Zbytečné vytížení CPU a GPU

Endis22 · Příspěvekod **Endis22** » 09 bře 2013 17:45

skvělej odhad s bing barem :)

Reklama

Příspěvekod **jaro3** » 10 bře 2013 21:43

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

Driver::
SharedReg

NetSvcs::
SharedReg

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

SuperAntiSpyware
stáhni SuperAntiSpyware
aktualizuj databázi , proveď sken a následně nákazy smaž

Endis22 · Příspěvekod **Endis22** » 13 bře 2013 10:58

log ze závěru čistícího procesu:

ComboFix 13-03-07.03 - Bady 12.03.2013 18:05:53.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8169.6157 [GMT 1:00]
Spuštěný z: c:\users\Bady\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Bady\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SharedReg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-12 do 2013-03-12 )))))))))))))))))))))))))))))))
.
.
2013-03-12 17:10 . 2013-03-12 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-09 11:54 . 2013-03-09 12:14 -------- d-----w- c:\users\Bady\AppData\Roaming\BabSolution
2013-03-09 11:54 . 2013-03-09 11:54 -------- d-----w- c:\users\Bady\AppData\Roaming\Babylon
2013-03-09 11:54 . 2013-03-09 11:54 -------- d-----w- c:\programdata\Babylon
2013-03-09 11:54 . 2013-03-09 11:54 -------- d-----w- c:\users\Bady\AppData\Local\Google
2013-03-09 11:54 . 2013-03-09 11:54 -------- d-----w- c:\program files (x86)\Gophoto.it
2013-03-09 11:54 . 2013-03-09 12:14 -------- d-----w- c:\program files (x86)\TornTV.com
2013-03-09 01:02 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9817EDB-6CE0-4EBD-952B-B73D7EEAA19E}\mpengine.dll
2013-03-07 10:16 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-06 22:35 . 2010-01-05 18:23 1847296 ----a-w- c:\windows\system32\drivers\athurx.sys
2013-03-06 22:35 . 2010-01-05 18:23 1847296 ----a-r- c:\windows\system32\athurx.sys
2013-03-06 22:35 . 2013-03-06 22:35 -------- d-----w- c:\windows\Options
2013-03-05 19:26 . 2013-03-05 19:26 388096 ----a-r- c:\users\Bady\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-24 20:20 . 2013-02-24 20:20 -------- d-sh--w- c:\programdata\DSS
2013-02-24 20:19 . 2013-02-24 20:19 -------- d-----w- c:\users\Bady\AppData\Roaming\Lionhead Studios
2013-02-24 19:55 . 2013-02-24 19:55 -------- d-----w- c:\users\Bady\AppData\Roaming\Avira
2013-02-24 19:50 . 2013-02-24 19:50 -------- d-----w- c:\programdata\Avira
2013-02-24 19:50 . 2013-02-24 19:31 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-24 19:50 . 2013-02-24 19:31 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-24 19:50 . 2013-02-24 19:31 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-16 22:46 . 2013-02-16 22:46 -------- d-----w- c:\users\UpdatusUser
2013-02-16 22:44 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2013-02-16 22:44 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2013-02-16 22:44 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-16 22:44 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-16 22:44 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll
2013-02-16 22:44 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-16 22:43 . 2013-02-16 22:43 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-02-15 20:33 . 2013-02-15 20:33 -------- d-----w- c:\program files (x86)\VibrateGameDeviceDriver
2013-02-14 22:58 . 2013-03-09 09:47 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-02-14 20:25 . 2013-02-15 22:44 -------- d-----w- c:\users\Bady\AppData\Roaming\Malwarebytes
2013-02-14 20:24 . 2013-02-15 22:44 -------- d-----w- c:\programdata\Malwarebytes
2013-02-14 20:13 . 2013-02-07 18:37 23968 ----a-w- c:\windows\system32\drivers\rspLLL64.sys
2013-02-14 20:13 . 2013-02-14 20:13 -------- d-----w- c:\users\Bady\AppData\Local\Programs
2013-02-13 23:09 . 2013-02-15 22:44 -------- d-----w- c:\users\Bady\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2013-02-13 17:25 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 17:25 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 17:25 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 17:25 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 17:23 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 17:23 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 17:23 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 17:23 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 17:23 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 17:23 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 17:23 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:23 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 17:23 . 2012-12-26 05:47 1111040 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:23 . 2012-12-26 04:49 760320 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:02 . 2013-02-13 17:02 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-02-13 17:01 . 2012-02-10 04:13 68928 ----a-w- c:\windows\system32\OpenCL.dll
2013-02-13 16:21 . 2013-02-13 16:21 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-13 16:21 . 2013-02-13 16:21 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-02-13 16:21 . 2013-02-13 16:21 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-13 16:21 . 2013-02-13 16:21 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-02-13 16:21 . 2013-02-13 16:21 -------- d-----w- c:\program files (x86)\OpenAL
2013-02-12 23:24 . 2013-02-12 23:24 -------- d-----w- c:\users\Bady\AppData\Local\IsolatedStorage
2013-02-12 23:24 . 2013-02-12 23:24 -------- d-----w- c:\users\Bady\AppData\Local\Futuremark_Corporation
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 12:33 . 2012-05-03 09:14 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 12:33 . 2011-10-24 16:23 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 17:28 . 2011-10-28 11:15 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-10 22:01 . 2013-02-05 22:47 270848 ----a-w- c:\windows\SysWow64\sbs_wminet_utils.dat
2013-02-10 22:01 . 2013-02-03 14:48 410112 ----a-w- c:\windows\system32\sbs_mscorrc.dat
2013-02-10 22:01 . 2013-02-03 14:48 270848 ----a-w- c:\windows\system32\sbs_mscorsec.dat
2013-02-04 23:23 . 2013-02-04 23:23 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-04 23:23 . 2013-02-04 23:24 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-04 23:23 . 2012-02-21 14:21 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-03 14:53 . 2013-02-03 14:48 309760 ----a-w- c:\windows\system32\SharedReg.dll
2013-01-31 17:32 . 2013-01-31 17:32 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2013-01-31 17:32 . 2013-01-31 17:32 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
2013-01-17 00:28 . 2011-10-24 17:56 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 17:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-20 21:37 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-20 21:37 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 21:37 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-20 21:37 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"ASUS ShellProcess Execute"="c:\programy\Asus AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"avgnt"="c:\programy\Avira\AntiVir Desktop\avgnt.exe" [2013-02-24 385248]
.
c:\users\Bady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor technologie Intel(R) Turbo Boost 2.6.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2012-5-30 207400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
R3 netr7364;ASUS USB - ovladač karty pro bezdrátovou síť LAN pro systém Windows Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\programy\MW online\Tunngle\TnglCtrl.exe [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\programy\Avira\AntiVir Desktop\sched.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 AtherosSvc;AtherosSvc;c:\programy\Bluetooth Suite\adminservice.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 BthMtpEnum;Modul pro výčet zařízení Bluetooth MTP;c:\windows\system32\DRIVERS\BthMtpEnum.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 13:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 12:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\programy\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\programy\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SharedReg
SharedReg
SharedReg
SharedReg
SharedReg
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=1197 ... f65212b5c7
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\programy\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Bady\AppData\Roaming\Mozilla\Firefox\Profiles\arm7dqgb.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/?utm_source=ch-se ... paign=home
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\programy\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\programy\Nero 8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\programy\Asus AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\programy\Asus AI Suite II\AsRoutineController.exe
c:\programy\Asus AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
c:\programy\Asus AI Suite II\EPU\EPUHelp.exe
c:\programy\Asus AI Suite II\AI Suite II.exe
c:\programy\Asus AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-03-12 18:17:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-12 17:17
ComboFix2.txt 2013-03-07 20:39
ComboFix3.txt 2013-02-15 20:01
.
Před spuštěním: Volných bajtů: 18 156 937 216
Po spuštění: Volných bajtů: 17 779 314 688
.
- - End Of File - - 5725412ACA312013063B90377D8D1316

