Prosím o kontrolu logu Vyřešeno

[jaro3]

antispywarovou ochranu máč přeci už v antiviru , není vhodné mít dalčí.

Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://jpshortstuff.247fixes.com/SystemLook.exe

SystemLook (64-bit)
http://jpshortstuff.247fixes.com/SystemLook_x64.exe

a ulož si ho na plochu.

Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:

Kód: Vybrat vše

:filefind
conhost.exe.*


Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.

[Reklama]

[Zeppelin]

Ahoj,
tak tady jsou logy

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:34:35, on 25.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\ctfmon.exe
C:\The KMPlayer\KMPlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Users\Marek\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: SolidWorks Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\national instruments\shared\mdns responder\nimdnsnsp.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NI Citadel 4 Service (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: NI PSP Service Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: NI Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: NI Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI License Server (NILM License Manager) - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI Service Locator (NiSvcLoc) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\niSvcLoc\nisvcloc.exe
O23 - Service: NI System Web Server (NISystemWebServer) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5469 bytes




aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-25 19:09:18
-----------------------------
19:09:18.653 OS Version: Windows 6.1.7601 Service Pack 1
19:09:18.653 Number of processors: 1 586 0x605
19:09:18.656 ComputerName: MAREK-PC UserName: Marek
19:09:19.244 Initialize success
19:09:19.323 VM: initialized successfully
19:09:19.332 VM: Intel CPU virtualization not supported
19:09:24.582 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:09:24.588 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABEA Size: 152626MB BusType: 3
19:09:24.594 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
19:09:24.600 Disk 1 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
19:09:24.606 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-2
19:09:24.614 Disk 2 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
19:09:24.714 Disk 0 MBR read successfully
19:09:24.722 Disk 0 MBR scan
19:09:24.730 Disk 0 Windows 7 default MBR code
19:09:24.743 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:09:24.750 Disk 0 Boot: NTFS code=2
19:09:24.768 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 80000 MB offset 206848
19:09:25.146 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 72524 MB offset 164046848
19:09:25.162 Disk 0 scanning sectors +312576000
19:09:25.310 Disk 0 scanning C:\Windows\system32\drivers
19:09:31.155 Service scanning
19:09:49.854 Modules scanning
19:09:56.652 Disk 0 trace - called modules:
19:09:56.676 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
19:09:56.688 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86132580]
19:09:56.700 3 CLASSPNP.SYS[8b39b59e] -> nt!IofCallDriver -> [0x85c9e918]
19:09:56.712 5 ACPI.sys[8ae913d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x853c3610]
19:09:56.724 Scan finished successfully
19:10:15.223 Disk 0 MBR has been saved successfully to "C:\Users\Marek\Desktop\MBR.dat"
19:10:15.238 The log file has been saved successfully to "C:\Users\Marek\Desktop\aswMBR.txt"


RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Marek [Práva správce]
Mód : Odebrat -- Datum : 09/25/2014 19:28:03

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 10 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm -> VYMAZÁNO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NAHRAZENO (1)
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NAHRAZENO (2)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2165320920-3175463172-1437399604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2165320920-3175463172-1437399604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2165320920-3175463172-1437399604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2165320920-3175463172-1437399604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> VYMAZÁNO

¤¤¤ Antirootkit : 1 (Driver: NAHRÁNO) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FIREFX:Addon] h3eggdx3.default : EPUBReader [{5384767E-00D9-40E9-B72F-9CC39D655D6F}] -> VYMAZÁNO
[PUM.HomePage][FIREFX:Config] h3eggdx3.default : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> NAHRAZENO (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] d2a10c8b6b2d92fe9fc8bb369054658b
[BSP] ac5178df67025e619b97abadd4883691 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 80000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 164046848 | Size: 72524 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] ccb0d2a79228f909cb180b0c0712b12d
[BSP] 9b7aec64e4d8a7893a3222c9717e5db6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: +++++
--- User ---
[MBR] 4a911cd9997c760d084337fbd1b65c0e
[BSP] 032f322acc72c399ce3eec4d1127e5ad : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_09232014_200137.log - RKreport_SCN_09212014_200128.log - RKreport_SCN_09232014_195526.log - RKreport_SCN_09242014_195428.log
RKreport_SCN_09242014_200920.log - RKreport_SCN_09242014_202020.log - RKreport_SCN_09252014_192525.log

[jaro3]

A ten SystemLook ?

