po nainstalování win 7 mi nefunguje některý hardware Vyřešeno

[loscrudos]

takže mechanika se mi stále nezobrazuje se sekáním zatím nevím.....zkusím chvilku nechat bez aktivity.....a ovladače karty taky zkusím nainstalovat.....pak dám vědět

zatím díky....

[Reklama]

[loscrudos]

tak po půlhodince co jsem nechal noťas ležet ladem jsem se vrátil a byl zase seknutý....napopátý restart ctrl+alt+del mi tam konečně asi po 2 minutách naběhl správce....navíc mi tam naskákalo tak 20 oken "odstranit zástupce mozila firefox"

[jaro3]

Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.


Vyčisti systém CCleanerem

1) Start > Run > cmd
enter this: sfc /scannow

2) Start > Run > regedit
Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\SetupCompleted
Check if it’s been set to "0", if so then set it to "1" (DWORD)

If the issue persists, try to perform an in-place upgrade to fix the issue:

http://support.microsoft.com/kb/2255099

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[loscrudos]

tak jsem postupoval podle instrukcí:

u kroku 1) Start > Run > cmd
enter this: sfc /scannow

mi po zadání příkazu v rámečku vyskočilo,že toto může provádět jen administrator............nevěděl jsem co s tím atak jsem krok přeskočil

vše další instrukcí

log z combofixu:

ComboFix 12-01-19.02 - pepe 20.01.2012 9:53.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2889 [GMT 1:00]
Spuštěný z: c:\users\pepe\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MS Office 2010\MS Office 2010 Lifetime Activation + UpdateAble (x86+x64) [PR!M3].exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-20 do 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 09:01 . 2012-01-20 09:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-20 06:54 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEF65513-13D5-4786-A115-3DBE186138D6}\mpengine.dll
2012-01-19 18:32 . 2012-01-19 18:32 -------- d-----w- c:\users\pepe\AppData\Roaming\Malwarebytes
2012-01-19 18:32 . 2012-01-19 18:32 -------- d-----w- c:\users\pepe\AppData\Local\Apps
2012-01-19 18:32 . 2012-01-19 18:32 -------- d-----w- c:\programdata\Malwarebytes
2012-01-19 18:32 . 2012-01-19 18:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-19 18:32 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-19 12:17 . 2012-01-19 12:17 61440 ----a-w- c:\windows\SysWow64\drivers\gxsvc.sys
2012-01-19 11:52 . 2012-01-19 11:52 1172 ----a-w- C:\1.reg
2012-01-19 11:52 . 2012-01-19 11:52 61440 ----a-w- c:\windows\SysWow64\drivers\lnvxsw.sys
2012-01-19 11:52 . 2012-01-19 11:52 13233 ----a-w- C:\avexport.bat
2012-01-19 09:25 . 2012-01-19 09:25 388096 ----a-r- c:\users\pepe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-19 09:25 . 2012-01-19 09:25 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-18 13:03 . 2012-01-18 13:03 -------- d-----w- c:\program files\CCleaner
2012-01-18 12:01 . 2012-01-18 12:01 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-01-18 09:35 . 2012-01-18 09:45 -------- d-----w- c:\users\pepe\AppData\Roaming\FreshDiagnose
2012-01-18 09:35 . 2012-01-18 09:35 -------- d-----w- c:\program files (x86)\FreshDevices
2012-01-11 14:19 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 14:19 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:19 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 14:19 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:19 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:19 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 14:19 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:19 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 10:14 . 2012-01-11 11:07 -------- d-----w- C:\Garmin
2012-01-11 10:07 . 2012-01-11 10:07 -------- d-----w- c:\programdata\GARMIN
2012-01-11 09:53 . 2012-01-11 09:53 -------- d-----w- c:\program files\DIFX
2012-01-11 09:53 . 2012-01-11 09:53 -------- d-----w- c:\program files (x86)\Garmin
2012-01-10 20:41 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2012-01-10 17:53 . 2012-01-15 00:23 -------- d-----w- c:\users\pepe\AppData\Local\Deployment
2012-01-09 21:05 . 2011-10-15 08:53 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-01-09 21:05 . 2011-10-15 08:53 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-01-09 20:49 . 2007-01-04 02:20 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2012-01-09 20:49 . 2007-02-14 08:56 371200 ----a-w- c:\windows\system32\nvusmu.exe
2012-01-09 20:49 . 2006-11-08 23:49 369152 ----a-w- c:\windows\system32\nvusmb.exe
2012-01-09 20:49 . 2012-01-09 20:49 -------- d-----w- c:\users\pepe\AppData\Roaming\InstallShield
2012-01-09 20:48 . 2012-01-09 20:48 -------- d-----w- C:\swsetup
2012-01-09 14:19 . 2012-01-19 03:18 -------- d-----w- c:\users\UpdatusUser
2012-01-09 14:11 . 2011-10-15 08:53 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2012-01-09 14:11 . 2011-10-15 08:53 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2012-01-09 13:44 . 2012-01-09 13:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-09 13:43 . 2012-01-09 13:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-09 13:43 . 2012-01-09 13:43 -------- d-----w- c:\program files (x86)\Java
2012-01-08 13:06 . 2012-01-08 13:06 -------- d-----w- c:\programdata\Premium
2012-01-08 13:05 . 2012-01-08 13:07 -------- d-----w- c:\programdata\InstallMate
2012-01-06 21:27 . 2012-01-18 12:21 -------- d-----w- c:\programdata\NVIDIA
2012-01-06 21:20 . 2012-01-06 21:20 -------- d-----w- c:\windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2012-01-06 21:20 . 2011-10-15 08:53 539456 ----a-w- c:\windows\system32\nvhotkey.dll
2012-01-06 21:20 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2012-01-06 21:20 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2012-01-06 21:20 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2012-01-06 21:20 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2012-01-06 21:20 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2012-01-06 21:20 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-06 21:20 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2012-01-06 21:20 . 2012-01-06 21:20 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-01-06 11:35 . 2012-01-11 10:07 -------- d-----w- c:\users\pepe\AppData\Roaming\Garmin
2012-01-06 09:41 . 2012-01-06 09:41 -------- d-----w- c:\users\pepe\AppData\Local\Diagnostics
2012-01-06 09:30 . 2011-10-15 08:53 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-01-06 09:30 . 2011-10-15 08:53 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2012-01-06 09:30 . 2011-05-21 06:01 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2012-01-06 09:30 . 2011-05-21 06:01 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2012-01-06 09:30 . 2011-05-21 06:01 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2012-01-06 09:22 . 2009-07-24 09:49 114688 ----a-w- c:\windows\SysWow64\RicohMediadriverVer.dll
2012-01-05 09:32 . 2012-01-05 09:32 -------- d-----w- c:\windows\system32\appmgmt
2012-01-05 08:56 . 2012-01-05 08:56 -------- d-----w- c:\users\pepe\AppData\Local\ElevatedDiagnostics
2012-01-04 12:14 . 2006-06-19 12:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2012-01-04 12:14 . 2006-05-25 14:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2012-01-04 12:14 . 2005-08-26 00:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2012-01-04 12:14 . 2003-02-02 19:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-01-04 12:14 . 2002-03-06 00:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-01-03 18:25 . 2012-01-18 13:05 -------- d-----w- c:\users\pepe\AppData\Roaming\Skype
2012-01-03 18:25 . 2012-01-03 18:27 -------- d-----r- c:\program files (x86)\Skype
2012-01-03 18:25 . 2012-01-03 18:25 -------- d-----w- c:\programdata\Skype
2012-01-03 11:25 . 2012-01-03 11:25 -------- d-----w- c:\program files (x86)\COMODO
2012-01-02 12:37 . 2012-01-11 17:21 -------- d-----w- C:\fota
2011-12-28 12:39 . 2011-12-28 12:39 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-12-28 12:39 . 2011-12-28 12:39 -------- d-----w- c:\windows\PCHEALTH
2011-12-28 12:39 . 2011-12-28 12:39 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-12-28 12:39 . 2011-12-28 12:39 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-12-28 12:36 . 2011-12-28 12:36 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-12-28 12:35 . 2011-12-28 12:35 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-12-28 12:34 . 2011-12-28 12:34 -------- d-----w- c:\users\pepe\AppData\Local\Microsoft Help
2011-12-28 12:34 . 2012-01-11 22:57 -------- d-----w- c:\programdata\Microsoft Help
2011-12-28 12:33 . 2011-12-28 12:33 -------- d-----r- C:\MSOCache
2011-12-28 12:30 . 2012-01-20 09:00 -------- d-----w- c:\users\MS Office 2010
2011-12-28 11:54 . 2011-12-28 11:54 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-28 11:54 . 2011-12-28 12:16 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-12-28 11:53 . 2012-01-18 13:05 -------- d-----w- c:\users\pepe\AppData\Roaming\DAEMON Tools Lite
2011-12-28 11:53 . 2011-12-28 11:54 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-12-23 18:21 . 2011-12-29 12:02 -------- d-----w- c:\program files (x86)\Seznam.cz
2011-12-23 18:20 . 2012-01-15 00:43 -------- d-----w- c:\users\pepe\AppData\Local\MusicJet
2011-12-23 08:17 . 2011-12-28 12:39 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-12-23 08:04 . 2011-12-23 08:04 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-23 08:04 . 2011-12-23 08:04 -------- d-----w- c:\windows\system32\Wat
2011-12-22 07:32 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-12-22 07:31 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-12-22 07:31 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-12-22 07:31 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-22 07:31 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-22 07:31 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-22 07:31 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-22 07:31 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 11:59 . 2011-11-10 12:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-11-10 12:16 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-11-10 12:16 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-11-10 12:16 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-11-10 12:16 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-11-10 12:16 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-11-10 12:16 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-11-10 12:16 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-11-10 12:16 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-11-10 12:16 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-15 13:29 . 2011-11-10 12:18 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-28 22:55 . 2011-10-28 22:55 1372672 ----a-w- c:\windows\SysWow64\VSFilter.dll
2011-10-23 05:56 . 2011-10-23 05:56 4738560 ----a-w- c:\windows\SysWow64\x264vfw.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files (x86)\Seznam.cz\bin\toolbar\toolbar.dll" [2011-12-12 188960]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files (x86)\Seznam.cz\bin\listicka.dll
TCP: DhcpNameServer = 192.168.69.5 192.168.254.128
FF - ProfilePath - c:\users\pepe\AppData\Roaming\Mozilla\Firefox\Profiles\5p4tow9k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Celkový čas: 2012-01-20 10:14:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-20 09:14
.
Před spuštěním: Volných bajtů: 15 906 369 536
Po spuštění: Volných bajtů: 15 226 470 400
.
- - End Of File - - E269A13BD2F6F54D9A32C8BFFF28F630