log z hjt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:02, on 13.3.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Programy\Asus AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Programy\Asus AI Suite II\AsRoutineController.exe
C:\Programy\Asus AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Programy\Asus AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Programy\Asus AI Suite II\EPU\EPUHelp.exe
C:\Programy\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Programy\Asus AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Programy\Avira\AntiVir Desktop\avgnt.exe
C:\Programy\Asus AI Suite II\AI Suite II.exe
C:\Programy\Asus AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Programy\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1197 ... f65212b5c7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programy\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ASUS ShellProcess Execute] C:\Programy\Asus AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programy\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programy\Nová složka\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1242357953-1970568119-3888269350-1018\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - Startup: Monitor technologie Intel(R) Turbo Boost 2.6.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programy\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programy\ICQ7.6\ICQ.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programy\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programy\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programy\Nová složka\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programy\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programy\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Programy\Bluetooth Suite\adminservice.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programy\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Programy\MW online\Tunngle\TnglCtrl.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11122 bytes

Log ASWMBR:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-12 18:33:13
-----------------------------
18:33:13.962 OS Version: Windows x64 6.1.7601 Service Pack 1
18:33:13.962 Number of processors: 4 586 0x2A07
18:33:13.962 ComputerName: FERDA UserName: Bady
18:33:15.086 Initialize success
18:45:20.530 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:45:20.530 Disk 0 Vendor: WDC_WD10 51.0 Size: 953868MB BusType: 3
18:45:20.530 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
18:45:20.530 Disk 1 Vendor: ST325062 3.AA Size: 238345MB BusType: 3
18:45:20.545 Disk 1 MBR read successfully
18:45:20.545 Disk 1 MBR scan
18:45:20.561 Disk 1 Windows 7 default MBR code
18:45:20.561 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238331 MB offset 63
18:45:20.576 Disk 1 scanning C:\Windows\system32\drivers
18:45:29.765 Service scanning
18:45:44.476 Modules scanning
18:45:44.476 Disk 1 trace - called modules:
18:45:44.491 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:45:44.491 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8009570060]
18:45:45.006 3 CLASSPNP.SYS[fffff88001ba143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80071bb050]
18:45:45.006 Scan finished successfully
18:46:06.846 Disk 1 MBR has been saved successfully to "C:\Users\Bady\Desktop\MBR.dat"
18:46:06.846 The log file has been saved successfully to "C:\Users\Bady\Desktop\aswMBR.txt"

Příspěvekod **jaro3** » 13 bře 2013 19:13

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1197 ... f65212b5c7
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
Folder::
c:\users\Bady\AppData\Roaming\Babylon
c:\programdata\Babylon

Driver::
SharedReg

NetSvcs::
SharedReg

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\SysWow64\sbs_wminet_utils.dat
c:\windows\system32\sbs_mscorrc.dat
c:\windows\system32\sbs_mscorsec.dat

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“, celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Endis22 · Příspěvekod **Endis22** » 14 bře 2013 20:56

Rád bych spustil ten script ale nic to nedělá, neudělal jsem tam nějakou chybu?

: combofix 2.PNG (58.01 KiB) Zobrazeno 464 x

Příspěvekod **Žbeky** » 14 bře 2013 21:12

Zkus CF stáhnout znova a ujisti se, že máš dobře napsaný ten skript

Endis22 · Příspěvekod **Endis22** » 15 bře 2013 17:40

Log se scriptem

ComboFix 13-03-14.02 - Bady 14.03.2013 21:57:44.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8169.6311 [GMT 1:00]
Spuštěný z: C:\Users\Bady\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\Users\Bady\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

c:\programdata\Babylon
c:\users\Bady\AppData\Roaming\Babylon
c:\users\Bady\AppData\Roaming\Babylon\log_file.txt

((((((((((((((((((((((((( Soubory vytvořené od 2013-02-14 do 2013-03-14 )))))))))))))))))))))))))))))))