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Zeppelin]

Ahoj,
toho systemlooku jsem si nevšiml.

ComboFix 14-09-24.01 - Marek 26.09.2014 9:38.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3072.2158 [GMT 2:00]
Spuštěný z: c:\users\Marek\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-26 do 2014-09-26 )))))))))))))))))))))))))))))))
.
.
2014-09-26 08:18 . 2014-09-26 08:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-24 18:33 . 2014-09-25 17:56 -------- d-----w- c:\users\Marek\AppData\Roaming\Vso
2014-09-24 18:31 . 2014-09-24 18:31 -------- d-----w- c:\program files\OWON
2014-09-23 18:31 . 2014-09-23 18:03 24064 ----a-w- c:\windows\zoek-delete.exe
2014-09-23 18:31 . 2014-09-26 08:18 -------- d-----w- c:\users\Marek\AppData\Local\Temp
2014-09-23 18:03 . 2014-09-23 18:25 -------- d-----w- C:\zoek_backup
2014-09-21 19:33 . 2014-09-25 16:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-09-21 19:33 . 2014-09-25 16:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-09-21 18:32 . 2014-09-21 18:32 -------- d-----w- c:\windows\ERUNT
2014-09-21 17:45 . 2014-09-25 17:13 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-21 17:45 . 2014-09-21 17:45 -------- d-----w- c:\programdata\RogueKiller
2014-09-14 17:49 . 2014-09-21 19:02 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 17:48 . 2014-09-14 17:48 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-14 17:48 . 2014-09-14 17:48 -------- d-----w- c:\programdata\Malwarebytes
2014-09-14 17:48 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-14 17:48 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-14 17:48 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-14 17:29 . 2014-09-21 17:42 -------- d-----w- C:\AdwCleaner
2014-09-14 08:33 . 2014-09-14 08:33 -------- d-----w- c:\programdata\IARSystems
2014-09-14 08:33 . 2014-09-14 08:33 -------- d-----w- c:\users\Marek\AppData\Roaming\IAR Embedded Workbench
2014-09-14 08:32 . 2014-09-14 08:32 -------- d-----w- c:\programdata\SafeNet Sentinel
2014-09-14 08:32 . 2014-09-14 08:32 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2014-09-14 08:27 . 2014-09-14 08:27 -------- d-----w- c:\program files\IAR Systems
2014-09-13 18:39 . 2014-09-13 18:39 -------- d-----w- c:\programdata\vsosdk
2014-09-13 17:15 . 2014-09-13 17:17 -------- d-----w- C:\Eclipse
2014-09-13 16:24 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2014-09-13 16:24 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2014-09-13 16:24 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2014-09-13 16:24 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2014-09-13 16:24 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2014-09-13 16:24 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2014-09-13 16:24 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2014-09-10 16:52 . 2014-09-10 16:52 -------- d-----w- c:\program files\Mobi File Reader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-13 16:24 . 2014-06-21 15:08 87608 ----a-w- c:\users\Marek\AppData\Roaming\inst.exe
2014-09-13 16:24 . 2014-06-21 15:08 47360 ----a-w- c:\users\Marek\AppData\Roaming\pcouffin.sys
2014-09-10 16:43 . 2014-05-02 12:08 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 16:43 . 2014-05-02 12:08 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-07 16:48 . 2014-08-07 16:49 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-06 08:49 . 2014-08-06 08:49 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-07-21 19:03 . 2014-07-21 19:03 200984 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-30 10:43 . 2014-06-30 10:43 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-05-29 12:18 . 2013-05-29 12:18 158720 ----a-w- c:\program files\internet explorer\plugins\LV2012ActiveXControl.dll
2013-06-20 18:19 . 2013-06-20 18:19 158720 ----a-w- c:\program files\internet explorer\plugins\LV2013ActiveXControl.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Nástroj pro stahování na pozadí.lnk - c:\program files\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2014-5-2 1826600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NI Error Reporting.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
backup=c:\windows\pss\NI Error Reporting.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Update Service]
2013-05-28 17:43 857888 ----a-w- c:\program files\National Instruments\Shared\Update Service\NIUpdateService.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-08-25 3242000]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 libusb0;libusb-win32 - Kernel Driver 01/18/2012 1.2.6.0;c:\windows\system32\DRIVERS\libusb0.sys [2013-06-21 42592]
R3 silabenm;CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2014-03-07 47176]
R3 silabser;CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2014-03-07 63104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\DRIVERS\umpusbvista.sys [2013-03-20 47872]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-30 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-07-21 200984]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-05-02 243128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-08-25 289328]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2013-06-08 57696]
S2 nimDNSResponder;NI mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2013-05-11 260976]
S2 NISystemWebServer;NI System Web Server;c:\program files\National Instruments\Shared\NI WebServer\SystemWebServer.exe [2013-06-08 57680]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2009-07-08 1334784]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-02 16:43]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\h3eggdx3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-MentorGraphicsPCLS - c:\mentorgraphics\LicensingUninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-09-26 10:21:49
ComboFix-quarantined-files.txt 2014-09-26 08:21
.
Před spuštěním: Volných bajtů: 41 031 348 224
Po spuštění: Volných bajtů: 40 663 965 696
.
- - End Of File - - FD5C8F16E12BFBC957D6B3864F50DDB2
A36C5E4F47E84449FF07ED3517B43A31



