Kontrola HJT - dlouhý start PC

[quinter]

Zdravím, asi před dvěmi týdny jsem přeinstalovával windows 7, na startu delším o 20-30 vteřin než obvykle mě nic nepřekvapovalo. Myslel jsem si že se načítaj data Prefetch a celkově "zajíždějí" windowsy. Ale po dvou týdnech žádná změna, start dlouhý jako po reinstalu Windows. PC pročištěno CCleanerem, ATFcleanerem, MBAM nehlásí žádnou infekci, proto přikládám log z HJT
Předem děkuji za vyřízení


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:29:55, on 7.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Programy\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Tony\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "D:\Programy\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Programy\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6406 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Stáhni si Memtest:

Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.

[quinter]

Díky za pomoc, log z ComboFixu
________________________________


ComboFix 12-03-07.05 - Tony 08.03.2012 11:10:46.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4061.2903 [GMT 1:00]
Spuštěný z: c:\users\Tony\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-08 do 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 10:14 . 2012-03-08 10:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 11:56 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 19:01 . 2012-03-07 17:31 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-06 16:12 . 2012-03-06 16:12 -------- d-----w- c:\programdata\GARMIN
2012-03-06 16:11 . 2012-03-06 16:12 -------- d-----w- C:\Garmin
2012-03-06 15:42 . 2012-03-06 15:42 -------- d-----w- c:\windows\Sun
2012-03-06 13:49 . 2012-03-07 17:31 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-06 13:49 . 2012-03-07 17:27 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-06 13:49 . 2012-03-06 18:59 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-06 12:32 . 2012-03-06 12:32 -------- d-sh--w- c:\windows\ftpcache
2012-03-06 12:19 . 2012-03-06 12:19 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-06 12:18 . 2012-03-06 12:18 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-01 15:00 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-02-27 16:07 . 2011-12-16 16:21 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-02-27 16:07 . 2010-11-26 17:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-02-27 15:54 . 2012-02-27 15:54 -------- d-----w- c:\programdata\Malwarebytes
2012-02-27 07:45 . 2012-02-27 07:45 -------- d-----w- c:\windows\system32\SPReview
2012-02-27 07:44 . 2012-02-27 07:44 -------- d-----w- c:\windows\system32\EventProviders
2012-02-27 07:41 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-27 07:41 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-02-27 07:41 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-02-27 07:41 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-02-27 07:41 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-02-27 07:41 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2012-02-27 07:41 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-27 07:41 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2012-02-27 07:41 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-02-27 07:39 . 2010-11-20 13:27 605696 ----a-w- c:\windows\system32\wmpeffects.dll
2012-02-27 07:38 . 2010-11-20 13:27 71680 ----a-w- c:\windows\system32\wkscli.dll
2012-02-27 07:37 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-02-27 07:37 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-02-27 07:37 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-02-26 20:53 . 2012-02-26 20:53 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-26 20:53 . 2012-02-26 20:53 -------- d-----w- c:\windows\system32\Wat
2012-02-26 20:38 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-02-26 20:37 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-26 20:34 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-02-26 20:34 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-02-26 20:21 . 2012-02-26 20:22 -------- d-----w- c:\program files (x86)\Google
2012-02-26 20:21 . 2012-02-23 16:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-26 20:21 . 2012-02-23 16:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-26 20:21 . 2012-02-23 16:11 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-26 20:21 . 2012-02-23 16:10 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-26 20:21 . 2012-02-23 16:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-26 20:21 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-26 20:21 . 2012-02-23 16:10 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-26 20:20 . 2012-02-23 16:23 41184 ----a-w- c:\windows\avastSS.scr
2012-02-26 20:20 . 2012-02-23 16:23 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-26 20:20 . 2012-02-26 20:20 -------- d-----w- c:\programdata\AVAST Software
2012-02-26 19:11 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-02-26 18:58 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-02-26 18:57 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-26 18:56 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-26 18:56 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-26 18:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-02-26 18:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-26 18:56 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-26 18:54 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-26 18:54 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-26 18:50 . 2012-02-20 00:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DD59D64-29BD-47E6-A7BA-7AF5CA5D28EB}\mpengine.dll
2012-02-26 18:50 . 2012-01-29 04:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-26 18:48 . 2012-02-26 18:48 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-02-26 18:44 . 2012-02-26 18:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-26 18:29 . 2012-02-26 18:29 -------- d-----w- c:\windows\SysWow64\BestPractices
2012-02-26 18:29 . 2012-02-26 18:29 -------- d-----w- c:\windows\system32\BestPractices
2012-02-26 18:29 . 2012-02-26 18:29 -------- d-----w- C:\inetpub
2012-02-26 17:50 . 2012-02-26 17:50 -------- d-----w- c:\programdata\ToshibaEurope
2012-02-26 17:42 . 2012-02-26 17:42 -------- d---a-w- c:\windows\OemDrv
2012-02-26 17:41 . 2012-02-26 17:41 -------- d-----w- c:\program files (x86)\Common Files\Toshiba Shared
2012-02-26 17:41 . 2009-07-24 14:57 482384 ----a-w- c:\windows\system32\drivers\tos_sps64.sys
2012-02-26 17:41 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-02-26 16:39 . 2012-02-26 18:20 -------- d-----w- c:\programdata\TOSHIBA
2012-02-26 16:38 . 2009-06-22 16:06 35008 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2012-02-26 16:37 . 2012-02-26 16:37 -------- d-----w- c:\program files\Synaptics
2012-02-26 16:36 . 2012-02-26 16:36 -------- d-----w- c:\windows\SysWow64\TSFM
2012-02-26 16:35 . 2009-02-02 17:27 7347200 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-02-26 16:35 . 2009-07-30 16:46 222208 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-02-26 16:35 . 2009-06-22 10:52 351744 ----a-w- c:\windows\system32\RtsUStor.dll
2012-02-26 16:33 . 2012-02-26 16:33 -------- d-----w- c:\program files (x86)\Realtek WLAN Driver
2012-02-26 16:29 . 1999-10-12 17:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2012-02-26 16:29 . 1999-10-12 17:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 07:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-27 07:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-26 20:41 . 2012-02-26 20:41 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-02-26 20:41 . 2012-02-26 20:41 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="d:\programy\Avast\avastUI.exe" [2012-02-23 4031368]
"Malwarebytes' Anti-Malware"="d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ccaf737-6785-11e1-a44c-002622ed473d}]
\shell\AutoRun\command - f:\setup\rsrc\Autorun.exe
\shell\dinstall\command - f:\directx\dxsetup.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 20:21]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 20:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- d:\programy\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSEH
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\programy\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-03-08 11:20:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-08 10:20
.
Před spuštěním: Volných bajtů: 27 703 689 216
Po spuštění: Volných bajtů: 27 632 844 800
.
- - End Of File - - 205CF99BB3323B9EF18F51F4418E446F