2013-03-14 21:01:40 . 2013-03-14 21:01:40 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-03-14 18:53:41 . 2013-02-08 00:28:29 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8E334F15-8680-48F3-9E8F-6DF5D89E0F69}\mpengine.dll
2013-03-13 13:07:47 . 2013-03-13 13:07:47 27760 ----a-w- C:\Windows\system32\drivers\ggsemc.sys
2013-03-13 13:07:47 . 2013-03-13 13:07:47 14448 ----a-w- C:\Windows\system32\drivers\ggflt.sys
2013-03-12 17:58:11 . 2013-03-12 17:58:11 -------- d-----w- C:\Users\Bady\AppData\Roaming\SUPERAntiSpyware.com
2013-03-12 17:57:32 . 2013-03-12 17:57:32 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-03-09 11:54:58 . 2013-03-09 12:14:18 -------- d-----w- C:\Users\Bady\AppData\Roaming\BabSolution
2013-03-09 11:54:43 . 2013-03-09 11:54:43 -------- d-----w- C:\Users\Bady\AppData\Local\Google
2013-03-09 11:54:41 . 2013-03-09 11:54:41 -------- d-----w- C:\Program Files (x86)\Gophoto.it
2013-03-09 11:54:35 . 2013-03-09 12:14:37 -------- d-----w- C:\Program Files (x86)\TornTV.com
2013-03-07 10:16:38 . 2012-12-14 15:49:28 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-03-06 22:35:32 . 2010-01-05 18:23:18 1847296 ----a-w- C:\Windows\system32\drivers\athurx.sys
2013-03-06 22:35:32 . 2010-01-05 18:23:18 1847296 ----a-r- C:\Windows\system32\athurx.sys
2013-03-06 22:35:31 . 2013-03-06 22:35:31 -------- d-----w- C:\Windows\Options
2013-03-05 19:26:58 . 2013-03-05 19:26:58 388096 ----a-r- C:\Users\Bady\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-24 20:20:18 . 2013-02-24 20:20:18 -------- d-sh--w- C:\ProgramData\DSS
2013-02-24 20:19:38 . 2013-02-24 20:19:38 -------- d-----w- C:\Users\Bady\AppData\Roaming\Lionhead Studios
2013-02-24 19:55:55 . 2013-02-24 19:55:55 -------- d-----w- C:\Users\Bady\AppData\Roaming\Avira
2013-02-24 19:50:51 . 2013-02-24 19:50:51 -------- d-----w- C:\ProgramData\Avira
2013-02-24 19:50:51 . 2013-02-24 19:31:57 99912 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2013-02-24 19:50:51 . 2013-02-24 19:31:57 27800 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2013-02-24 19:50:51 . 2013-02-24 19:31:57 129216 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2013-02-16 22:46:23 . 2013-02-16 22:46:24 -------- d-----w- C:\Users\UpdatusUser
2013-02-16 22:44:58 . 2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\system32\nvcoproc.bin
2013-02-16 22:44:58 . 2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\system32\nvsvc64.dll
2013-02-16 22:44:58 . 2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\system32\nvcpl.dll
2013-02-16 22:44:58 . 2012-10-02 19:50:57 891240 ----a-w- C:\Windows\system32\nvvsvc.exe
2013-02-16 22:44:58 . 2012-10-02 19:50:57 63336 ----a-w- C:\Windows\system32\nvshext.dll
2013-02-16 22:44:58 . 2012-10-02 19:50:57 118120 ----a-w- C:\Windows\system32\nvmctray.dll
2013-02-16 22:43:31 . 2013-02-16 22:43:31 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-02-15 20:33:37 . 2013-02-15 20:33:37 -------- d-----w- C:\Program Files (x86)\VibrateGameDeviceDriver
2013-02-14 22:58:48 . 2013-03-09 09:47:09 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-14 20:25:00 . 2013-02-15 22:44:26 -------- d-----w- C:\Users\Bady\AppData\Roaming\Malwarebytes
2013-02-14 20:24:31 . 2013-02-15 22:44:14 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-14 20:13:44 . 2013-02-07 18:37:48 23968 ----a-w- C:\Windows\system32\drivers\rspLLL64.sys
2013-02-14 20:13:29 . 2013-02-14 20:13:29 -------- d-----w- C:\Users\Bady\AppData\Local\Programs
2013-02-13 23:09:25 . 2013-02-15 22:44:24 -------- d-----w- C:\Users\Bady\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2013-02-13 17:25:08 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-02-13 17:25:07 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 17:25:06 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 17:25:04 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys
2013-02-13 17:23:56 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll
2013-02-13 17:23:56 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 17:23:56 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 17:23:56 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 17:23:56 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 17:23:54 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 17:23:51 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-02-13 17:23:50 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 17:23:36 . 2012-12-26 05:47:05 1111040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:23:36 . 2012-12-26 04:49:44 760320 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:02:24 . 2013-02-13 17:02:24 -------- d-----w- C:\Program Files (x86)\AGEIA Technologies
2013-02-13 17:01:33 . 2012-02-10 04:13:00 68928 ----a-w- C:\Windows\system32\OpenCL.dll
2013-02-13 16:21:54 . 2013-02-13 16:21:54 466456 ----a-w- C:\Windows\system32\wrap_oal.dll
2013-02-13 16:21:54 . 2013-02-13 16:21:54 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-02-13 16:21:54 . 2013-02-13 16:21:54 122904 ----a-w- C:\Windows\system32\OpenAL32.dll
2013-02-13 16:21:54 . 2013-02-13 16:21:54 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-02-13 16:21:54 . 2013-02-13 16:21:54 -------- d-----w- C:\Program Files (x86)\OpenAL
2013-02-12 23:24:03 . 2013-02-12 23:24:03 -------- d-----w- C:\Users\Bady\AppData\Local\IsolatedStorage
2013-02-12 23:24:00 . 2013-02-12 23:24:00 -------- d-----w- C:\Users\Bady\AppData\Local\Futuremark_Corporation
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-03-14 20:33:22 . 2012-05-03 09:14:52 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-14 20:33:22 . 2011-10-24 16:23:55 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 17:28:36 . 2011-10-28 11:15:43 70004024 ----a-w- C:\Windows\system32\MRT.exe
2013-02-10 22:01:00 . 2013-02-05 22:47:30 270848 ----a-w- C:\Windows\SysWow64\sbs_wminet_utils.dat
2013-02-10 22:01:00 . 2013-02-03 14:48:26 410112 ----a-w- C:\Windows\system32\sbs_mscorrc.dat
2013-02-04 23:23:48 . 2013-02-04 23:23:53 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-04 23:23:44 . 2013-02-04 23:24:01 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-04 23:23:43 . 2012-02-21 14:21:46 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-03 14:53:37 . 2013-02-03 14:48:26 309760 ----a-w- C:\Windows\system32\SharedReg.dll
2013-01-31 17:32:49 . 2013-01-31 17:32:49 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll
2013-01-31 17:32:49 . 2013-01-31 17:32:49 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll
2013-01-17 00:28:58 . 2011-10-24 17:56:47 273840 ------w- C:\Windows\system32\MpSigStub.exe
2013-01-04 04:43:21 . 2013-02-13 17:23:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 . 2012-12-20 21:37:25 46080 ----a-w- C:\Windows\system32\atmlib.dll
2012-12-16 14:45:03 . 2012-12-20 21:37:23 367616 ----a-w- C:\Windows\system32\atmfd.dll
2012-12-16 14:13:28 . 2012-12-20 21:37:23 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 . 2012-12-20 21:37:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584]
"DAEMON Tools Lite"="C:\Programy\DAEMON Tools Lite\DTLite.exe" [2011-08-02 07:33:30 4910912]
"SUPERAntiSpyware"="C:\Programy\Nová složka\SUPERAntiSpyware.exe" [2012-11-01 19:41:30 5629312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 01:53:16 113288]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2010-01-19 02:27:56 43632]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 21:54:20 283160]
"ASUS ShellProcess Execute"="C:\Programy\Asus AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 13:47:10 252544]
"ASUS Ai Charger"="C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 13:38:54 465536]
"BCU"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 11:15:56 375000]
"avgnt"="C:\Programy\Avira\AntiVir Desktop\avgnt.exe" [2013-02-24 19:31:20 385248]

