Černá obrazovka při startu PC, zamrzávání pc Vyřešeno

[Pida SuXxX]

Zdravim Jaro3, měl jsem založené téma kde jsem řešil problém s černou obrazovkou a celkově spomaleným pc( tady: viewtopic.php?f=46&t=75950) byl jsem odkázán na Bezpečnostní moderátory a přímo na tebe. Černá obrazovka nabíhá těsně před tím než naběhne plocha a potom co se objeví Vítejte. Cca 15 vteřin je dlouhá. Dále se stává, že si otevírám složku a pc se na chvilku sekne a napíše neodpovídá. Takže bych tímto chtěl poprosit o radu. Přikládám log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:07, on 10.11.2011
Platform: Unknown Windows (WinNT 6.01.3504 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Games\Origin\Origin.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Petinek\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/gate/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: GBHO.BHO - {c20391ee-b6fd-4a35-9f1b-2892dda5b107} - mscoree.dll (file missing)
O3 - Toolbar: Smart Recovery 2 - {a011d643-4a67-4934-a775-46139847d7f2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
O4 - HKLM\..\RunOnce: [GBTUpd] C:\Program Files\GIGABYTE\UpdManager\PreRun.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [EADM] "C:\Games\Origin\Origin.exe" -AutoStart
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.24.0.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.26.0.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

--
End of file - 5552 bytes

[Reklama]

[Žbeky]

Jaro je momentálně technicky idnisponován

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/gate/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: GBHO.BHO - {c20391ee-b6fd-4a35-9f1b-2892dda5b107} - mscoree.dll (file missing)
O3 - Toolbar: Smart Recovery 2 - {a011d643-4a67-4934-a775-46139847d7f2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
O4 - HKLM\..\RunOnce: [GBTUpd] C:\Program Files\GIGABYTE\UpdManager\PreRun.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [EADM] "C:\Games\Origin\Origin.exe" -AutoStart
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.24.0.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.26.0.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Pida SuXxX]

Ok, já sem rád za Vaši pomoc. Jinak Fixnuto, odkaz nefungoval tak jsem stáhl přez Slunečnici, ale povedlo se mi smazat vše v MAIN a až poté sem smazal vše v Opeře, snad to nevadí. Malware log níže:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8127

Windows 6.1.7600 Service Pack 1
Internet Explorer 9.0.8112.16421

10.11.2011 22:36:40
mbam-log-2011-11-10 (22-36-40).txt

Typ: Rychlá kontrola
Kontrolované objekty: 157809
Uplynulý čas: 1 minut, 48 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Žbeky]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[Pida SuXxX]

