Kontrola logu - sekající YT Vyřešeno

[novoty]

Zdravím, je to asi 14 dní, co se mi začali sekat videa na YT a celkově začal zlobit flash obsah. PC jsem projel avastem a malwarebytes a nic to nenašlo. Zlobí to jak v IE tak v chromu. Napadlo mě přeinstalovat flash ¨ale chrome ho má v sobě snad už integrovaný. Reinstalovat celý PC se mi nechce. Můžete mi mrknout na log a zjsitit jestli tam nevidíte nějakou havět, která by to mohla způsobovat ? :) Díky


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:14, on 8.4.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wuauclt.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 3342 bytes

[Reklama]

[Žbeky]

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O13 - Gopher Prefix:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[novoty]

Zapoměl jsem spustit HJT jako správce.. takže tady máte ještě opravený log.. ve kterém se nachází více údajů.. jdu to fixnout


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:45, on 8.4.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wuauclt.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Users\David7\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 3906 bytes

[jaro3]

znova:

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

[novoty]

Hotovo


ComboFix 12-04-08.01 - David7 08.04.2012 21:04:37.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.768.404 [GMT 2:00]
Spuštěný z: c:\users\David7\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-08 do 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 19:19 . 2012-04-08 19:19 -------- d-----w- c:\users\RODINA\AppData\Local\temp
2012-04-08 19:19 . 2012-04-08 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 07:15 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-07 07:15 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-07 07:15 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-07 07:15 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-07 07:15 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-07 07:14 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-07 07:14 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-07 07:13 . 2012-04-07 07:13 -------- d-----w- c:\programdata\AVAST Software
2012-04-07 07:13 . 2012-04-07 07:13 -------- d-----w- c:\program files\AVAST Software
2012-04-06 06:34 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDB191C2-241D-4CF9-9D2B-CC8AD51D846F}\mpengine.dll
2012-04-05 05:51 . 2012-04-05 05:51 -------- d-----w- c:\users\David7\AppData\Roaming\Malwarebytes
2012-04-05 05:51 . 2012-04-05 05:51 -------- d-----w- c:\programdata\Malwarebytes
2012-03-14 11:07 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 11:07 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:33 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 08:33 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 08:32 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:32 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:32 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:32 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 08:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:32 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:32 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 20:37 . 2012-03-10 20:37 -------- d-----w- c:\users\David7\AppData\Roaming\Microsoft Games
2012-03-10 20:36 . 2006-06-03 15:09 4489216 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe
2012-03-10 20:35 . 2012-03-10 20:35 -------- d-----w- c:\programdata\Microsoft Games
2012-03-10 20:35 . 2006-06-01 16:10 60176 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\SetupENU3.dll
2012-03-10 20:35 . 2006-05-24 15:14 4674048 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\ui\zt.exe
2012-03-10 20:35 . 2006-05-24 15:02 53248 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon 2\ui\SetupENU3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 15:20 . 2012-03-07 15:20 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 15:20 . 2012-03-07 15:20 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 15:20 . 2012-03-07 15:20 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-07 15:20 . 2012-03-07 15:20 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-07 15:20 . 2012-03-07 15:20 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 15:20 . 2012-03-07 15:20 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 15:20 . 2012-03-07 15:20 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 15:20 . 2012-03-07 15:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 15:20 . 2012-03-07 15:20 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 15:20 . 2012-03-07 15:20 367104 ----a-w- c:\windows\system32\html.iec
2012-03-07 15:20 . 2012-03-07 15:20 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 15:20 . 2012-03-07 15:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-07 15:20 . 2012-03-07 15:20 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 15:20 . 2012-03-07 15:20 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-03-07 15:20 . 2012-03-07 15:20 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 15:20 . 2012-03-07 15:20 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 15:20 . 2012-03-07 15:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 15:20 . 2012-03-07 15:20 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-07 15:20 . 2012-03-07 15:20 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 15:20 . 2012-03-07 15:20 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 15:20 . 2012-03-07 15:20 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 08:18 . 2011-12-05 17:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 15:31 . 2012-01-30 15:22 2829 ----a-w- c:\windows\War3Unin.pif
2012-01-30 15:31 . 2012-01-30 15:22 139264 ----a-w- c:\windows\War3Unin.exe
2012-01-29 20:33 . 2012-01-29 20:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-05 16:55 136176 ----atw- c:\users\David7\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-05 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-01-29 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-08 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-12-06 14:04]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173573618-3690010222-2968250815-1001Core.job
- c:\users\David7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-05 16:55]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173573618-3690010222-2968250815-1001UA.job
- c:\users\David7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-05 16:55]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-Malwarebytes Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-04-08 21:27:15
ComboFix-quarantined-files.txt 2012-04-08 19:27
.
Před spuštěním: 4 529 008 640
Po spuštění: 4 777 697 280
.
- - End Of File - - DE1A72D854BBA13B2E59AAA3CA0F7F73