C:\Users\Bady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor technologie Intel(R) Turbo Boost 2.6.lnk - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe [2012-5-30 207400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys [2010-10-27 13:50:28 55336]
R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 18:23:18 1847296]
R3 DynCal;Dynamic Calibration Service;C:\Windows\system32\drivers\Dyncal.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 14:46:50 137488]
R3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2013-03-13 13:07:47 14448]
R3 IOMap;IOMap;C:\Windows\system32\drivers\IOMap64.sys [2010-02-22 14:46:36 23680]
R3 netr7364;ASUS USB - ovladač karty pro bezdrátovou síť LAN pro systém Windows Vista;C:\Windows\system32\DRIVERS\netr7364.sys [2009-06-10 20:35:38 707072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 11:03:42 20992]
R3 rspLLL;rspLLL;C:\Windows\system32\DRIVERS\rspLLL64.sys [2013-02-07 18:37:48 23968]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;C:\Programy\MW online\Tunngle\TnglCtrl.exe [2012-07-19 16:08:04 738152]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-05-30 12:11:34 149544]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-28 17:20:27 1255736]
S0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys [2010-10-20 18:05:18 14592]
S0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys [2010-11-22 07:09:06 303408]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-02-24 19:31:57 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-24 16:28:25 270912]
S1 SASDIFSV;SASDIFSV;C:\Programy\Nová složka\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;C:\Programy\Nová složka\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S2 !SASCORE;SAS Core Service;C:\Programy\Nová složka\SASCORE64.EXE [2012-07-11 18:54:58 140672]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Programy\Avira\AntiVir Desktop\sched.exe [2013-02-24 19:31:42 86752]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 09:30:14 918144]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 02:15:14 915584]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 09:52:26 586880]
S2 AtherosSvc;AtherosSvc;C:\Programy\Bluetooth Suite\adminservice.exe [2010-10-27 15:18:52 52896]
S2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 11:16:00 223464]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 21:54:22 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe [2010-08-12 13:00:20 133800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 12:15:38 382824]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys [2012-05-30 12:10:50 16168]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys [2010-10-27 14:50:28 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys [2010-10-27 14:50:28 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys [2010-10-27 14:50:28 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 14:50:28 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 14:50:28 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 14:50:28 156520]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys [2010-10-27 14:50:28 279152]
S3 BthMtpEnum;Modul pro výčet zařízení Bluetooth MTP;C:\Windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 00:21:35 64512]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 17:28:32 26136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 05:50:36 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 05:50:36 181248]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 03:46:50 333928]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 06:02:42 31232]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 13:05:00 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

Obsah adresáře 'Naplánované úlohy'

2013-03-14 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 09:14:52 . 2013-03-14 20:33:23]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11:32:36 11545192]
"AtherosBtStack"="C:\Programy\Bluetooth Suite\BtvStack.exe" [2010-10-27 15:19:14 613536]
"AthBtTray"="C:\Programy\Bluetooth Suite\AthBtTray.exe" [2010-10-27 15:18:54 379040]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 01:39:57 168960]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SharedReg
SharedReg
SharedReg
SharedReg
SharedReg

