Prosím o kontrolu logu - pomalejší PC

[am83]

Ahoj, prosím o kontrolu, PC se v poslední době zejména hrozně pomalu vypíná.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:18:57, on 16.10.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 41.0.2 (x86 cs)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Install\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\HP\HP Deskjet 460 Series\Toolbox\HPWRTBX.exe "-i"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8310757468
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7934 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[am83]

# AdwCleaner v5.013 - Logfile created 17/10/2015 at 10:35:34
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : admin - FREN-B9B786005E
# Running from : C:\Documents and Settings\admin\Plocha\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [604 bytes] ##########

[am83]

RogueKiller V10.11.0.0 [Oct 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : admin [Práva správce]
Started from : C:\Documents and Settings\admin\Plocha\RogueKiller.exe
Mód : Prohledat -- Datum : 10/17/2015 10:54:33

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 6 (Driver: Nahrán) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtEnumerateKey[71] : sppf.sys @ 0x41e73d9bb4800000
[SSDT:Addr(Hook.SSDT)] NtEnumerateValueKey[73] : sppf.sys @ 0x41e73d9c26400000
[SSDT:Addr(Hook.SSDT)] NtOpenKey[119] : sppf.sys @ 0x41e73d6a18000000
[SSDT:Addr(Hook.SSDT)] NtQueryKey[160] : sppf.sys @ 0x41e73d9c41400000
[SSDT:Addr(Hook.SSDT)] NtQueryValueKey[177] : sppf.sys @ 0x41e73d9c11400000
[SSDT:Addr(Hook.SSDT)] NtSetValueKey[247] : sppf.sys @ 0x41e73d9c53800000

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8f8dde2bbf3695f716123b3f8b19f0aa
[BSP] aa56d2c666f514c776da8f4ae353a96c : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 149997 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307194930 | Size: 88475 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[jerabina]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu, klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[am83]

RogueKiller V10.11.0.0 [Oct 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : admin [Práva správce]
Started from : C:\Documents and Settings\admin\Plocha\RogueKiller.exe
Mód : Smazat -- Datum : 10/18/2015 17:15:17

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtEnumerateKey[71] : splr.sys @ 0x41e73d9bb4800000
[SSDT:Addr(Hook.SSDT)] NtEnumerateValueKey[73] : splr.sys @ 0x41e73d9c26400000
[SSDT:Addr(Hook.SSDT)] NtOpenKey[119] : splr.sys @ 0x41e73d6a18000000
[SSDT:Addr(Hook.SSDT)] NtQueryKey[160] : splr.sys @ 0x41e73d9c41400000
[SSDT:Addr(Hook.SSDT)] NtQueryValueKey[177] : splr.sys @ 0x41e73d9c11400000
[SSDT:Addr(Hook.SSDT)] NtSetValueKey[247] : splr.sys @ 0x41e73d9c53800000
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\InCDPass @ \Device\INCDPASS_REAL_DEVICE00000001 (\SystemRoot\system32\drivers\InCDPass.sys)

¤¤¤ Webové prohlížeče : 4 ¤¤¤
[FIREFX:Addon] kkkuw8pe.default : Blur [donottrackplus@abine.com] -> Smazáno
[FIREFX:Addon] kkkuw8pe.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
[FIREFX:Addon] kkkuw8pe.default : Microsoft .NET Framework Assistant [{20a82645-c095-46ed-80e3-08825760534b}] -> Smazáno
[FIREFX:Addon] kkkuw8pe.default : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8f8dde2bbf3695f716123b3f8b19f0aa
[BSP] aa56d2c666f514c776da8f4ae353a96c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 149997 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307194930 | Size: 88475 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[am83]

A tady jsem zatím skončil, ten zoek.exe se nechce spustit, poklikám na něho a nic.

[Orcus]

Zkus v nouzovém režimu.