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Stáhni si Memtest:

Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.

[novoty]

Vyčištěno

Ten CrystalDisc nefunguje. Po úspěšné instalaci při spuštění programu se nic nestane.

[jaro3]

Stáhni si HD Tune

-nainstaluj, spusť program, klikni na záložku Error scan
Spusť Start a počkej , až skončí svojí práci. Pokud budou všechny čtverečky zelené je disk OK , pokud budou některá červená , disk odchází.

[novoty]

Po 5 minutách se rozjel


----------------------------------------------------------------------------
CrystalDiskInfo 4.2.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Ultimate Edition SP1 [6.1 Build 7601] (x86)
Date : 2012/04/08 22:54:44

-- Controller Map ----------------------------------------------------------
+ Řadiče úložiště Intel(R) 82801EB v režimu Ultra ATA - 24D1 [ATA]
+ ATA Channel 0 (0)
- WDC WD400JB-00FMA0 ATA Device
+ ATA Channel 1 (1)
- ST320410A ATA Device
- ASUS DRW-20B1LT ATA Device
+ Řadiče úložiště Intel(R) 82801EB v režimu Ultra ATA - 24DB [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ ALIQZRRA IDE Controller [SCSI]
- SHWFKRG W5EFWHQNC9 SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) WDC WD400JB-00FMA0 : 40.0 GB [0-0-0, pd1]
(2) ST320410A : 20.4 GB [1-1-0, pd1]
(3) TOSHIBA MK5059GSXP : 500.1 GB [2-X-X, sa1] (V=125F, P=A91A)

----------------------------------------------------------------------------
(1) WDC WD400JB-00FMA0
----------------------------------------------------------------------------
Model : WDC WD400JB-00FMA0
Firmware : 13.03G13
Serial Number : WD-WMAJ97230438
Disk Size : 40.0 GB (8.4/40.0/----)
Buffer Size : 8192 KB
Queue Depth : 1
# of Sectors : 78165360
Rotation Rate : Neznámy údaj
Interface : Parallel ATA
Major Version : ATA/ATAPI-6
Minor Version : ----
Transfer Mode : Ultra DMA/100
Power On Hours : 17241 hod.
Power On Count : 1570 krát
Temparature : 43 C (109 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 102 100 _21 0000000008D2 Čas na roztočení ploten
04 _99 _99 _40 000000000651 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 _51 000000000000 Počet chybných hledání
09 _77 _77 __0 000000004359 Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 _51 000000000000 Počet pokusů o překalibrování
0C _99 _99 __0 000000000622 Počet cyklů zapnutí zařízení
C2 100 _12 __0 00000000002B Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000010 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 42 7A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 57 44 2D 57 4D 41 4A 39 37 32 33 30
020: 34 33 38 20 20 20 20 20 00 00 40 00 00 3A 31 33
030: 2E 30 33 47 31 33 57 44 43 20 57 44 34 30 30 4A
040: 42 2D 30 30 46 4D 41 30 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 01 00 00 00 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 B5 70 04 A8 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0A0: 00 7E 00 00 34 6B 5B 01 40 03 34 69 18 01 40 03
0B0: 20 3F 00 00 00 00 00 00 00 00 60 0B 80 FE 00 00
0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 00 00 00 00 00 00 00 00 12 48 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E9 A5