------- Doplňkový sken -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programy\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - C:\Users\Bady\AppData\Roaming\Mozilla\Firefox\Profiles\arm7dqgb.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/?utm_source=ch-se ... paign=home
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Moorhuhn Winter-Edition - C:\Windows\IsUn0407.exe

Log po scryptu:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:02, on 13.3.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Programy\Asus AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Programy\Asus AI Suite II\AsRoutineController.exe
C:\Programy\Asus AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Programy\Asus AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Programy\Asus AI Suite II\EPU\EPUHelp.exe
C:\Programy\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Programy\Asus AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Programy\Avira\AntiVir Desktop\avgnt.exe
C:\Programy\Asus AI Suite II\AI Suite II.exe
C:\Programy\Asus AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Programy\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1197 ... f65212b5c7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programy\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ASUS ShellProcess Execute] C:\Programy\Asus AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programy\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programy\Nová složka\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1242357953-1970568119-3888269350-1018\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - Startup: Monitor technologie Intel(R) Turbo Boost 2.6.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programy\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programy\ICQ7.6\ICQ.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programy\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programy\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programy\Nová složka\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programy\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programy\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Programy\Bluetooth Suite\adminservice.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programy\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Programy\MW online\Tunngle\TnglCtrl.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11122 bytes

S těma systémovejma souborama máte pravdu, asi jsou zavirovaný, obdivuju jak jste na to přišel, resp nevím jak :)

https://www.virustotal.com/cs/file/9ca0 ... 363364028/

Ty další dvě nemůžu najít

log z RogueKiller

RogueKiller V8.5.3 [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Bady [Práva správce]
Mód : Kontrola -- Datum : 03/15/2013 17:38:36
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\windows\system32\config\SYSTEM
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Users\ferda\NTUSER.DAT
-> E:\Users\UpdatusUser\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EARX-00N0YB0 +++++
--- User ---
[MBR] 766d91aa5653496ac848deca292a122b
[BSP] ea9968fa20456a376258c35b14a0fdf6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3250620AS +++++
--- User ---
[MBR] b2ff1329708ff864e32251679f6f3b5d
[BSP] 11cc0b2517f8a25ffacdf9730d669314 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238331 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Corsair VoyagerGT USB Device +++++
--- User ---
[MBR] 3300e173912bc7b80800aafe4328f267
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40 | Size: 15295 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_03152013_02d1738.txt >>
RKreport[1]_S_03152013_02d1738.txt

Endis22 · Příspěvekod **Endis22** » 15 bře 2013 18:52

Jinak mi přijde že ten procesor už funguje tak jak má i bez správce úloh, problem solved.

Příspěvekod **jaro3** » 15 bře 2013 23:50

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1197 ... f65212b5c7
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
Collect::
c:\windows\SysWow64\sbs_wminet_utils.dat
c:\windows\system32\sbs_mscorrc.dat
c:\windows\system32\sbs_mscorsec.dat

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

-RogueKiller--
Ukončete všechny programy, které mohou být zahájeny.
Prosím, odpojte všechny USB nebo externí disky z počítače před spuštěním tohoto prověřování!
Pro Windows Vista nebo Windows 7, klepněte pravým tlačítkem myši a vyberte "Spustit jako správce", kdo
V systému Windows XP poklepejte spustit.
Počkejte, až Prescan dokončí ...
Pak klikněte na "Scan" tlačítko
Počkejte, dokud Status okno zobrazuje "Scan Finální"
klikněte na "Delete"
Počkejte, dokud Status box zobrazuje "Smazání Finished"
Klikněte na "zprávy" a kopírovat / vložit obsah Poznámkový blok do další odpovědi.Log je možno nalézt v RKreport [1]. Txt na ploše Konec / Zavřít RogueKiller +

Spusť znovu RogueKiller
Pokud používáš Win Vista či W7, klikni na RogueKiller pravým a dej spustit jako správce.
Oprava MBR , zaškrtnout
Kontrola Faked , zaškrtnout
Antirootkit , zaškrtnout

Zvol možnost Prohledat a poté Smazat a následně Zpráva - otevře se log, ten sem prosím vlož celý.

Pak klikni na [b]Oprava MBR[/b - otevře se log, ten sem vlož.

Endis22 · Příspěvekod **Endis22** » 19 bře 2013 19:24

Děkuju za pomoc.