[am83]

Zoek.exe v5.0.0.1 Updated 17-October-2015
Tool run by Administrator on ne 18.10.2015 at 19:58:26,40.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Documents and Settings\admin\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

Failed to create System Restore Point.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\DVDVideoSoft deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Package Cache deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\DVDVideoSoft not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [31.12.2009 16:34]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.71

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1 folders=2 241 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\admin\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on ne 18.10.2015 at 20:07:41,39 ======================

[am83]

ComboFix 15-10-15.01 - admin 18.10.2015 20:19:58.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2009.1373 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9488E0FA-F058-4673-850E-E755F112BABC}
FW: *Enabled* {9488E0FA-F058-4673-850E-E755F112BABC}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-18 do 2015-10-18 )))))))))))))))))))))))))))))))
.
.
2015-10-18 18:05 . 2015-10-18 17:58 24064 ----a-w- c:\windows\zoek-delete.exe
2015-10-18 17:53 . 2015-10-18 17:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Mozilla
2015-10-18 17:53 . 2015-10-18 18:04 -------- d-----w- C:\zoek_backup
2015-10-17 08:38 . 2015-10-18 17:24 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-17 08:38 . 2015-10-17 08:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2015-10-11 16:41 . 2015-10-18 16:51 -------- d-----w- C:\Call of Duty 1
2015-10-11 15:43 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2015-10-11 15:42 . 2015-10-11 15:42 -------- d-----w- c:\windows\Logs
2015-10-11 14:20 . 2015-10-11 14:20 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\QuickScan
2015-10-10 16:43 . 2015-10-10 16:43 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\QuickScan
2015-10-10 16:41 . 2015-10-10 16:41 173939 ----a-w- c:\documents and settings\All Users\Data aplikací\1444495224.bdinstall.bin
2015-10-10 16:40 . 2009-07-14 21:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2015-10-10 16:40 . 2015-10-10 16:41 -------- d-----w- c:\program files\Bitdefender
2015-10-10 16:40 . 2013-04-17 12:59 633344 ----a-w- c:\windows\system32\drivers\avc3.sys
2015-10-10 16:40 . 2013-04-17 12:59 486536 ----a-w- c:\windows\system32\drivers\avckf.sys
2015-10-10 16:40 . 2012-11-02 12:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2015-10-10 16:40 . 2013-04-22 11:20 164952 ----a-w- c:\windows\system32\drivers\gzflt.sys
2015-10-10 16:40 . 2013-05-28 10:11 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2015-10-02 14:40 . 2015-10-02 14:40 17314496 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-09-28 20:23 . 2015-09-28 20:23 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-17 08:49 . 2012-04-07 15:35 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-17 08:49 . 2011-05-21 09:06 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-05-08 6369048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"HPWRTOOLBOX"="c:\program files\HP\HP Deskjet 460 Series\Toolbox\HPWRTBX.exe" [2007-04-04 356352]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Magdička\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\admin\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-08-07 18:04 53729824 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [10.10.2015 18:40 633344]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.2.2010 13:02 691696]
R1 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [10.10.2015 18:40 164952]
R2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [10.10.2015 18:40 57520]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [10.10.2015 18:40 486536]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [10.10.2015 18:40 242504]
R3 Blackberry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [18.1.2013 18:10 577536]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [17.12.2008 17:42 84240]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.7.2015 13:14 327296]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [29.1.2012 20:47 28672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2008-07-16 22:02 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 08:49]
.
2012-08-26 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4336924407.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
.
2015-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 22:16]
.
2015-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 22:16]
.
2015-08-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-07 23:28]
.
2015-10-18 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-07 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 178.72.241.110 10.152.32.1
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\kkkuw8pe.default\
FF - ExtSQL: !HIDDEN! 2009-12-31 15:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-18 20:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2015-10-18 20:30:09
ComboFix-quarantined-files.txt 2015-10-18 18:30
.
Před spuštěním: Volných bajtů: 103 111 397 376
Po spuštění: Volných bajtů: 103 053 983 744
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6180C9942212C2B9BF631606B5ED1909
413FC2A0C716421B3158746D63736515