ComboFix 11-11-11.04 - Petinek 11.11.2011 17:28:09.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.1.1250.420.1029.18.4013.2984 [GMT 1:00]
Spuštěný z: c:\users\Petinek\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-11 do 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 16:31 . 2011-11-11 16:31 -------- d-----w- c:\users\Petinek\AppData\Local\temp
2011-11-11 16:31 . 2011-11-11 16:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-11 15:30 . 2011-11-11 15:30 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F06ACB89-866C-48C0-91E9-3A54D61233B8}\offreg.dll
2011-11-11 15:30 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F06ACB89-866C-48C0-91E9-3A54D61233B8}\mpengine.dll
2011-11-11 05:46 . 2011-11-11 05:46 -------- d-----w- c:\users\Petinek\AppData\Local\ATI
2011-11-09 20:54 . 2011-11-09 20:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 20:54 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 16:28 . 2011-11-09 16:28 -------- d-----w- c:\programdata\ATI
2011-11-09 16:28 . 2011-11-09 16:28 -------- d-----w- c:\program files\AMD APP
2011-11-09 16:27 . 2011-11-09 16:27 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-11-09 16:27 . 2011-11-09 16:27 -------- d-----w- c:\program files\ATI
2011-11-09 16:09 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:09 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:09 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 21:37 . 2011-11-08 21:37 -------- d-----w- c:\program files\GreenVantage LLC
2011-10-31 21:29 . 2011-10-31 21:33 -------- d-----w- c:\users\Petinek\AppData\Local\ESN Sonar
2011-10-31 21:20 . 2011-10-31 21:21 -------- d-----w- c:\program files\CCleaner
2011-10-31 16:43 . 2011-11-10 18:14 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-10-31 16:43 . 2011-10-31 16:43 -------- d-----w- c:\users\Petinek\AppData\Local\PunkBuster
2011-10-31 16:40 . 2011-11-05 08:31 -------- d-----w- c:\program files\Battlelog Web Plugins
2011-10-31 16:39 . 2011-10-31 16:39 -------- d-----w- c:\programdata\EA Core
2011-10-31 16:33 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-10-31 15:41 . 2011-10-31 15:54 -------- d-----w- c:\users\Petinek\AppData\Roaming\Origin
2011-10-31 15:41 . 2011-10-31 21:33 -------- d-----w- c:\users\Petinek\AppData\Local\Origin
2011-10-31 15:41 . 2011-10-31 16:39 -------- d-----w- c:\programdata\Electronic Arts
2011-10-31 15:41 . 2011-10-31 15:59 -------- d-----w- c:\program files\Origin Games
2011-10-28 13:10 . 2011-10-28 13:10 -------- d-----w- c:\users\Petinek\AppData\Local\PAYDAY
2011-10-28 13:10 . 2011-10-28 13:10 -------- d-----w- c:\programdata\RELOADED
2011-10-27 22:46 . 2011-11-10 18:09 -------- d-----w- c:\program files\ATI Technologies
2011-10-25 12:30 . 2011-10-25 12:30 -------- d--h--w- c:\program files\Common Files\EAInstaller
2011-10-24 15:57 . 2011-10-24 15:57 -------- d-sh--w- c:\programdata\DSS
2011-10-24 12:00 . 2010-09-16 10:13 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2011-10-24 09:39 . 2011-10-31 16:38 -------- d-----w- c:\programdata\Origin
2011-10-24 07:27 . 2011-11-11 15:25 17488 ----a-w- c:\windows\gdrv.sys
2011-10-23 22:18 . 1998-10-02 17:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-10-22 22:44 . 2011-10-30 22:13 17488 ----a-w- c:\windows\etdrv.sys
2011-10-22 16:14 . 2011-10-27 22:47 -------- d-----w- C:\AMD
2011-10-22 15:08 . 2011-10-22 15:13 -------- d-sha-r- c:\programdata\Key-Base
2011-10-22 14:49 . 2011-10-22 14:49 -------- d-----w- c:\programdata\Intel
2011-10-22 14:28 . 2011-10-22 14:28 -------- d-----w- c:\programdata\InstallShield
2011-10-22 14:28 . 2011-10-30 22:12 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-10-22 14:27 . 2011-10-24 13:28 -------- d-----w- c:\program files\Lucidlogix Technologies
2011-10-22 14:22 . 2011-10-22 14:34 -------- d-----w- c:\programdata\Trend Micro
2011-10-22 14:20 . 2011-10-22 14:20 -------- d-----w- c:\programdata\Symantec
2011-10-22 14:20 . 2011-10-27 22:49 -------- d-----w- c:\programdata\Norton
2011-10-22 14:16 . 2005-02-17 05:15 278528 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2011-10-22 14:16 . 2005-02-17 05:15 221184 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2011-10-22 14:16 . 2005-02-17 05:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2011-10-22 14:16 . 2005-02-17 05:15 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2011-10-22 14:16 . 2005-02-17 05:15 581632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-10-22 14:16 . 2005-02-17 05:15 385024 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_ispmres.dll
2011-10-22 14:16 . 2005-02-17 05:15 368640 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2011-10-22 14:13 . 2011-10-27 22:06 -------- d-----w- c:\program files\GIGABYTE
2011-10-22 14:13 . 2011-01-10 16:16 18544 ----a-w- c:\windows\system32\drivers\AppleCharger.sys
2011-10-22 14:13 . 2010-04-06 14:30 31272 ----a-w- c:\windows\system32\AppleChargerSrv.exe
2011-10-22 14:13 . 2010-10-05 18:50 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2011-10-22 14:13 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-10-22 14:13 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-10-22 14:13 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-10-22 14:13 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-10-22 14:13 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-10-22 14:13 . 2011-10-22 14:13 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-10-22 14:13 . 2011-10-22 14:13 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-10-22 14:13 . 2010-09-21 07:59 41088 ----a-w- c:\windows\system32\drivers\HECI.sys
2011-10-22 14:12 . 2011-10-22 14:12 -------- d-----w- c:\users\Petinek\AppData\Roaming\InstallShield
2011-10-22 14:10 . 2010-10-14 17:27 269824 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2011-10-22 14:09 . 2011-10-22 14:13 -------- d-----w- c:\program files\Intel
2011-10-22 14:09 . 2010-12-23 03:09 53248 ----a-r- c:\windows\system32\CSVer.dll
2011-10-22 14:09 . 2011-10-22 14:10 -------- d-----w- C:\Intel
2011-10-22 14:09 . 2011-10-22 14:09 -------- d--h--w- c:\programdata\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2011-10-22 14:09 . 2011-10-24 13:26 -------- d-----w- c:\users\Petinek\AppData\Roaming\Splashtop
2011-10-22 14:08 . 2011-10-24 13:27 -------- d-----w- c:\program files\Splashtop
2011-10-17 19:42 . 2011-10-17 19:42 -------- d-----w- c:\windows\system32\SPReview
2011-10-17 19:42 . 2011-10-17 19:42 -------- d-----w- c:\windows\system32\EventProviders
