . 2014-08-15 12:38 -------- d-----w- c:\windows\system32\Macromed
2014-08-15 12:37 . 2014-08-15 12:37 -------- d-----w- c:\program files\Common Files\Skype
2014-08-15 12:37 . 2014-08-15 12:37 -------- d-----r- c:\program files\Skype
2014-08-15 12:37 . 2014-08-19 02:53 -------- d-sh--w- c:\windows\Installer
2014-08-15 12:37 . 2014-08-15 12:38 -------- d-----w- c:\programdata\Skype
2014-08-15 12:32 . 2014-08-15 12:32 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-08-15 12:30 . 2014-08-15 12:30 -------- d-----w- c:\program files\ATI Technologies
2014-08-15 12:27 . 2014-08-15 12:27 -------- d-----w- c:\windows\system32\RTCOM
2014-08-15 12:25 . 2014-08-15 12:28 16608 ----a-w- c:\windows\gdrv.sys
2014-08-15 12:21 . 2014-08-15 12:23 -------- d-----w- c:\users\Tomáš
2014-08-15 12:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-15 12:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-08-15 12:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-15 12:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-08-15 12:21 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-08-15 12:21 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-08-15 12:21 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-08-15 12:21 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-15 12:21 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-15 12:17 . 2014-08-15 12:17 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-18 19:22 . 2014-08-18 19:22 208384 ----a-w- c:\windows\system32\webcheck.dll
2014-08-17 18:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-24 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
.
c:\users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-29 36024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2014-8-15 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2014-05-27 2139328]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2014-03-22 1805624]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]
R3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2014-02-10 12320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 12:16 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15 12:04]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-16 12:05]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-16 12:05]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\wemhkut0.default\
FF - prefs.js: browser.startup.homepage - hxxps://email.seznam.cz/|https://www.fa ... reezoo.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-08-19 15:06:34
ComboFix-quarantined-files.txt 2014-08-19 13:06
ComboFix2.txt 2014-08-18 19:04
ComboFix3.txt 2014-08-18 13:32
.
Před spuštěním: Volných bajtů: 176 835 563 520
Po spuštění: Volných bajtů: 176 474 497 024
.
- - End Of File - - D2FA1A758044518231893966248CDDDD
A36C5E4F47E84449FF07ED3517B43A31

_____________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:13:12, on 19.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)

FIREFOX: 31.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tomáš\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo Security Solutions, Inc. - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

--
End of file - 3124 bytes

Příspěvekod **jaro3** » 19 srp 2014 19:11

Smaž ručně:
c:\program files\AVG
c:\programdata\AVG
c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
c:\program files\ESET
c:\program files\Skype\Updater
c:\program files\Google\Update

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Vlož nový log z HJT + info o problémech.

Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Kdo je online