[am83]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-10-18 20:35:19
-----------------------------
20:35:19.093 OS Version: Windows 5.1.2600 Service Pack 3
20:35:19.093 Number of processors: 2 586 0xF0D
20:35:19.093 ComputerName: FREN-B9B786005E UserName: admin
20:35:19.859 Initialize success
20:35:20.015 VM: initialized successfully
20:35:20.031 VM: Intel CPU virtualization not supported
20:35:38.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:35:38.031 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 3
20:35:38.156 Disk 0 MBR read successfully
20:35:38.156 Disk 0 MBR scan
20:35:38.156 Disk 0 Windows XP default MBR code
20:35:38.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
20:35:38.156 Disk 0 Boot: NTFS code=1
20:35:38.171 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 88475 MB offset 307194930
20:35:38.171 Disk 0 scanning sectors +488392065
20:35:38.234 Disk 0 scanning C:\WINDOWS\system32\drivers
20:35:44.015 Service scanning
20:35:45.578 Service avchv C:\WINDOWS\system32\DRIVERS\avchv.sys **LOCKED** 5
20:35:45.687 Service bdftdif C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys **LOCKED** 5
20:35:45.750 Service bdselfpr C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys **LOCKED** 5
20:35:53.406 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:35:55.875 Modules scanning
20:35:55.875 \Driver\atapi DriverInit @ 0x8a9e4298 suspicious
20:35:55.875 \Driver\dmio MajorFunction[ IRP_MJ_CREATE ] @ 0x8aa551f8 suspicious
20:35:55.890 \Driver\dmio MajorFunction[ IRP_MJ_CLOSE ] @ 0x8aa551f8 suspicious
20:35:55.890 \Driver\dmio MajorFunction[ IRP_MJ_READ ] @ 0x8aa551f8 suspicious
20:35:55.890 \Driver\dmio MajorFunction[ IRP_MJ_WRITE ] @ 0x8aa551f8 suspicious
20:35:55.890 \Driver\dmio MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8aa551f8 suspicious
20:35:55.906 \Driver\dmio MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8aa551f8 suspicious
20:35:55.906 \Driver\dmio MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8aa551f8 suspicious
20:35:55.906 \Driver\dmio MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8aa551f8 suspicious
20:35:55.921 \Driver\dmio MajorFunction[ IRP_MJ_POWER ] @ 0x8aa551f8 suspicious
20:35:55.921 \Driver\dmio MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8aa551f8 suspicious
20:35:55.921 \Driver\usbuhci MajorFunction[ IRP_MJ_CREATE ] @ 0x8a6ba1f8 suspicious
20:35:55.937 \Driver\usbuhci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8a6ba1f8 suspicious
20:35:55.937 \Driver\usbuhci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8a6ba1f8 suspicious
20:35:55.937 \Driver\usbuhci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8a6ba1f8 suspicious
20:35:55.953 \Driver\usbuhci MajorFunction[ IRP_MJ_POWER ] @ 0x8a6ba1f8 suspicious
20:35:55.953 \Driver\usbuhci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8a6ba1f8 suspicious
20:35:55.953 \Driver\Ftdisk MajorFunction[ IRP_MJ_CREATE ] @ 0x8a9e51f8 suspicious
20:35:55.968 \Driver\Ftdisk MajorFunction[ IRP_MJ_READ ] @ 0x8a9e51f8 suspicious
20:35:55.968 \Driver\Ftdisk MajorFunction[ IRP_MJ_WRITE ] @ 0x8a9e51f8 suspicious
20:35:55.968 \Driver\Ftdisk MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8a9e51f8 suspicious
20:35:55.984 \Driver\Ftdisk MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8a9e51f8 suspicious
20:35:55.984 \Driver\Ftdisk MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8a9e51f8 suspicious