Tohle jsem v hjt nenašel:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1197 ... f65212b5c7
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
zbytek jsem fixnul

Log z combofix:
ComboFix 13-03-14.02 - Bady 19.03.2013 18:53:50.6.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8169.6463 [GMT 1:00]
Spuštěný z: c:\users\Bady\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Bady\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\users\Bady\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-19 do 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 17:54 . 2013-03-19 17:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-19 17:54 . 2013-03-19 17:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-19 17:54 . 2013-03-19 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-19 12:19 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6EAD855-4A86-4F82-9CC0-8E4819D50BEA}\mpengine.dll
2013-03-19 11:39 . 2013-03-19 11:39 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-18 12:34 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-18 12:34 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-18 12:34 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2013-03-15 22:21 . 2013-03-15 22:21 -------- d-----w- c:\users\Bady\AppData\Local\FLT
2013-03-14 21:11 . 2013-03-14 21:11 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 13:07 . 2013-03-13 13:07 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-03-13 13:07 . 2013-03-13 13:07 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-03-12 17:58 . 2013-03-12 17:58 -------- d-----w- c:\users\Bady\AppData\Roaming\SUPERAntiSpyware.com
2013-03-12 17:57 . 2013-03-12 17:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-03-09 11:54 . 2013-03-09 12:14 -------- d-----w- c:\users\Bady\AppData\Roaming\BabSolution
2013-03-09 11:54 . 2013-03-09 11:54 -------- d-----w- c:\users\Bady\AppData\Local\Google
2013-03-09 11:54 . 2013-03-09 11:54 -------- d-----w- c:\program files (x86)\Gophoto.it
2013-03-09 11:54 . 2013-03-09 12:14 -------- d-----w- c:\program files (x86)\TornTV.com
2013-03-07 10:16 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-06 22:35 . 2010-01-05 18:23 1847296 ----a-w- c:\windows\system32\drivers\athurx.sys
2013-03-06 22:35 . 2010-01-05 18:23 1847296 ----a-r- c:\windows\system32\athurx.sys
2013-03-06 22:35 . 2013-03-06 22:35 -------- d-----w- c:\windows\Options
2013-03-05 19:26 . 2013-03-05 19:26 388096 ----a-r- c:\users\Bady\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-24 20:20 . 2013-02-24 20:20 -------- d-sh--w- c:\programdata\DSS
2013-02-24 20:19 . 2013-02-24 20:19 -------- d-----w- c:\users\Bady\AppData\Roaming\Lionhead Studios
2013-02-24 19:55 . 2013-02-24 19:55 -------- d-----w- c:\users\Bady\AppData\Roaming\Avira
2013-02-24 19:50 . 2013-02-24 19:50 -------- d-----w- c:\programdata\Avira
2013-02-24 19:50 . 2013-02-24 19:31 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-24 19:50 . 2013-02-24 19:31 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-24 19:50 . 2013-02-24 19:31 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 11:39 . 2013-02-04 23:24 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-19 11:39 . 2012-02-21 14:21 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 21:12 . 2011-10-28 11:15 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-14 20:33 . 2012-05-03 09:14 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 20:33 . 2011-10-24 16:23 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 16:21 . 2013-02-13 16:21 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-13 16:21 . 2013-02-13 16:21 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-02-13 16:21 . 2013-02-13 16:21 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-13 16:21 . 2013-02-13 16:21 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-02-10 22:01 . 2013-02-05 22:47 270848 ------w- c:\windows\SysWow64\sbs_wminet_utils.dat
2013-02-10 22:01 . 2013-02-03 14:48 410112 ----a-w- c:\windows\system32\sbs_mscorrc.dat
2013-02-07 18:37 . 2013-02-14 20:13 23968 ----a-w- c:\windows\system32\drivers\rspLLL64.sys
2013-02-03 14:53 . 2013-02-03 14:48 309760 ----a-w- c:\windows\system32\SharedReg.dll
2013-01-31 17:32 . 2013-01-31 17:32 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2013-01-31 17:32 . 2013-01-31 17:32 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
2013-01-17 00:28 . 2011-10-24 17:56 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 17:25 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 17:25 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 17:25 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 17:23 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 17:23 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 17:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 17:25 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 17:23 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 17:23 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 17:23 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 17:23 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 17:23 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 17:23 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"SUPERAntiSpyware"="c:\programy\Nová složka\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"ASUS ShellProcess Execute"="c:\programy\Asus AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"avgnt"="c:\programy\Avira\AntiVir Desktop\avgnt.exe" [2013-02-24 385248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Bady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor technologie Intel(R) Turbo Boost 2.6.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2012-5-30 207400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-03-13 14448]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
R3 netr7364;ASUS USB - ovladač karty pro bezdrátovou síť LAN pro systém Windows Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys [2013-02-07 23968]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\programy\MW online\Tunngle\TnglCtrl.exe [2012-07-19 738152]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-28 1255736]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-20 14592]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-24 270912]
S1 SASDIFSV;SASDIFSV;c:\programy\Nová složka\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\programy\Nová složka\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\programy\Nová složka\SASCORE64.EXE [2012-07-11 140672]
S2 AntiVirSchedulerService;Avira Scheduler;c:\programy\Avira\AntiVir Desktop\sched.exe [2013-02-24 86752]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AtherosSvc;AtherosSvc;c:\programy\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2012-05-30 16168]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 BthMtpEnum;Modul pro výčet zařízení Bluetooth MTP;c:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 64512]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-05-30 149544]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 13:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 20:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\programy\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\programy\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SharedReg
SharedReg
SharedReg
SharedReg
SharedReg
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\programy\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Bady\AppData\Roaming\Mozilla\Firefox\Profiles\arm7dqgb.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\programy\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\programy\Nero 8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\programy\Asus AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\programy\Asus AI Suite II\AsRoutineController.exe
c:\programy\Asus AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
c:\programy\Asus AI Suite II\EPU\EPUHelp.exe
c:\programy\Asus AI Suite II\AI Suite II.exe
c:\programy\Asus AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-03-19 19:03:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-19 18:02
ComboFix2.txt 2013-03-12 17:17
ComboFix3.txt 2013-03-07 20:39
ComboFix4.txt 2013-02-15 20:01
.
Před spuštěním: Volných bajtů: 17 866 104 832
Po spuštění: Volných bajtů: 17 393 770 496
.
- - End Of File - - FE8C9486025D22C0528D0AE5AC01E240
Nahr nˇ probŘhlo ŁspŘçnŘ