[quinter]

Log z CrystalDisku
_________________________


----------------------------------------------------------------------------
CrystalDiskInfo 4.2.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium Edition SP1 [6.1 Build 7601] (x64)
Date : 2012/03/08 11:23:36

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH9M-E/M SATA AHCI Controller [ATA]
- Hitachi HTS545050B9A300
- TSSTcorp CDDVDW TS-L633C

-- Disk List ---------------------------------------------------------------
(1) Hitachi HTS545050B9A300 : 500.1 GB [0-0-0, pd1]

----------------------------------------------------------------------------
(1) Hitachi HTS545050B9A300
----------------------------------------------------------------------------
Model : Hitachi HTS545050B9A300
Firmware : PB4OC64G
Serial Number : 091106PB4400Q7CMM54L
Disk Size : 500.1 GB (8.4/137.4/500.1)
Buffer Size : 7208 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : SATA/300
Power On Hours : 4594 hod.
Power On Count : 2154 krát
Temparature : 28 C (82 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 4080h [ON]
AAM Level : 80FEh [ON]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _62 000000000000 Počet chyb čtení
02 100 100 _40 000000000000 Průchodnost disku
03 144 144 _33 001500000002 Čas na roztočení ploten
04 _99 _99 __0 000000000885 Počet spuštění/zastavení
05 100 100 __5 000000000000 Počet přemapovaných sektorů
07 100 100 _67 000000000000 Počet chybných hledání
08 100 100 _40 000000000000 Čas potřebný na vyhledání
09 _90 _90 __0 0000000011F2 Hodin v činnosti
0A 100 100 _60 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _99 _99 __0 00000000086A Počet cyklů zapnutí zařízení
BF 100 100 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000032 Počet vypnutí disku
C1 _92 _92 __0 000000015C0A Počet cyklů načítání/vymazání
C2 196 196 __0 002D000B001C Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
DF 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 04 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 30 39 31 31 30 36 50 42 34 34 30 30
020: 51 37 43 4D 4D 35 34 4C 00 03 38 50 00 04 50 42
030: 34 4F 43 36 34 47 48 69 74 61 63 68 69 20 48 54
040: 53 35 34 35 30 35 30 42 39 41 33 30 30 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 40 00 0F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 17 06 00 00 00 5E 00 44
0A0: 01 FC 00 28 74 6B 7F 69 61 63 74 69 BE 49 61 63
0B0: 40 7F 00 4E 00 4F 40 80 FF FE 00 00 80 FE 00 00
0C0: 00 00 00 00 00 00 00 00 60 30 3A 38 00 00 00 00
0D0: 00 00 00 00 00 00 88 48 50 00 CC A5 9E C8 EA FF
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 1C
0F0: 40 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 00 0B 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 40 01 00 00 80 00 00 00
130: 34 54 00 00 00 00 72 63 72 54 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 3D 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 15 18 00 00 00 00 00 00 00 00 10 1F 00 21
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 01 02 C7 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FE A5

[quinter]

Ještě dotaz, mám originální windows 7 home 64bit verzi, a 4 GB Ram (2x2gb) jaké číslo mám zadat do memtestu?2048?

[Žbeky]

Jo

[jaro3]

2048


Disk OK.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
f:\setup\rsrc\Autorun.exe
f:\directx\dxsetup.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ccaf737-6785-11e1-a44c-002622ed473d}]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR

na svojí plochu.Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu , vlož sem celý obsak toho logu.

[quinter]

Log po scanu ComboFixu jsem omylem zavřel, ale mělo by to být toto
_________________________________________