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Collect::
c:\windows\SysWow64\drivers\lnvxsw.sys

File::
C:\1.reg
C:\avexport.bat

Folder::
c:\windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP

Registry::
[-HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]

DDS::
uLocal Page = c:\windows\SYSTEM32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\drivers\nvphy.bin
c:\windows\system32\nvusmu.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

u kroku 1) Start > Run > cmd
enter this: sfc /scannow

mi po zadání příkazu v rámečku vyskočilo,že toto může provádět jen administrator............nevěděl jsem co s tím atak jsem krok přeskočil

Potřebuješ instalačku na to..

Zkus tohle:
Kontrola HDD na chyby
otevři Tento počítač- pravým na disk-vlastnosti-záložka nástroje-kontrola chyb-zkontrolovat-v okně zatrhni obě políčka-klikni na spustit- tam to napíše , že kontrola bude provedena po příštím spuštění...
Restartuj PC, kontrola s opravou někdy trvá i několik hodin...

+
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

[loscrudos]

takže po udělání věci s combofixem mi vyjela hláška,že soubor,kde se to má uložit neexistuje a pak naskočil prázdný log.....
log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:30:26, on 20.1.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\bin\listicka.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-525804756-3948067889-2474025195-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files (x86)\Seznam.cz\bin\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files (x86)\Seznam.cz\bin\listicka.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files (x86)\Seznam.cz\bin\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files (x86)\Seznam.cz\bin\listicka.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8744 bytes


u virustotal mi to nenašlo tyto soubory:
c:\windows\system32\drivers\nvphy.bin
c:\windows\system32\nvusmu.exe

kontrola hdd na chyby proběhla ok

a udaje z cristaldiskinfo jsou zde:


----------------------------------------------------------------------------
CrystalDiskInfo 4.1.3 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Ultimate Edition [6.1 Build 7600] (x64)
Date : 2012/01/20 15:17:27