Endis22 · Příspěvekod **Endis22** » 19 bře 2013 19:27

nový log z HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:17:54, on 19.3.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Programy\Asus AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Programy\Asus AI Suite II\AsRoutineController.exe
C:\Programy\Asus AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Programy\Asus AI Suite II\EPU\EPUHelp.exe
C:\Programy\Asus AI Suite II\AI Suite II.exe
C:\Programy\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Programy\Asus AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Programy\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Programy\Asus AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Programy\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programy\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ASUS ShellProcess Execute] C:\Programy\Asus AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programy\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programy\Nová složka\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1242357953-1970568119-3888269350-1018\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - Startup: Monitor technologie Intel(R) Turbo Boost 2.6.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programy\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programy\ICQ7.6\ICQ.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programy\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programy\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programy\Nová složka\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programy\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programy\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Programy\Bluetooth Suite\adminservice.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programy\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Programy\MW online\Tunngle\TnglCtrl.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10848 bytes

1. log z RogueKiller:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Bady [Práva správce]
Mód : Odebrat -- Datum : 03/19/2013 19:13:03
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\windows\system32\config\SYSTEM
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Users\ferda\NTUSER.DAT
-> E:\Users\UpdatusUser\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EARX-00N0YB0 +++++
--- User ---
[MBR] 766d91aa5653496ac848deca292a122b
[BSP] ea9968fa20456a376258c35b14a0fdf6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3250620AS +++++
--- User ---
[MBR] b2ff1329708ff864e32251679f6f3b5d
[BSP] 11cc0b2517f8a25ffacdf9730d669314 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238331 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3]_D_03192013_02d1913.txt >>
RKreport[1]_S_03152013_02d1738.txt ; RKreport[2]_S_03192013_02d1911.txt ; RKreport[3]_D_03192013_02d1913.txt

Druhej Log:

RogueKiller V8.5.3 [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Bady [Práva správce]
Mód : Kontrola -- Datum : 03/19/2013 19:20:04
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\windows\system32\config\SYSTEM
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Users\ferda\NTUSER.DAT
-> E:\Users\UpdatusUser\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EARX-00N0YB0 +++++
--- User ---
[MBR] 766d91aa5653496ac848deca292a122b
[BSP] ea9968fa20456a376258c35b14a0fdf6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3250620AS +++++
--- User ---
[MBR] b2ff1329708ff864e32251679f6f3b5d
[BSP] 11cc0b2517f8a25ffacdf9730d669314 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238331 Mo
User = LL1 ... OK!

Příspěvekod **jaro3** » 19 bře 2013 22:48

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Jak to vypadá nyní?

Zbytečné vytížení CPU a GPU Vyřešeno

Re: Zbytečné vytížení CPU a GPU

Re: Zbytečné vytížení CPU a GPU

Re: Zbytečné vytížení CPU a GPU

Re: Zbytečné vytížení CPU a GPU

Re: Zbytečné vytížení CPU a GPU

Re: Zbytečné vytížení CPU a GPU

Re: Zbytečné vytížení CPU a GPU

Re: Zbytečné vytížení CPU a GPU

Re: Zbytečné vytížení CPU a GPU

Re: Zbytečné vytížení CPU a GPU

Re: Zbytečné vytížení CPU a GPU

Re: Zbytečné vytížení CPU a GPU

Kdo je online