ComboFix 12-03-07.05 - Tony 10.03.2012 14:25:13.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4061.3054 [GMT 1:00]
Spuštěný z: c:\users\Tony\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tony\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"f:\directx\dxsetup.exe"
"f:\setup\rsrc\Autorun.exe"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-10 do 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 13:29 . 2012-03-10 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 11:56 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 19:01 . 2012-03-07 17:31 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-06 16:12 . 2012-03-06 16:12 -------- d-----w- c:\programdata\GARMIN
2012-03-06 16:11 . 2012-03-06 16:12 -------- d-----w- C:\Garmin
2012-03-06 15:42 . 2012-03-06 15:42 -------- d-----w- c:\windows\Sun
2012-03-06 13:49 . 2012-03-07 17:31 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-06 13:49 . 2012-03-07 17:27 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-06 13:49 . 2012-03-06 18:59 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-06 12:32 . 2012-03-06 12:32 -------- d-sh--w- c:\windows\ftpcache
2012-03-06 12:19 . 2012-03-06 12:19 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-06 12:18 . 2012-03-06 12:18 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-01 15:00 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-02-27 16:07 . 2011-12-16 16:21 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-02-27 16:07 . 2010-11-26 17:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-02-27 15:54 . 2012-02-27 15:54 -------- d-----w- c:\programdata\Malwarebytes
2012-02-27 07:45 . 2012-02-27 07:45 -------- d-----w- c:\windows\system32\SPReview
2012-02-27 07:44 . 2012-02-27 07:44 -------- d-----w- c:\windows\system32\EventProviders
2012-02-27 07:41 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-27 07:41 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-02-27 07:41 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-02-27 07:41 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-02-27 07:41 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-02-27 07:41 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2012-02-27 07:41 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-27 07:41 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2012-02-27 07:41 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-02-27 07:39 . 2010-11-20 13:27 605696 ----a-w- c:\windows\system32\wmpeffects.dll
2012-02-27 07:38 . 2010-11-20 13:27 71680 ----a-w- c:\windows\system32\wkscli.dll
2012-02-27 07:37 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-02-27 07:37 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-02-27 07:37 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-02-26 20:53 . 2012-02-26 20:53 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-26 20:53 . 2012-02-26 20:53 -------- d-----w- c:\windows\system32\Wat
2012-02-26 20:38 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-02-26 20:37 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-26 20:34 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-02-26 20:34 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-02-26 20:21 . 2012-02-26 20:22 -------- d-----w- c:\program files (x86)\Google
2012-02-26 20:21 . 2012-02-23 16:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-26 20:21 . 2012-02-23 16:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-26 20:21 . 2012-02-23 16:11 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-26 20:21 . 2012-02-23 16:10 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-26 20:21 . 2012-02-23 16:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-26 20:21 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-26 20:21 . 2012-02-23 16:10 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-26 20:20 . 2012-02-23 16:23 41184 ----a-w- c:\windows\avastSS.scr
2012-02-26 20:20 . 2012-02-23 16:23 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-26 20:20 . 2012-02-26 20:20 -------- d-----w- c:\programdata\AVAST Software
2012-02-26 19:11 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-02-26 18:58 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-02-26 18:57 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-26 18:56 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-26 18:56 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-26 18:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-02-26 18:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-26 18:56 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-26 18:54 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-26 18:54 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-26 18:50 . 2012-02-20 00:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DD59D64-29BD-47E6-A7BA-7AF5CA5D28EB}\mpengine.dll