SystemLook 30.07.11 by jpshortstuff
Log created at 09:28 on 26/09/2014 by Marek
Administrator - Elevation successful

========== filefind ==========

Searching for "conhost.exe.*"
C:\Windows\System32\conhost.exe --a---- 271360 bytes [21:29 20/11/2010] [21:29 20/11/2010] 156F20E7A89573C2FD7CBC305DFC181F
C:\Windows\System32\cs-CZ\conhost.exe.mui --a---- 3584 bytes [01:15 21/11/2010] [01:15 21/11/2010] 23B3576F07AAB2B9F4D9CF7D6BE37D84
C:\Windows\winsxs\x86_microsoft-windows-consolehost.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_d2a7ac54cba9cd61\conhost.exe.mui --a---- 3584 bytes [01:15 21/11/2010] [01:15 21/11/2010] 23B3576F07AAB2B9F4D9CF7D6BE37D84
C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_7663313c605bdebe\conhost.exe --a---- 271360 bytes [21:29 20/11/2010] [21:29 20/11/2010] 156F20E7A89573C2FD7CBC305DFC181F

-= EOF =-

[jaro3]

Odinstaluj:
Spybot - Search & Destroy
Spybot - Search & Destroy 2
Pokud najdeš


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\users\Marek\AppData\Roaming\inst.exe

Folder::
c:\programdata\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy 2

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

+
system look.

[Zeppelin]

Ahoj,
děkuji a tady jsou logy

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:15:48, on 26.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Marek\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: SolidWorks Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\national instruments\shared\mdns responder\nimdnsnsp.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NI Citadel 4 Service (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: NI PSP Service Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: NI Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: NI Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI License Server (NILM License Manager) - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI Service Locator (NiSvcLoc) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\niSvcLoc\nisvcloc.exe
O23 - Service: NI System Web Server (NISystemWebServer) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5763 bytes