2011-10-17 02:03 . 2011-10-12 20:10 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-17 01:36 . 2011-10-12 19:44 4289024 ----a-w- c:\windows\system32\atiumdag.dll
2011-10-17 01:34 . 2011-10-12 19:33 4174848 ----a-w- c:\windows\system32\atiumdva.dll
2011-10-17 01:24 . 2011-10-12 19:31 335872 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-16 21:19 . 2011-10-16 21:19 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-16 21:18 . 2011-10-16 21:18 13753856 ----a-w- c:\windows\system32\amdocl.dll
2011-10-16 21:17 . 2011-10-16 21:17 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-16 17:55 . 2011-10-16 17:55 18139008 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-16 07:24 . 2010-11-20 12:21 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-10-16 07:23 . 2010-11-20 12:20 9166336 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2011-10-15 21:43 . 2011-10-15 21:43 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-15 07:21 . 2011-10-15 07:21 -------- d-----w- c:\programdata\KONAMI
2011-10-15 07:18 . 2011-10-15 20:48 -------- d-----w- c:\windows\AutoKMS
2011-10-15 07:11 . 2011-10-15 07:11 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-10-15 07:10 . 2011-10-15 07:10 -------- d-----w- c:\windows\PCHEALTH
2011-10-15 07:10 . 2011-10-15 07:10 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-10-15 07:10 . 2011-10-15 07:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-10-15 07:09 . 2011-10-15 07:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-10-15 07:08 . 2011-10-15 07:08 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-10-15 07:08 . 2011-10-15 07:08 -------- d-----w- c:\users\Petinek\AppData\Local\Microsoft Help
2011-10-15 07:08 . 2011-11-09 21:31 -------- d-----w- c:\programdata\Microsoft Help
2011-10-15 07:08 . 2011-10-15 07:08 -------- d-----r- C:\MSOCache
2011-10-14 21:35 . 2011-10-14 21:35 -------- d-----w- c:\users\Petinek\AppData\Roaming\Malwarebytes
2011-10-14 21:35 . 2011-10-14 21:35 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 18:44 . 2011-10-13 18:44 -------- d-----w- c:\programdata\IObit
2011-10-13 17:36 . 2011-10-13 17:36 -------- d--h--r- c:\users\Petinek\AppData\Roaming\SecuROM
2011-10-12 20:55 . 2011-10-12 20:55 8598528 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-12 20:10 . 2011-10-12 20:10 397312 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-12 20:09 . 2011-10-12 20:09 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-12 20:08 . 2011-10-12 20:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-10-12 20:08 . 2011-10-12 20:08 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-12 20:07 . 2011-10-12 20:07 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 257024 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\system32\amdpcom32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 18:14 . 2011-09-30 20:32 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-10 18:14 . 2011-09-30 20:31 280904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-10 18:13 . 2011-09-30 20:31 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-10-31 19:30 . 2011-09-25 20:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-31 16:37 . 2011-09-30 20:32 138056 ----a-w- c:\users\Petinek\AppData\Roaming\PnkBstrK.sys
2011-10-31 16:37 . 2011-09-30 20:31 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-17 20:11 . 2011-10-17 20:11 203776 ----a-w- c:\windows\system32\webcheck.dll
2011-10-17 19:47 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-12 20:14 . 2011-07-28 21:40 736768 ----a-w- c:\windows\system32\aticfx32.dll
2011-10-12 20:04 . 2011-07-28 21:30 4231680 ----a-w- c:\windows\system32\atidxx32.dll
2011-10-12 19:39 . 2011-07-28 21:01 52736 ----a-w- c:\windows\system32\coinst.dll
2011-10-12 19:29 . 2011-07-28 20:53 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-10-12 19:29 . 2011-07-28 20:53 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-10-07 20:53 . 2011-10-07 20:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-09-25 20:20 . 2011-09-25 20:20 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-14 13:53 . 2011-09-30 20:31 3142728 ----a-w- c:\windows\system32\pbsvc_hos.exe
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\system32\amdoclcl.dll
2011-08-31 17:12 . 2011-09-25 20:19 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-30 14:41 . 2011-09-25 20:19 1501696 ----a-w- c:\windows\system32\RCoRes.dat
2011-08-27 04:26 . 2011-10-12 14:37 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 14:37 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-23 15:00 . 2011-09-25 20:19 357712 ----a-w- c:\windows\system32\KAAPORT.dll
2011-08-17 04:24 . 2011-10-12 14:37 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19 . 2011-10-12 14:37 75776 ----a-w- c:\windows\system32\psisrndr.ax
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a011d643-4a67-4934-a775-46139847d7f2}"= "mscoree.dll" [2010-11-05 297808]
.
[HKEY_CLASSES_ROOT\clsid\{a011d643-4a67-4934-a775-46139847d7f2}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 176408]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-16 343168]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 1750528]
"GBTUpd"="c:\program files\GIGABYTE\UpdManager\PreRun.exe" [2008-04-03 297480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-10-30 17488]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-26 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-25 232512]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 176128]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-12 8598528]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-12 257024]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-09-21 41088]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-13 328808]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-11 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-10-15 07:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Stáhnout pomocí &BitSpiritu - c:\program files\BitSpirit\bsurl.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1312630691-1940748298-62099282-1001\Software\SecuROM\License information*]
"datasecu"=hex:f8,50,cc,1a,35,7e,9d,76,38,b5,f3,fb,7c,a3,9a,eb,ec,d9,00,79,b5,
70,ae,6b,f6,b4,61,e6,9d,2d,eb,b1,c4,b8,84,b2,e6,6a,8c,47,d9,b3,a7,0c,1f,80,\
"rkeysecu"=hex:ee,43,a2,5b,e0,b1,cf,b3,80,1e,e3,a5,5c,af,01,1c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-11-11 17:32:10
ComboFix-quarantined-files.txt 2011-11-11 16:32
.
Před spuštěním: Volných bajtů: 763 170 705 408
Po spuštění: Volných bajtů: 763 054 018 560
.
- - End Of File - - E197557AB1F367E8780DE9BA0CEDC0CC