----------------------------------------------------------------------------
(2) ST320410A
----------------------------------------------------------------------------
Model : ST320410A
Firmware : 3.39
Serial Number : 5FG3ASS0
Disk Size : 20.4 GB (8.4/20.4/----)
Buffer Size : 2048 KB
Queue Depth : 1
# of Sectors : 39851760
Rotation Rate : Neznámy údaj
Interface : Parallel ATA
Major Version : ATA/ATAPI-6
Minor Version : ----
Transfer Mode : Ultra DMA/100
Power On Hours : 6421 hod.
Power On Count : 3250 krát
Temparature : 39 C (102 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, AAM
APM Level : 0040h [ON]
AAM Level : 8000h [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _62 _53 _25 00000DDE167F Počet chyb čtení
03 _98 _98 __0 000000000000 Čas na roztočení ploten
04 100 100 _20 000000000201 Počet spuštění/zastavení
05 100 100 _36 000000000003 Počet přemapovaných sektorů
07 _83 _60 _30 00000C81F619 Počet chybných hledání
09 _93 _93 __0 000000001915 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _97 _97 _20 000000000CB2 Počet cyklů zapnutí zařízení
C2 _39 _50 __0 000000000027 Teplota
C3 100 253 __0 000000000000 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0C 5A 3F FF 00 00 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 35 46 47 33 41 53 53 30 20 20 20 20
020: 20 20 20 20 20 20 20 20 00 00 10 00 00 04 33 2E
030: 33 39 20 20 20 20 53 54 33 32 30 34 31 30 41 20
040: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 00 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 16 F0 02 60 00 00 04 07
080: 00 03 00 78 00 78 00 F0 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0A0: 00 7E 00 00 34 6B 4B 09 40 03 34 69 08 09 40 03
0B0: 00 3F 00 00 00 00 00 40 FF FE 60 3D 80 00 00 00
0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 86 B4 02 62 16 F0 02 60 2E 31 00 02 1C B6
110: 02 10 00 00 3C 03 3C B4 FF FF 00 0F 01 00 08 00
120: 04 28 09 00 8C 02 0C B9 00 3C 04 B0 E8 08 BD 10
130: 00 00 04 54 00 28 00 00 00 00 00 00 00 E0 00 0A
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D6 A5

----------------------------------------------------------------------------
(3) TOSHIBA MK5059GSXP
----------------------------------------------------------------------------
Enclosure : ADATA HDD NH92 USB Device (V=125F, P=A91A, sa1)
Model : TOSHIBA MK5059GSXP
Firmware : GN001U
Serial Number : 81IKCN0BT
Disk Size : 500.1 GB (8.4/137.4/500.1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : USB (Serial ATA)
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : Neznámy údaj
Power On Count : Neznámy údaj
Temparature : Neznámy údaj
Health Status : Neznámý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 00 40 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 38
020: 31 49 4B 43 4E 30 42 54 00 00 40 00 00 00 47 4E
030: 30 30 31 55 20 20 54 4F 53 48 49 42 41 20 4D 4B
040: 35 30 35 39 47 53 58 50 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 00 02 00 00 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 07 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 0F 06 00 02 00 4C 00 40
0A0: 01 F8 00 00 74 6B 7D 09 61 63 74 68 BC 09 61 63
0B0: 20 3F 00 4B 00 4B 00 80 FF FE 00 00 00 00 00 00
0C0: 00 00 00 00 00 00 00 00 60 30 3A 38 00 00 00 00
0D0: 00 00 00 00 60 03 00 00 50 00 03 93 73 C8 70 D1
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 18
0F0: 40 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 3D 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 15 18 00 00 00 00 00 00 00 00 10 1F 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 01 00 80 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2F A5

[jaro3]

(2) ST320410A
Temparature : 39 C (102 F)
Health Status : Pozor
01 _62 _53 _25 00000DDE167F Počet chyb čtení
05 100 100 _36 000000000003 Počet přemapovaných sektorů
07 _83 _60 _30 00000C81F619 Počet chybných hledání

ten na tom není dobře , hlavně přemapované sektory. Teplota je taky vyšší.

Ještě Memtest.

[novoty]

Je to možný a i s tím docela počítám, bohužel mi před Vánoci odešel hlavní disk, tak jsem byl nucen ho nahradit těmito 2 starýma co mi leželi doma nevyužité, budou to muset ještě chvíli vydržet než seženu někde nějaký jiný pořádný. Memtest stále ještě jede.

[Damned]

Na Virustotalu nechej zkontrolovat soubor c:\windows\AutoKMS.exe a vlož sem odkaz na výsledek.
Pokud ti nabídne, že soubor již zkontroloval, nech zkontrolovat znova svůj.