2012-02-26 18:50 . 2012-01-29 04:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-26 18:48 . 2012-02-26 18:48 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-02-26 18:44 . 2012-02-26 18:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-26 18:29 . 2012-02-26 18:29 -------- d-----w- c:\windows\SysWow64\BestPractices
2012-02-26 18:29 . 2012-02-26 18:29 -------- d-----w- c:\windows\system32\BestPractices
2012-02-26 18:29 . 2012-02-26 18:29 -------- d-----w- C:\inetpub
2012-02-26 17:50 . 2012-02-26 17:50 -------- d-----w- c:\programdata\ToshibaEurope
2012-02-26 17:42 . 2012-02-26 17:42 -------- d---a-w- c:\windows\OemDrv
2012-02-26 17:41 . 2012-02-26 17:41 -------- d-----w- c:\program files (x86)\Common Files\Toshiba Shared
2012-02-26 17:41 . 2009-07-24 14:57 482384 ----a-w- c:\windows\system32\drivers\tos_sps64.sys
2012-02-26 17:41 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-02-26 16:39 . 2012-02-26 18:20 -------- d-----w- c:\programdata\TOSHIBA
2012-02-26 16:38 . 2009-06-22 16:06 35008 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2012-02-26 16:37 . 2012-02-26 16:37 -------- d-----w- c:\program files\Synaptics
2012-02-26 16:36 . 2012-02-26 16:36 -------- d-----w- c:\windows\SysWow64\TSFM
2012-02-26 16:35 . 2009-02-02 17:27 7347200 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-02-26 16:35 . 2009-07-30 16:46 222208 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-02-26 16:35 . 2009-06-22 10:52 351744 ----a-w- c:\windows\system32\RtsUStor.dll
2012-02-26 16:33 . 2012-02-26 16:33 -------- d-----w- c:\program files (x86)\Realtek WLAN Driver
2012-02-26 16:29 . 1999-10-12 17:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2012-02-26 16:29 . 1999-10-12 17:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 07:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-27 07:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-26 20:41 . 2012-02-26 20:41 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-02-26 20:41 . 2012-02-26 20:41 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-08_10.16.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-10 13:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-08 10:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-10 13:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 10:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 10:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-10 13:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-21 13:14 . 2012-03-10 13:17 28104 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-10 13:17 36294 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-03-10 13:00 85968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-26 17:59 . 2012-03-10 13:17 6152 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3735874273-166697242-3897069045-1000_UserData.bin
- 2012-03-08 10:15 . 2012-03-08 10:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-10 13:29 . 2012-03-10 13:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-10 13:29 . 2012-03-10 13:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-08 10:15 . 2012-03-08 10:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-26 19:42 . 2012-03-10 13:15 196030 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-08 10:06 694522 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-10 13:16 694522 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2012-03-08 10:06 709908 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2012-03-10 13:16 709908 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-03-10 13:16 134668 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-08 10:06 134668 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2012-03-08 10:06 157972 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2012-03-10 13:16 157972 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2012-03-10 13:29 305540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-08 10:15 305540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-08-08 13:11 . 2008-08-08 13:11 232960 c:\windows\Installer\370dcb.msi
+ 2012-03-10 13:31 . 2012-03-10 13:31 1332208 c:\windows\temp\CR_279C0.tmp\setup.exe
+ 2009-07-14 04:45 . 2012-03-10 13:00 6929166 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-02-28 07:27 6929166 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="d:\programy\Avast\avastUI.exe" [2012-02-23 4031368]
"Malwarebytes' Anti-Malware"="d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 20:21]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 20:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- d:\programy\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSEH
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
.
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\programy\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-03-10 14:34:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-10 13:33
ComboFix2.txt 2012-03-08 10:20
.
Před spuštěním: Volných bajtů: 27 566 383 104
Po spuštění: Volných bajtů: 27 347 243 008
.
- - End Of File - - 04ADB250FAF6419BB9B2EF867A92A5D6