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\programdata\Symantec
c:\programdata\Norton

File::
c:\windows\Tasks\AutoKMS.job

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\AutoKMS\AutoKMS.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[Pida SuXxX]

ComboFix 11-11-11.04 - Petinek 11.11.2011 21:24:53.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.1.1250.420.1029.18.4013.2679 [GMT 1:00]
Spuštěný z: c:\users\Petinek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petinek\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\AutoKMS.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Norton
c:\programdata\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\programdata\Norton\00000082\00000114\000004e8\cltLMS1.dat
c:\programdata\Norton\00000082\00000114\000004e8\cltLMS2.dat
c:\programdata\Symantec
c:\windows\Tasks\AutoKMS.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-11 do 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 20:27 . 2011-11-11 20:27 -------- d-----w- c:\users\Petinek\AppData\Local\temp
2011-11-11 15:30 . 2011-11-11 15:30 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F06ACB89-866C-48C0-91E9-3A54D61233B8}\offreg.dll
2011-11-11 15:30 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F06ACB89-866C-48C0-91E9-3A54D61233B8}\mpengine.dll
2011-11-11 05:46 . 2011-11-11 05:46 -------- d-----w- c:\users\Petinek\AppData\Local\ATI
2011-11-09 20:54 . 2011-11-09 20:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 20:54 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 16:28 . 2011-11-09 16:28 -------- d-----w- c:\programdata\ATI
2011-11-09 16:28 . 2011-11-09 16:28 -------- d-----w- c:\program files\AMD APP
2011-11-09 16:27 . 2011-11-09 16:27 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-11-09 16:27 . 2011-11-09 16:27 -------- d-----w- c:\program files\ATI
2011-11-09 16:09 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:09 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:09 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 21:37 . 2011-11-08 21:37 -------- d-----w- c:\program files\GreenVantage LLC
2011-10-31 21:29 . 2011-10-31 21:33 -------- d-----w- c:\users\Petinek\AppData\Local\ESN Sonar
2011-10-31 21:20 . 2011-10-31 21:21 -------- d-----w- c:\program files\CCleaner
2011-10-31 16:43 . 2011-11-11 18:10 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-10-31 16:43 . 2011-10-31 16:43 -------- d-----w- c:\users\Petinek\AppData\Local\PunkBuster
2011-10-31 16:40 . 2011-11-05 08:31 -------- d-----w- c:\program files\Battlelog Web Plugins
2011-10-31 16:39 . 2011-10-31 16:39 -------- d-----w- c:\programdata\EA Core
2011-10-31 16:33 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-10-31 15:41 . 2011-10-31 15:54 -------- d-----w- c:\users\Petinek\AppData\Roaming\Origin
2011-10-31 15:41 . 2011-10-31 21:33 -------- d-----w- c:\users\Petinek\AppData\Local\Origin
2011-10-31 15:41 . 2011-10-31 16:39 -------- d-----w- c:\programdata\Electronic Arts
2011-10-31 15:41 . 2011-10-31 15:59 -------- d-----w- c:\program files\Origin Games
2011-10-28 13:10 . 2011-10-28 13:10 -------- d-----w- c:\users\Petinek\AppData\Local\PAYDAY
2011-10-28 13:10 . 2011-10-28 13:10 -------- d-----w- c:\programdata\RELOADED
2011-10-27 22:46 . 2011-11-10 18:09 -------- d-----w- c:\program files\ATI Technologies
2011-10-25 12:30 . 2011-10-25 12:30 -------- d--h--w- c:\program files\Common Files\EAInstaller
2011-10-24 15:57 . 2011-10-24 15:57 -------- d-sh--w- c:\programdata\DSS
2011-10-24 12:00 . 2010-09-16 10:13 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2011-10-24 09:39 . 2011-10-31 16:38 -------- d-----w- c:\programdata\Origin
2011-10-24 07:27 . 2011-11-11 20:28 17488 ----a-w- c:\windows\gdrv.sys
2011-10-23 22:18 . 1998-10-02 17:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-10-22 22:44 . 2011-10-30 22:13 17488 ----a-w- c:\windows\etdrv.sys
2011-10-22 16:14 . 2011-10-27 22:47 -------- d-----w- C:\AMD
2011-10-22 15:08 . 2011-10-22 15:13 -------- d-sha-r- c:\programdata\Key-Base
2011-10-22 14:49 . 2011-10-22 14:49 -------- d-----w- c:\programdata\Intel
2011-10-22 14:28 . 2011-10-22 14:28 -------- d-----w- c:\programdata\InstallShield
2011-10-22 14:28 . 2011-10-30 22:12 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-10-22 14:27 . 2011-10-24 13:28 -------- d-----w- c:\program files\Lucidlogix Technologies
2011-10-22 14:22 . 2011-10-22 14:34 -------- d-----w- c:\programdata\Trend Micro
2011-10-22 14:19 . 2011-10-22 14:19 -------- d-----w- c:\programdata\NortonInstaller
2011-10-22 14:16 . 2005-02-17 05:15 278528 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2011-10-22 14:16 . 2005-02-17 05:15 221184 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2011-10-22 14:16 . 2005-02-17 05:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2011-10-22 14:16 . 2005-02-17 05:15 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2011-10-22 14:16 . 2005-02-17 05:15 581632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-10-22 14:16 . 2005-02-17 05:15 385024 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_ispmres.dll
2011-10-22 14:16 . 2005-02-17 05:15 368640 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2011-10-22 14:13 . 2011-10-27 22:06 -------- d-----w- c:\program files\GIGABYTE
2011-10-22 14:13 . 2011-01-10 16:16 18544 ----a-w- c:\windows\system32\drivers\AppleCharger.sys
2011-10-22 14:13 . 2010-04-06 14:30 31272 ----a-w- c:\windows\system32\AppleChargerSrv.exe
2011-10-22 14:13 . 2010-10-05 18:50 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2011-10-22 14:13 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-10-22 14:13 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-10-22 14:13 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-10-22 14:13 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-10-22 14:13 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-10-22 14:13 . 2011-10-22 14:13 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-10-22 14:13 . 2011-10-22 14:13 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-10-22 14:13 . 2010-09-21 07:59 41088 ----a-w- c:\windows\system32\drivers\HECI.sys
2011-10-22 14:12 . 2011-10-22 14:12 -------- d-----w- c:\users\Petinek\AppData\Roaming\InstallShield
2011-10-22 14:10 . 2010-10-14 17:27 269824 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2011-10-22 14:09 . 2011-10-22 14:13 -------- d-----w- c:\program files\Intel
2011-10-22 14:09 . 2010-12-23 03:09 53248 ----a-r- c:\windows\system32\CSVer.dll
2011-10-22 14:09 . 2011-10-22 14:10 -------- d-----w- C:\Intel
2011-10-22 14:09 . 2011-10-22 14:09 -------- d--h--w- c:\programdata\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2011-10-22 14:09 . 2011-10-24 13:26 -------- d-----w- c:\users\Petinek\AppData\Roaming\Splashtop
2011-10-22 14:08 . 2011-10-24 13:27 -------- d-----w- c:\program files\Splashtop
2011-10-17 19:42 . 2011-10-17 19:42 -------- d-----w- c:\windows\system32\SPReview