20:35:55.984 \Driver\Ftdisk MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8a9e51f8 suspicious
20:35:56.000 \Driver\Ftdisk MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8a9e51f8 suspicious
20:35:56.000 \Driver\Ftdisk MajorFunction[ IRP_MJ_POWER ] @ 0x8a9e51f8 suspicious
20:35:56.000 \Driver\Ftdisk MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8a9e51f8 suspicious
20:35:56.015 \Driver\NetBT MajorFunction[ IRP_MJ_CREATE ] @ 0x8a7401f8 suspicious
20:35:56.015 \Driver\NetBT MajorFunction[ IRP_MJ_CLOSE ] @ 0x8a7401f8 suspicious
20:35:56.015 \Driver\NetBT MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8a7401f8 suspicious
20:35:56.031 \Driver\NetBT MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8a7401f8 suspicious
20:35:56.031 \Driver\NetBT MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8a7401f8 suspicious
20:35:56.031 \Driver\Cdrom MajorFunction[ IRP_MJ_CREATE ] @ 0x8a5dd1f8 suspicious
20:35:56.046 \Driver\Cdrom MajorFunction[ IRP_MJ_CLOSE ] @ 0x8a5dd1f8 suspicious
20:35:56.046 \Driver\Cdrom MajorFunction[ IRP_MJ_READ ] @ 0x8a5dd1f8 suspicious
20:35:56.062 \Driver\Cdrom MajorFunction[ IRP_MJ_WRITE ] @ 0x8a5dd1f8 suspicious
20:35:56.062 \Driver\Cdrom MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8a5dd1f8 suspicious
20:35:56.062 \Driver\Cdrom MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8a5dd1f8 suspicious
20:35:56.078 \Driver\Cdrom MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8a5dd1f8 suspicious
20:35:56.078 \Driver\Cdrom MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8a5dd1f8 suspicious
20:35:56.078 \Driver\Cdrom MajorFunction[ IRP_MJ_POWER ] @ 0x8a5dd1f8 suspicious
20:35:56.093 \Driver\Cdrom MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8a5dd1f8 suspicious
20:35:56.093 \Driver\usbehci MajorFunction[ IRP_MJ_CREATE ] @ 0x8a7e11f8 suspicious
20:35:56.093 \Driver\usbehci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8a7e11f8 suspicious
20:35:56.109 \Driver\usbehci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8a7e11f8 suspicious
20:35:56.109 \Driver\usbehci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8a7e11f8 suspicious
20:35:56.109 \Driver\usbehci MajorFunction[ IRP_MJ_POWER ] @ 0x8a7e11f8 suspicious
20:35:56.125 \Driver\usbehci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8a7e11f8 suspicious
20:35:56.125 \Driver\JMCR MajorFunction[ IRP_MJ_CREATE ] @ 0x8a7c91f8 suspicious
20:35:56.125 \Driver\JMCR MajorFunction[ IRP_MJ_CLOSE ] @ 0x8a7c91f8 suspicious
20:35:56.140 \Driver\JMCR MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8a7c91f8 suspicious
20:35:56.140 \Driver\JMCR MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8a7c91f8 suspicious
20:35:56.140 \Driver\JMCR MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8a7c91f8 suspicious
20:35:56.156 Disk 0 trace - called modules:
20:35:56.171 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys spaz.sys hal.dll >>UNKNOWN [0x8aa05938]<<
20:35:56.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8daab8]
20:35:56.171 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa591c0]
20:35:56.187 Disk 0 statistics 41834/0/0 @ 3,52 MB/s
20:35:56.187 Scan finished successfully
20:36:09.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\admin\Plocha\MBR.dat"
20:36:09.343 The log file has been saved successfully to "C:\Documents and Settings\admin\Plocha\aswMBR.txt"

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Skype\Updater
c:\program files\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.