[quinter]

nový log HJT
__________________-


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:40:13, on 10.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Programy\Avast\AvastUI.exe
C:\Users\Tony\Desktop\Programy\Čištění PC\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "D:\Programy\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Programy\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5007 bytes

[quinter]

Po scanu asvMBR.exe je tam jenom možnost save log, exit, fix MBR, dal jsem save log a tady je obsah logu aswMBR.txt z plochy
________________________________________________________


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-10 14:42:46
-----------------------------
14:42:46.459 OS Version: Windows x64 6.1.7601 Service Pack 1
14:42:46.459 Number of processors: 2 586 0x170A
14:42:46.459 ComputerName: TONYHOPC UserName: Tony
14:42:47.332 Initialize success
14:42:47.473 AVAST engine defs: 12031001
14:42:51.107 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:42:51.107 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
14:42:51.139 Disk 0 MBR read successfully
14:42:51.154 Disk 0 MBR scan
14:42:51.154 Disk 0 Windows 7 default MBR code
14:42:51.170 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
14:42:51.185 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 50908 MB offset 821248
14:42:51.217 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 425630 MB offset 105081168
14:42:51.232 Disk 0 scanning C:\Windows\system32\drivers
14:42:57.425 Service scanning
14:43:18.142 Modules scanning
14:43:18.142 Disk 0 trace - called modules:
14:43:18.173 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:43:18.189 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c31760]
14:43:18.189 3 CLASSPNP.SYS[fffff88001bcf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800473e050]
14:43:18.595 AVAST engine scan C:\Windows
14:43:20.326 AVAST engine scan C:\Windows\system32
14:44:54.519 AVAST engine scan C:\Windows\system32\drivers
14:45:01.461 AVAST engine scan C:\Users\Tony
14:45:20.103 AVAST engine scan C:\ProgramData
14:45:26.967 Scan finished successfully
14:47:46.566 Disk 0 MBR has been saved successfully to "C:\Users\Tony\Desktop\MBR.dat"
14:47:46.571 The log file has been saved successfully to "C:\Users\Tony\Desktop\aswMBR.txt"

[Žbeky]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

Fixni:

Kód: Vybrat vše

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

Jak se chová PC?

[quinter]

Všechny kroky až po fixnutí hodnoty v HJT jsem provedl, ještě před přečtením reakce jsem Malwarebytes.exe vypnul jako program po spuštění (přes MSCONFIG-po spuštění), takže v novém scanu HJT daný řádek nebyl.

PC se choval i dřív celkem normálně, jen ten start systému byl delší, zítra dám vědět jak to vypadá se startem PC.

Mockrát Díky, Žbeky a Jaro3 za věnovaný čas, ať se vám daří :)