ComboFix 14-09-24.01 - Marek 26.09.2014 18:44:04.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3072.2091 [GMT 2:00]
Spuštěný z: c:\users\Marek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marek\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Marek\AppData\Roaming\inst.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Spybot - Search & Destroy 2
c:\program files\Spybot - Search & Destroy 2\SDTray.exe.log
c:\program files\Spybot - Search & Destroy 2\spybotsd2-install-bdcore-update.exe
c:\program files\Spybot - Search & Destroy 2\spybotsd2-translation-hux2.exe
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\ClientCount.bin
c:\programdata\Spybot - Search & Destroy\Immunization.ini
c:\programdata\Spybot - Search & Destroy\Logs\Firewall.log
c:\programdata\Spybot - Search & Destroy\Logs\Immunization-Browsers.log
c:\programdata\Spybot - Search & Destroy\Logs\Scanner.log
c:\programdata\Spybot - Search & Destroy\Logs\Updates.log
c:\users\Marek\AppData\Roaming\inst.exe
c:\users\Marek\AppData\Roaming\vso_ts_preview.xml
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-26 do 2014-09-26 )))))))))))))))))))))))))))))))
.
.
2014-09-26 16:57 . 2014-09-26 17:00 -------- d-----w- c:\users\Marek\AppData\Local\temp
2014-09-26 16:57 . 2014-09-26 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-26 16:57 . 2014-09-26 16:57 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
2014-09-26 13:24 . 2014-09-26 13:24 -------- d-----w- c:\users\Marek\AppData\Local\AskPartnerNetwork
2014-09-26 13:23 . 2014-09-26 13:23 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-09-26 13:23 . 2014-09-26 13:23 -------- d-----w- c:\program files\AskPartnerNetwork
2014-09-26 13:21 . 2014-09-26 13:21 -------- d-----w- c:\programdata\YTD Video Downloader
2014-09-26 13:21 . 2014-09-26 13:21 -------- d-----w- c:\programdata\APN
2014-09-26 13:20 . 2014-09-26 13:20 -------- d-----w- c:\program files\GreenTree Applications
2014-09-26 13:17 . 2014-09-26 13:17 -------- d-----w- c:\program files\YTD
2014-09-26 11:01 . 2014-09-26 11:01 -------- d-----w- c:\program files\Graph
2014-09-24 18:33 . 2014-09-26 13:57 -------- d-----w- c:\users\Marek\AppData\Roaming\Vso
2014-09-24 18:31 . 2014-09-24 18:31 -------- d-----w- c:\program files\OWON
2014-09-23 18:31 . 2014-09-23 18:03 24064 ----a-w- c:\windows\zoek-delete.exe
2014-09-23 18:03 . 2014-09-23 18:25 -------- d-----w- C:\zoek_backup
2014-09-21 18:32 . 2014-09-21 18:32 -------- d-----w- c:\windows\ERUNT
2014-09-21 17:45 . 2014-09-25 17:13 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-21 17:45 . 2014-09-21 17:45 -------- d-----w- c:\programdata\RogueKiller
2014-09-14 17:49 . 2014-09-21 19:02 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 17:48 . 2014-09-14 17:48 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-14 17:48 . 2014-09-14 17:48 -------- d-----w- c:\programdata\Malwarebytes
2014-09-14 17:48 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-14 17:48 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-14 17:48 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-14 17:29 . 2014-09-21 17:42 -------- d-----w- C:\AdwCleaner
2014-09-14 08:33 . 2014-09-14 08:33 -------- d-----w- c:\programdata\IARSystems
2014-09-14 08:33 . 2014-09-14 08:33 -------- d-----w- c:\users\Marek\AppData\Roaming\IAR Embedded Workbench
2014-09-14 08:32 . 2014-09-14 08:32 -------- d-----w- c:\programdata\SafeNet Sentinel
2014-09-14 08:32 . 2014-09-14 08:32 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2014-09-14 08:27 . 2014-09-14 08:27 -------- d-----w- c:\program files\IAR Systems
2014-09-13 18:39 . 2014-09-13 18:39 -------- d-----w- c:\programdata\vsosdk
2014-09-13 17:15 . 2014-09-13 17:17 -------- d-----w- C:\Eclipse
2014-09-13 16:24 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2014-09-13 16:24 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2014-09-13 16:24 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2014-09-13 16:24 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2014-09-13 16:24 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2014-09-13 16:24 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2014-09-13 16:24 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2014-09-10 16:52 . 2014-09-10 16:52 -------- d-----w- c:\program files\Mobi File Reader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-13 16:24 . 2014-06-21 15:08 47360 ----a-w- c:\users\Marek\AppData\Roaming\pcouffin.sys
2014-09-10 16:43 . 2014-05-02 12:08 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 16:43 . 2014-05-02 12:08 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-07 16:48 . 2014-08-07 16:49 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-06 08:49 . 2014-08-06 08:49 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-07-21 19:03 . 2014-07-21 19:03 200984 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-30 10:43 . 2014-06-30 10:43 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-05-29 12:18 . 2013-05-29 12:18 158720 ----a-w- c:\program files\internet explorer\plugins\LV2012ActiveXControl.dll
2013-06-20 18:19 . 2013-06-20 18:19 158720 ----a-w- c:\program files\internet explorer\plugins\LV2013ActiveXControl.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-09-19 1942424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Nástroj pro stahování na pozadí.lnk - c:\program files\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2014-5-2 1826600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NI Error Reporting.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
backup=c:\windows\pss\NI Error Reporting.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Update Service]
2013-05-28 17:43 857888 ----a-w- c:\program files\National Instruments\Shared\Update Service\NIUpdateService.exe
.
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 libusb0;libusb-win32 - Kernel Driver 01/18/2012 1.2.6.0;c:\windows\system32\DRIVERS\libusb0.sys [2013-06-21 42592]
R3 silabenm;CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2014-03-07 47176]
R3 silabser;CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2014-03-07 63104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\DRIVERS\umpusbvista.sys [2013-03-20 47872]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-30 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-07-21 200984]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-05-02 243128]
S2 APNMCP;Ask Update Service;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-09-19 166296]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-08-25 3242000]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-08-25 289328]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2013-06-08 57696]
S2 nimDNSResponder;NI mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2013-05-11 260976]
S2 NISystemWebServer;NI System Web Server;c:\program files\National Instruments\Shared\NI WebServer\SystemWebServer.exe [2013-06-08 57680]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2009-07-08 1334784]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-02 16:43]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\h3eggdx3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2014\avgrsx.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lkads.exe
c:\windows\system32\taskhost.exe
c:\program files\National Instruments\Shared\niSvcLoc\nisvcloc.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lktsrv.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\program files\AVG\AVG2014\avgnsx.exe
c:\program files\AVG\AVG2014\avgemcx.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-09-26 19:04:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-09-26 17:04
ComboFix2.txt 2014-09-26 08:27
.
Před spuštěním: Volných bajtů: 39 293 353 984
Po spuštění: Volných bajtů: 39 249 928 192
.
- - End Of File - - D6041DFAE87707012C102BE7B13F1C9A
A36C5E4F47E84449FF07ED3517B43A31




aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-26 19:12:19
-----------------------------
19:12:19.615 OS Version: Windows 6.1.7601 Service Pack 1
19:12:19.615 Number of processors: 1 586 0x605
19:12:19.625 ComputerName: MAREK-PC UserName: Marek
19:12:25.385 Initialize success
19:12:25.445 VM: initialized successfully
19:12:25.455 VM: Intel CPU virtualization not supported
19:12:33.455 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:12:33.455 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABEA Size: 152626MB BusType: 3
19:12:33.465 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
19:12:33.475 Disk 1 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
19:12:33.475 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-2
19:12:33.485 Disk 2 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
19:12:33.645 Disk 0 MBR read successfully
19:12:33.655 Disk 0 MBR scan
19:12:33.665 Disk 0 Windows 7 default MBR code
19:12:33.675 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:12:33.685 Disk 0 Boot: NTFS code=2
19:12:33.705 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 80000 MB offset 206848
19:12:33.965 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 72524 MB offset 164046848
19:12:33.985 Disk 0 scanning sectors +312576000
19:12:34.255 Disk 0 scanning C:\Windows\system32\drivers
19:12:43.335 Service scanning
19:13:36.045 Modules scanning
19:13:58.465 Disk 0 trace - called modules:
19:13:58.535 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys partmgr.sys volmgr.sys fvevol.sys rdyboost.sys volsnap.sys Ntfs.sys
19:13:58.545 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8612e648]
19:13:58.555 3 CLASSPNP.SYS[8b38a59e] -> nt!IofCallDriver -> [0x85391918]
19:13:58.575 5 ACPI.sys[8aeac3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c7a030]
19:13:58.585 Scan finished successfully
19:14:08.325 Disk 0 MBR has been saved successfully to "C:\Users\Marek\Desktop\MBR.dat"
19:14:08.345 The log file has been saved successfully to "C:\Users\Marek\Desktop\aswMBR.txt"

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\conhost.exe


Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Co problémy?

[Zeppelin]

Ahoj, díky moc. Problémy žádné nepozoruji.

https://www.virustotal.com/cs/file/b3bb ... 411796992/

[jaro3]

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.