-- Controller Map ----------------------------------------------------------
- Ricoh SD/MMC Host Controller [ATA]
- Ricoh xD-Picture Card Controller [ATA]
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ ATA Channel 0 (0)
- WDC WD800BEVS-60RST0 ATA Device
- ATA Channel 1 (1)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
- Ricoh Memory Stick Controller [ATA]

-- Disk List ---------------------------------------------------------------
(1) WDC WD800BEVS-60RST0 : 80.0 GB [0-2-0, pd1]

----------------------------------------------------------------------------
(1) WDC WD800BEVS-60RST0
----------------------------------------------------------------------------
Model : WDC WD800BEVS-60RST0
Firmware : 04.01G04
Serial Number : WD-WXE707028892
Disk Size : 80.0 GB (8.4/80.0/80.0)
Buffer Size : 8192 KB
Queue Depth : 1
# of Sectors : 156301488
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/150
Power On Hours : 3966 hod.
Power On Count : 4290 krát
Temparature : 40 C (104 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA
APM Level : 0080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000025 Počet chyb čtení
03 159 154 _21 0000000003F0 Čas na roztočení ploten
04 _96 _96 __0 000000001194 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 _51 000000000000 Počet chybných hledání
09 _95 _95 __0 000000000F7E Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 _51 000000000000 Počet pokusů o překalibrování
0C _96 _96 __0 0000000010C2 Počet cyklů zapnutí zařízení
BB 100 _76 __0 000000000021 Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000000 Časový limit příkazu
BE _60 _44 _40 000000000028 Teplota toku vzduchu
C0 200 200 __0 000000000082 Počet vypnutí disku
C1 180 180 __0 00000000F450 Počet cyklů načítání/vymazání
C2 103 _87 __0 000000000028 Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 42 7A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 57 44 2D 57 58 45 37
020: 30 37 30 32 38 38 39 32 00 00 40 00 00 32 30 34
030: 2E 30 31 47 30 34 57 44 43 20 57 44 38 30 30 42
040: 45 56 53 2D 36 30 52 53 54 30 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 01 00 00 00 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 F8 B0 09 50 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 00 04 02 00 00 00 48 00 40
0A0: 00 FE 00 00 70 6B 7C 09 61 23 70 69 BC 09 61 23
0B0: 20 3F 00 12 00 12 00 80 FF FE 00 00 00 00 00 00
0C0: 00 00 00 00 00 00 00 00 F8 B0 09 50 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 50 01 4E E2 00 6D 8F BF
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 10
0F0: 40 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 00 00 00 00 00 00 00 00 16 78 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 10 3F 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 01 08 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 A5

[jaro3]

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\drivers\nvphy.bin
c:\windows\system32\nvusmu.exe

Zkus ještě jednou.

Stejně tak ten script v Combofixu.

[loscrudos]

V možnostech složky je povoleno
Virustotal:
nvphy.bin
tento soubor nebyl nalezen.
Zkontrolujte název souboru a opakujte akci.

nvusmu.exe
tento soubor nebyl nalezen.
Zkontrolujte název souboru a opakujte akci.


na combofix jdu.....

[loscrudos]

tady je ten combofix:

ComboFix 12-01-19.02 - pepe 20.01.2012 16:09:17.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.3061 [GMT 1:00]
Spuštěný z: c:\users\pepe\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\pepe\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\1.reg"
"C:\avexport.bat"
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-20 do 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 15:17 . 2012-01-20 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-20 14:16 . 2012-01-20 14:39 -------- d-----w- c:\users\pepe\AppData\Roaming\Nitro PDF
2012-01-20 14:15 . 2011-12-20 09:10 17192 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-01-20 14:15 . 2011-12-20 09:10 28968 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-01-20 14:15 . 2012-01-20 14:15 -------- d-----w- c:\programdata\Nitro PDF
2012-01-20 14:15 . 2012-01-20 14:15 -------- d-----w- c:\program files\Common Files\Nitro PDF
2012-01-20 14:15 . 2012-01-20 14:15 -------- d-----w- c:\program files (x86)\Nitro PDF
2012-01-20 14:15 . 2012-01-20 14:15 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2012-01-20 14:13 . 2012-01-20 14:13 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-01-20 14:13 . 2012-01-20 14:13 -------- d-----w- c:\users\pepe\AppData\Roaming\OpenCandy
2012-01-20 14:01 . 2012-01-20 14:01 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-20 14:01 . 2012-01-20 14:01 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-01-20 06:54 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEF65513-13D5-4786-A115-3DBE186138D6}\mpengine.dll
2012-01-19 18:32 . 2012-01-19 18:32 -------- d-----w- c:\users\pepe\AppData\Roaming\Malwarebytes
2012-01-19 18:32 . 2012-01-19 18:32 -------- d-----w- c:\users\pepe\AppData\Local\Apps
2012-01-19 18:32 . 2012-01-19 18:32 -------- d-----w- c:\programdata\Malwarebytes
2012-01-19 18:32 . 2012-01-19 18:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-19 18:32 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-19 12:17 . 2012-01-19 12:17 61440 ----a-w- c:\windows\SysWow64\drivers\gxsvc.sys
2012-01-19 11:52 . 2012-01-19 11:52 1172 ----a-w- C:\1.reg
2012-01-19 11:52 . 2012-01-19 11:52 61440 ------w- c:\windows\SysWow64\drivers\lnvxsw.sys
2012-01-19 11:52 . 2012-01-19 11:52 13233 ----a-w- C:\avexport.bat
2012-01-19 09:25 . 2012-01-19 09:25 388096 ----a-r- c:\users\pepe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-19 09:25 . 2012-01-19 09:25 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-18 13:03 . 2012-01-18 13:03 -------- d-----w- c:\program files\CCleaner
2012-01-18 12:01 . 2012-01-18 12:01 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-01-18 09:35 . 2012-01-18 09:45 -------- d-----w- c:\users\pepe\AppData\Roaming\FreshDiagnose
2012-01-18 09:35 . 2012-01-18 09:35 -------- d-----w- c:\program files (x86)\FreshDevices
2012-01-11 14:19 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 14:19 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:19 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 14:19 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:19 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:19 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 14:19 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:19 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 10:14 . 2012-01-11 11:07 -------- d-----w- C:\Garmin
2012-01-11 10:07 . 2012-01-11 10:07 -------- d-----w- c:\programdata\GARMIN
2012-01-11 09:53 . 2012-01-11 09:53 -------- d-----w- c:\program files\DIFX
2012-01-11 09:53 . 2012-01-11 09:53 -------- d-----w- c:\program files (x86)\Garmin
2012-01-10 20:41 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2012-01-10 17:53 . 2012-01-15 00:23 -------- d-----w- c:\users\pepe\AppData\Local\Deployment
2012-01-09 21:05 . 2011-10-15 08:53 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-01-09 21:05 . 2011-10-15 08:53 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-01-09 20:49 . 2007-01-04 02:20 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2012-01-09 20:49 . 2007-02-14 08:56 371200 ----a-w- c:\windows\system32\nvusmu.exe
2012-01-09 20:49 . 2006-11-08 23:49 369152 ----a-w- c:\windows\system32\nvusmb.exe
2012-01-09 20:49 . 2012-01-09 20:49 -------- d-----w- c:\users\pepe\AppData\Roaming\InstallShield
2012-01-09 20:48 . 2012-01-09 20:48 -------- d-----w- C:\swsetup
2012-01-09 14:19 . 2012-01-19 03:18 -------- d-----w- c:\users\UpdatusUser
2012-01-09 14:11 . 2011-10-15 08:53 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2012-01-09 14:11 . 2011-10-15 08:53 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2012-01-09 13:44 . 2012-01-09 13:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-09 13:43 . 2012-01-09 13:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-09 13:43 . 2012-01-09 13:43 -------- d-----w- c:\program files (x86)\Java
2012-01-08 13:06 . 2012-01-08 13:06 -------- d-----w- c:\programdata\Premium
2012-01-08 13:05 . 2012-01-08 13:07 -------- d-----w- c:\programdata\InstallMate
2012-01-06 21:27 . 2012-01-18 12:21 -------- d-----w- c:\programdata\NVIDIA
2012-01-06 21:20 . 2011-10-15 08:53 539456 ----a-w- c:\windows\system32\nvhotkey.dll