2011-10-17 19:42 . 2011-10-17 19:42 -------- d-----w- c:\windows\system32\EventProviders
2011-10-17 02:03 . 2011-10-12 20:10 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-17 01:36 . 2011-10-12 19:44 4289024 ----a-w- c:\windows\system32\atiumdag.dll
2011-10-17 01:34 . 2011-10-12 19:33 4174848 ----a-w- c:\windows\system32\atiumdva.dll
2011-10-17 01:24 . 2011-10-12 19:31 335872 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-16 21:19 . 2011-10-16 21:19 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-16 21:18 . 2011-10-16 21:18 13753856 ----a-w- c:\windows\system32\amdocl.dll
2011-10-16 21:17 . 2011-10-16 21:17 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-16 17:55 . 2011-10-16 17:55 18139008 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-16 07:24 . 2010-11-20 12:21 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-10-16 07:23 . 2010-11-20 12:20 9166336 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2011-10-15 21:43 . 2011-10-15 21:43 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-15 07:21 . 2011-10-15 07:21 -------- d-----w- c:\programdata\KONAMI
2011-10-15 07:18 . 2011-10-15 20:48 -------- d-----w- c:\windows\AutoKMS
2011-10-15 07:11 . 2011-10-15 07:11 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-10-15 07:10 . 2011-10-15 07:10 -------- d-----w- c:\windows\PCHEALTH
2011-10-15 07:10 . 2011-10-15 07:10 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-10-15 07:10 . 2011-10-15 07:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-10-15 07:09 . 2011-10-15 07:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-10-15 07:08 . 2011-10-15 07:08 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-10-15 07:08 . 2011-10-15 07:08 -------- d-----w- c:\users\Petinek\AppData\Local\Microsoft Help
2011-10-15 07:08 . 2011-11-09 21:31 -------- d-----w- c:\programdata\Microsoft Help
2011-10-15 07:08 . 2011-10-15 07:08 -------- d-----r- C:\MSOCache
2011-10-14 21:35 . 2011-10-14 21:35 -------- d-----w- c:\users\Petinek\AppData\Roaming\Malwarebytes
2011-10-14 21:35 . 2011-10-14 21:35 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 18:44 . 2011-10-13 18:44 -------- d-----w- c:\programdata\IObit
2011-10-13 17:36 . 2011-10-13 17:36 -------- d--h--r- c:\users\Petinek\AppData\Roaming\SecuROM
2011-10-12 20:55 . 2011-10-12 20:55 8598528 ----a-w- c:\windows\system32\drivers\atikmdag.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 18:10 . 2011-09-30 20:32 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-11 18:10 . 2011-09-30 20:31 280904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-11 18:09 . 2011-09-30 20:31 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-10-31 19:30 . 2011-09-25 20:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-31 16:37 . 2011-09-30 20:32 138056 ----a-w- c:\users\Petinek\AppData\Roaming\PnkBstrK.sys
2011-10-31 16:37 . 2011-09-30 20:31 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-17 20:11 . 2011-10-17 20:11 203776 ----a-w- c:\windows\system32\webcheck.dll
2011-10-17 19:47 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-12 20:14 . 2011-07-28 21:40 736768 ----a-w- c:\windows\system32\aticfx32.dll
2011-10-12 20:10 . 2011-10-12 20:10 397312 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-12 20:09 . 2011-10-12 20:09 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-12 20:08 . 2011-10-12 20:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-10-12 20:08 . 2011-10-12 20:08 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-12 20:07 . 2011-10-12 20:07 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-12 20:04 . 2011-07-28 21:30 4231680 ----a-w- c:\windows\system32\atidxx32.dll
2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-12 19:39 . 2011-07-28 21:01 52736 ----a-w- c:\windows\system32\coinst.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 257024 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-12 19:29 . 2011-07-28 20:53 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-10-12 19:29 . 2011-07-28 20:53 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-10-07 20:53 . 2011-10-07 20:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-09-25 20:20 . 2011-09-25 20:20 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-14 13:53 . 2011-09-30 20:31 3142728 ----a-w- c:\windows\system32\pbsvc_hos.exe
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\system32\amdoclcl.dll
2011-08-31 17:12 . 2011-09-25 20:19 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-30 14:41 . 2011-09-25 20:19 1501696 ----a-w- c:\windows\system32\RCoRes.dat
2011-08-27 04:26 . 2011-10-12 14:37 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 14:37 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-23 15:00 . 2011-09-25 20:19 357712 ----a-w- c:\windows\system32\KAAPORT.dll
2011-08-17 04:24 . 2011-10-12 14:37 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19 . 2011-10-12 14:37 75776 ----a-w- c:\windows\system32\psisrndr.ax
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a011d643-4a67-4934-a775-46139847d7f2}"= "mscoree.dll" [2010-11-05 297808]
.
[HKEY_CLASSES_ROOT\clsid\{a011d643-4a67-4934-a775-46139847d7f2}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 176408]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-16 343168]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 1750528]
"GBTUpd"="c:\program files\GIGABYTE\UpdManager\PreRun.exe" [2008-04-03 297480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-10-30 17488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-26 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-25 232512]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 176128]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-12 8598528]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-12 257024]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-09-21 41088]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-13 328808]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-11 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-10-15 07:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Stáhnout pomocí &BitSpiritu - c:\program files\BitSpirit\bsurl.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1312630691-1940748298-62099282-1001\Software\SecuROM\License information*]
"datasecu"=hex:f8,50,cc,1a,35,7e,9d,76,38,b5,f3,fb,7c,a3,9a,eb,ec,d9,00,79,b5,
70,ae,6b,f6,b4,61,e6,9d,2d,eb,b1,c4,b8,84,b2,e6,6a,8c,47,d9,b3,a7,0c,1f,80,\
"rkeysecu"=hex:ee,43,a2,5b,e0,b1,cf,b3,80,1e,e3,a5,5c,af,01,1c
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
c:\windows\system32\vssvc.exe
c:\program files\GIGABYTE\Smart6\Timelock\AlarmClock.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-11-11 21:30:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-11 20:30
ComboFix2.txt 2011-11-11 16:32
.
Před spuštěním: Volných bajtů: 763 090 104 320
Po spuštění: Volných bajtů: 762 975 645 696
.
- - End Of File - - 62E707FD44271B114C97BC9A425764FB


Virustotal: http://www.virustotal.com/file-scan/report.html?id=cf7ea402d800e3fc6a0cda2136afd044aa2f8a97182b7e527d3e1970303c0067-1321043222

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\windows\AutoKMS

File::
c:\windows\Tasks\AutoKMS.job


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Pida SuXxX]

ComboFix 11-11-11.04 - Petinek 11.11.2011 23:37:55.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.1.1250.420.1029.18.4013.2924 [GMT 1:00]
Spuštěný z: c:\users\Petinek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petinek\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\AutoKMS.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\AutoKMS
c:\windows\AutoKMS\AutoKMS.exe
c:\windows\AutoKMS\AutoKMS.ini
c:\windows\AutoKMS\AutoKMS.log
c:\windows\Tasks\AutoKMS.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-11 do 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 22:40 . 2011-11-11 22:40 -------- d-----w- c:\users\Petinek\AppData\Local\temp
2011-11-11 22:40 . 2011-11-11 22:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-11 18:09 . 2011-11-11 18:09 -------- d-----w- c:\users\Petinek\AppData\Local\CrashDumps
2011-11-11 15:30 . 2011-11-11 20:30 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F06ACB89-866C-48C0-91E9-3A54D61233B8}\offreg.dll
2011-11-11 15:30 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F06ACB89-866C-48C0-91E9-3A54D61233B8}\mpengine.dll
2011-11-11 05:46 . 2011-11-11 05:46 -------- d-----w- c:\users\Petinek\AppData\Local\ATI
2011-11-09 20:54 . 2011-11-09 20:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 20:54 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 16:28 . 2011-11-09 16:28 -------- d-----w- c:\programdata\ATI
2011-11-09 16:28 . 2011-11-09 16:28 -------- d-----w- c:\program files\AMD APP
2011-11-09 16:27 . 2011-11-09 16:27 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-11-09 16:27 . 2011-11-09 16:27 -------- d-----w- c:\program files\ATI
2011-11-09 16:09 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:09 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:09 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 21:37 . 2011-11-08 21:37 -------- d-----w- c:\program files\GreenVantage LLC
2011-10-31 21:29 . 2011-10-31 21:33 -------- d-----w- c:\users\Petinek\AppData\Local\ESN Sonar
2011-10-31 21:20 . 2011-10-31 21:21 -------- d-----w- c:\program files\CCleaner
2011-10-31 16:43 . 2011-11-11 18:10 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-10-31 16:43 . 2011-10-31 16:43 -------- d-----w- c:\users\Petinek\AppData\Local\PunkBuster
2011-10-31 16:40 . 2011-11-05 08:31 -------- d-----w- c:\program files\Battlelog Web Plugins
2011-10-31 16:39 . 2011-10-31 16:39 -------- d-----w- c:\programdata\EA Core
2011-10-31 16:33 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-10-31 15:41 . 2011-10-31 15:54 -------- d-----w- c:\users\Petinek\AppData\Roaming\Origin
2011-10-31 15:41 . 2011-10-31 21:33 -------- d-----w- c:\users\Petinek\AppData\Local\Origin
2011-10-31 15:41 . 2011-10-31 16:39 -------- d-----w- c:\programdata\Electronic Arts
2011-10-31 15:41 . 2011-10-31 15:59 -------- d-----w- c:\program files\Origin Games
2011-10-28 13:10 . 2011-10-28 13:10 -------- d-----w- c:\users\Petinek\AppData\Local\PAYDAY
2011-10-28 13:10 . 2011-10-28 13:10 -------- d-----w- c:\programdata\RELOADED
2011-10-27 22:46 . 2011-11-10 18:09 -------- d-----w- c:\program files\ATI Technologies
2011-10-25 12:30 . 2011-10-25 12:30 -------- d--h--w- c:\program files\Common Files\EAInstaller
2011-10-24 15:57 . 2011-10-24 15:57 -------- d-sh--w- c:\programdata\DSS
2011-10-24 12:00 . 2010-09-16 10:13 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2011-10-24 09:39 . 2011-10-31 16:38 -------- d-----w- c:\programdata\Origin
2011-10-24 07:27 . 2011-11-11 20:29 17488 ----a-w- c:\windows\gdrv.sys
2011-10-23 22:18 . 1998-10-02 17:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-10-22 22:44 . 2011-10-30 22:13 17488 ----a-w- c:\windows\etdrv.sys
2011-10-22 16:14 . 2011-10-27 22:47 -------- d-----w- C:\AMD
2011-10-22 15:08 . 2011-10-22 15:13 -------- d-sha-r- c:\programdata\Key-Base
2011-10-22 14:49 . 2011-10-22 14:49 -------- d-----w- c:\programdata\Intel
2011-10-22 14:28 . 2011-10-22 14:28 -------- d-----w- c:\programdata\InstallShield
2011-10-22 14:28 . 2011-10-30 22:12 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-10-22 14:27 . 2011-10-24 13:28 -------- d-----w- c:\program files\Lucidlogix Technologies
2011-10-22 14:22 . 2011-10-22 14:34 -------- d-----w- c:\programdata\Trend Micro
2011-10-22 14:19 . 2011-10-22 14:19 -------- d-----w- c:\programdata\NortonInstaller
2011-10-22 14:16 . 2005-02-17 05:15 278528 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2011-10-22 14:16 . 2005-02-17 05:15 221184 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2011-10-22 14:16 . 2005-02-17 05:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2011-10-22 14:16 . 2005-02-17 05:15 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2011-10-22 14:16 . 2005-02-17 05:15 581632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-10-22 14:16 . 2005-02-17 05:15 385024 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_ispmres.dll
2011-10-22 14:16 . 2005-02-17 05:15 368640 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2011-10-22 14:13 . 2011-10-27 22:06 -------- d-----w- c:\program files\GIGABYTE
2011-10-22 14:13 . 2011-01-10 16:16 18544 ----a-w- c:\windows\system32\drivers\AppleCharger.sys
2011-10-22 14:13 . 2010-04-06 14:30 31272 ----a-w- c:\windows\system32\AppleChargerSrv.exe
2011-10-22 14:13 . 2010-10-05 18:50 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2011-10-22 14:13 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-10-22 14:13 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-10-22 14:13 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-10-22 14:13 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-10-22 14:13 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-10-22 14:13 . 2011-10-22 14:13 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-10-22 14:13 . 2011-10-22 14:13 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-10-22 14:13 . 2010-09-21 07:59 41088 ----a-w- c:\windows\system32\drivers\HECI.sys
2011-10-22 14:12 . 2011-10-22 14:12 -------- d-----w- c:\users\Petinek\AppData\Roaming\InstallShield
2011-10-22 14:10 . 2010-10-14 17:27 269824 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2011-10-22 14:09 . 2011-10-22 14:13 -------- d-----w- c:\program files\Intel
2011-10-22 14:09 . 2010-12-23 03:09 53248 ----a-r- c:\windows\system32\CSVer.dll
2011-10-22 14:09 . 2011-10-22 14:10 -------- d-----w- C:\Intel
2011-10-22 14:09 . 2011-10-22 14:09 -------- d--h--w- c:\programdata\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2011-10-22 14:09 . 2011-10-24 13:26 -------- d-----w- c:\users\Petinek\AppData\Roaming\Splashtop