2012-01-06 21:20 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2012-01-06 21:20 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2012-01-06 21:20 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2012-01-06 21:20 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2012-01-06 21:20 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2012-01-06 21:20 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-06 21:20 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2012-01-06 21:20 . 2012-01-06 21:20 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-01-06 11:35 . 2012-01-11 10:07 -------- d-----w- c:\users\pepe\AppData\Roaming\Garmin
2012-01-06 09:41 . 2012-01-06 09:41 -------- d-----w- c:\users\pepe\AppData\Local\Diagnostics
2012-01-06 09:30 . 2011-10-15 08:53 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-01-06 09:30 . 2011-10-15 08:53 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2012-01-06 09:30 . 2011-05-21 06:01 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2012-01-06 09:30 . 2011-05-21 06:01 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2012-01-06 09:30 . 2011-05-21 06:01 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2012-01-06 09:22 . 2009-07-24 09:49 114688 ----a-w- c:\windows\SysWow64\RicohMediadriverVer.dll
2012-01-05 09:32 . 2012-01-05 09:32 -------- d-----w- c:\windows\system32\appmgmt
2012-01-05 08:56 . 2012-01-05 08:56 -------- d-----w- c:\users\pepe\AppData\Local\ElevatedDiagnostics
2012-01-04 12:14 . 2006-06-19 12:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2012-01-04 12:14 . 2006-05-25 14:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2012-01-04 12:14 . 2005-08-26 00:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2012-01-04 12:14 . 2003-02-02 19:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-01-04 12:14 . 2002-03-06 00:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-01-03 18:25 . 2012-01-18 13:05 -------- d-----w- c:\users\pepe\AppData\Roaming\Skype
2012-01-03 18:25 . 2012-01-03 18:27 -------- d-----r- c:\program files (x86)\Skype
2012-01-03 18:25 . 2012-01-03 18:25 -------- d-----w- c:\programdata\Skype
2012-01-03 11:25 . 2012-01-03 11:25 -------- d-----w- c:\program files (x86)\COMODO
2012-01-02 12:37 . 2012-01-11 17:21 -------- d-----w- C:\fota
2011-12-28 12:39 . 2011-12-28 12:39 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-12-28 12:39 . 2011-12-28 12:39 -------- d-----w- c:\windows\PCHEALTH
2011-12-28 12:39 . 2011-12-28 12:39 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-12-28 12:39 . 2011-12-28 12:39 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-12-28 12:36 . 2011-12-28 12:36 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-12-28 12:35 . 2011-12-28 12:35 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-12-28 12:34 . 2011-12-28 12:34 -------- d-----w- c:\users\pepe\AppData\Local\Microsoft Help
2011-12-28 12:34 . 2012-01-11 22:57 -------- d-----w- c:\programdata\Microsoft Help
2011-12-28 12:33 . 2011-12-28 12:33 -------- d-----r- C:\MSOCache
2011-12-28 12:30 . 2012-01-20 09:14 -------- d-----w- c:\users\MS Office 2010
2011-12-28 11:53 . 2012-01-18 13:05 -------- d-----w- c:\users\pepe\AppData\Roaming\DAEMON Tools Lite
2011-12-28 11:53 . 2011-12-28 11:54 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-12-23 18:21 . 2011-12-29 12:02 -------- d-----w- c:\program files (x86)\Seznam.cz
2011-12-23 18:20 . 2012-01-15 00:43 -------- d-----w- c:\users\pepe\AppData\Local\MusicJet
2011-12-23 08:17 . 2011-12-28 12:39 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-12-23 08:04 . 2011-12-23 08:04 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-23 08:04 . 2011-12-23 08:04 -------- d-----w- c:\windows\system32\Wat
2011-12-22 07:32 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-12-22 07:31 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-12-22 07:31 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-12-22 07:31 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-22 07:31 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-22 07:31 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-22 07:31 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-22 07:31 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 11:59 . 2011-11-10 12:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-11-10 12:16 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-11-10 12:16 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-11-10 12:16 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-11-10 12:16 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-11-10 12:16 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-11-10 12:16 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-11-10 12:16 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-11-10 12:16 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-11-10 12:16 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-15 13:29 . 2011-11-10 12:18 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-28 22:55 . 2011-10-28 22:55 1372672 ----a-w- c:\windows\SysWow64\VSFilter.dll