2011-10-22 14:08 . 2011-10-24 13:27 -------- d-----w- c:\program files\Splashtop
2011-10-17 19:42 . 2011-10-17 19:42 -------- d-----w- c:\windows\system32\SPReview
2011-10-17 19:42 . 2011-10-17 19:42 -------- d-----w- c:\windows\system32\EventProviders
2011-10-17 02:03 . 2011-10-12 20:10 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-17 01:36 . 2011-10-12 19:44 4289024 ----a-w- c:\windows\system32\atiumdag.dll
2011-10-17 01:34 . 2011-10-12 19:33 4174848 ----a-w- c:\windows\system32\atiumdva.dll
2011-10-17 01:24 . 2011-10-12 19:31 335872 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-16 21:19 . 2011-10-16 21:19 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-16 21:18 . 2011-10-16 21:18 13753856 ----a-w- c:\windows\system32\amdocl.dll
2011-10-16 21:17 . 2011-10-16 21:17 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-16 17:55 . 2011-10-16 17:55 18139008 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-16 07:24 . 2010-11-20 12:21 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-10-16 07:23 . 2010-11-20 12:20 9166336 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2011-10-15 21:43 . 2011-10-15 21:43 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-15 07:21 . 2011-10-15 07:21 -------- d-----w- c:\programdata\KONAMI
2011-10-15 07:11 . 2011-10-15 07:11 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-10-15 07:10 . 2011-10-15 07:10 -------- d-----w- c:\windows\PCHEALTH
2011-10-15 07:10 . 2011-10-15 07:10 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-10-15 07:10 . 2011-10-15 07:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-10-15 07:09 . 2011-10-15 07:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-10-15 07:08 . 2011-10-15 07:08 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-10-15 07:08 . 2011-10-15 07:08 -------- d-----w- c:\users\Petinek\AppData\Local\Microsoft Help
2011-10-15 07:08 . 2011-11-09 21:31 -------- d-----w- c:\programdata\Microsoft Help
2011-10-15 07:08 . 2011-10-15 07:08 -------- d-----r- C:\MSOCache
2011-10-14 21:35 . 2011-10-14 21:35 -------- d-----w- c:\users\Petinek\AppData\Roaming\Malwarebytes
2011-10-14 21:35 . 2011-10-14 21:35 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 18:44 . 2011-10-13 18:44 -------- d-----w- c:\programdata\IObit
2011-10-13 17:36 . 2011-10-13 17:36 -------- d--h--r- c:\users\Petinek\AppData\Roaming\SecuROM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 18:10 . 2011-09-30 20:32 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-11 18:10 . 2011-09-30 20:31 280904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-11 18:09 . 2011-09-30 20:31 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-10-31 19:30 . 2011-09-25 20:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-31 16:37 . 2011-09-30 20:32 138056 ----a-w- c:\users\Petinek\AppData\Roaming\PnkBstrK.sys
2011-10-31 16:37 . 2011-09-30 20:31 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-17 20:11 . 2011-10-17 20:11 203776 ----a-w- c:\windows\system32\webcheck.dll
2011-10-17 19:47 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-12 20:55 . 2011-10-12 20:55 8598528 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-12 20:14 . 2011-07-28 21:40 736768 ----a-w- c:\windows\system32\aticfx32.dll
2011-10-12 20:10 . 2011-10-12 20:10 397312 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-12 20:09 . 2011-10-12 20:09 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-12 20:08 . 2011-10-12 20:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-10-12 20:08 . 2011-10-12 20:08 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-12 20:07 . 2011-10-12 20:07 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-12 20:04 . 2011-07-28 21:30 4231680 ----a-w- c:\windows\system32\atidxx32.dll
2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-12 19:39 . 2011-07-28 21:01 52736 ----a-w- c:\windows\system32\coinst.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 257024 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-12 19:29 . 2011-07-28 20:53 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-10-12 19:29 . 2011-07-28 20:53 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-10-07 20:53 . 2011-10-07 20:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-09-25 20:20 . 2011-09-25 20:20 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-14 13:53 . 2011-09-30 20:31 3142728 ----a-w- c:\windows\system32\pbsvc_hos.exe
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\system32\amdoclcl.dll
2011-08-31 17:12 . 2011-09-25 20:19 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-30 14:41 . 2011-09-25 20:19 1501696 ----a-w- c:\windows\system32\RCoRes.dat
2011-08-27 04:26 . 2011-10-12 14:37 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 14:37 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-23 15:00 . 2011-09-25 20:19 357712 ----a-w- c:\windows\system32\KAAPORT.dll
2011-08-17 04:24 . 2011-10-12 14:37 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19 . 2011-10-12 14:37 75776 ----a-w- c:\windows\system32\psisrndr.ax
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a011d643-4a67-4934-a775-46139847d7f2}"= "mscoree.dll" [2010-11-05 297808]
.
[HKEY_CLASSES_ROOT\clsid\{a011d643-4a67-4934-a775-46139847d7f2}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 176408]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-16 343168]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 1750528]
"GBTUpd"="c:\program files\GIGABYTE\UpdManager\PreRun.exe" [2008-04-03 297480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-10-30 17488]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-26 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-25 232512]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 176128]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-12 8598528]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-12 257024]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-09-21 41088]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-13 328808]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Stáhnout pomocí &BitSpiritu - c:\program files\BitSpirit\bsurl.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1312630691-1940748298-62099282-1001\Software\SecuROM\License information*]
"datasecu"=hex:f8,50,cc,1a,35,7e,9d,76,38,b5,f3,fb,7c,a3,9a,eb,ec,d9,00,79,b5,
70,ae,6b,f6,b4,61,e6,9d,2d,eb,b1,c4,b8,84,b2,e6,6a,8c,47,d9,b3,a7,0c,1f,80,\
"rkeysecu"=hex:ee,43,a2,5b,e0,b1,cf,b3,80,1e,e3,a5,5c,af,01,1c
.
Celkový čas: 2011-11-11 23:40:55
ComboFix-quarantined-files.txt 2011-11-11 22:40
ComboFix2.txt 2011-11-11 20:30
ComboFix3.txt 2011-11-11 16:32
.
Před spuštěním: Volných bajtů: 763 034 988 544
Po spuštění: Volných bajtů: 762 975 772 672
.
- - End Of File - - B967241322181D16024F3AA87FA14375

[Žbeky]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

[Pida SuXxX]

Při startu pořád černá obrazovka, ale to až tak nevadí. Přijde mi že PC se zrychlilo a na zamrznutí jsem od té doby zatím nenarazil. Chtěl bych se zeptat na jednu věc ještě: Při startu PC než začne nabíhat systém se mě to zeptá jestli chci spustit:
1) Microsoft Windows [Verze 6.1. 7600] > 128 GB Memory
2) Windows 7
At vyberu jakýkoliv nevidim rozdíl a případně jak se toho zbavit ? Nebo to už je otázka do jiné kategorie ?

HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:02, on 12.11.2011
Platform: Unknown Windows (WinNT 6.01.3504 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Opera\opera.exe
C:\Users\Petinek\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/gate/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: GBHO.BHO - {c20391ee-b6fd-4a35-9f1b-2892dda5b107} - mscoree.dll (file missing)
O3 - Toolbar: Smart Recovery 2 - {a011d643-4a67-4934-a775-46139847d7f2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
O4 - HKLM\..\RunOnce: [GBTUpd] C:\Program Files\GIGABYTE\UpdManager\PreRun.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.24.0.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.26.0.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

--
End of file - 4959 bytes

[Žbeky]

Minule jsi nic nefixl

Fixni:

Kód: Vybrat vše

O2 - BHO: GBHO.BHO - {c20391ee-b6fd-4a35-9f1b-2892dda5b107} - mscoree.dll (file missing)
O3 - Toolbar: Smart Recovery 2 - {a011d643-4a67-4934-a775-46139847d7f2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
O4 - HKLM\..\RunOnce: [GBTUpd] C:\Program Files\GIGABYTE\UpdManager\PreRun.exe
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.24.0.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.26.0.cab

Spusť msconfig a v záložce spuštění počítače odeber nepotřebný vstup spuštění

Pokud nemáš nic dalšího, tak to tu označ za vyřešené