2011-10-23 05:56 . 2011-10-23 05:56 4738560 ----a-w- c:\windows\SysWow64\x264vfw.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-20_12.12.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-01-20 15:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-20 12:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-20 12:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-20 15:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-20 12:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-20 15:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-10 12:28 . 2012-01-20 15:21 29744 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-20 15:21 34728 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-20 14:15 . 2011-12-20 09:10 83240 c:\windows\system32\spool\drivers\x64\NitroReaderUI2.dll
+ 2012-01-20 14:15 . 2011-12-20 09:10 44840 c:\windows\system32\spool\drivers\x64\NitroReaderGraphics2.dll
+ 2012-01-20 14:15 . 2011-12-20 09:10 83240 c:\windows\system32\spool\drivers\x64\3\NitroReaderUI2.dll
+ 2012-01-20 14:15 . 2011-12-20 09:10 44840 c:\windows\system32\spool\drivers\x64\3\NitroReaderGraphics2.dll
- 2009-07-14 05:30 . 2012-01-18 12:21 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-01-20 14:02 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-11-10 11:56 . 2012-01-20 14:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-10 11:56 . 2012-01-20 09:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-10 11:56 . 2012-01-20 09:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-10 11:56 . 2012-01-20 14:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-20 14:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-20 09:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-10 12:22 . 2012-01-20 15:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-10 12:22 . 2012-01-20 12:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-10 12:22 . 2012-01-20 12:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-10 12:22 . 2012-01-20 15:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-10 12:22 . 2012-01-20 15:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-10 12:22 . 2012-01-20 12:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-10 12:22 . 2012-01-20 12:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-10 12:22 . 2012-01-20 15:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-10 12:22 . 2012-01-20 12:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-10 12:22 . 2012-01-20 15:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-10 12:23 . 2012-01-20 15:21 7446 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-525804756-3948067889-2474025195-1001_UserData.bin
+ 2012-01-20 15:18 . 2012-01-20 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-20 12:11 . 2012-01-20 12:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-20 12:11 . 2012-01-20 12:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-20 15:18 . 2012-01-20 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-01-20 11:46 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-20 14:03 616008 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2012-01-20 11:46 631292 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2012-01-20 14:03 631292 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-01-20 14:03 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-20 11:46 106388 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2012-01-20 14:03 121914 c:\windows\system32\perfc005.dat
- 2009-07-14 15:18 . 2012-01-20 11:46 121914 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:30 . 2012-01-20 14:02 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-01-18 12:21 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-01-20 14:02 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-01-18 12:21 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-01-20 14:01 . 2012-01-20 14:01 283200 c:\windows\system32\DriverStore\FileRepository\dtsoftbus01.inf_amd64_neutral_d141c6ab4285e7b9\dtsoftbus01.sys
+ 2009-07-14 05:01 . 2012-01-20 15:17 385860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-20 12:10 385860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-01-20 12:26 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-01-20 09:17 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-11-10 12:19 . 2012-01-20 15:17 10301316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-525804756-3948067889-2474025195-1001-8192.dat
+ 2011-12-21 02:28 . 2011-12-21 02:28 34419712 c:\windows\Installer\217006.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-12-20 341800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files (x86)\Seznam.cz\bin\listicka.dll
TCP: DhcpNameServer = 192.168.69.5 192.168.254.128
FF - ProfilePath - c:\users\pepe\AppData\Roaming\Mozilla\Firefox\Profiles\5p4tow9k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Celkový čas: 2012-01-20 16:30:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-20 15:30
ComboFix2.txt 2012-01-20 12:24
ComboFix3.txt 2012-01-20 09:14
.
Před spuštěním: Volných bajtů: 15 202 304 000
Po spuštění: Volných bajtů: 14 807 977 984
.
- - End Of File - - BC5E718B01404172B6A4411A981DAC7C
Nahr nˇ probŘhlo ŁspŘçnŘ

[jaro3]

Virustotal , tam zkopíruješ cestu myší nebo soubory hledáš sám v umístění?

Opakuj znovu tento script:

Kód: Vybrat vše

KillAll::
Collect::
c:\windows\SysWow64\drivers\lnvxsw.sys

File::
C:\1.reg
C:\avexport.bat

DDS::
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm

[loscrudos]

kopíroval jsem............zkusím zadat ručně

[jaro3]

Zkus , a pokud nepůjde Combofix , nebo nepůjde smazat , použijeme něco jiného.