Prosím o kontrolu logu - sekání her

[Zlatopalcův Medovar]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Remove -- Date : 06/08/2013 22:12:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] Hoolapp For Android : C:\Users\Admin\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE /Check [x] -> DELETED
[TASK][SUSP PATH] Hoolapp Init : C:\Users\Admin\AppData\Roaming\HoolappForAndroid\Hoolapp.exe /Minimized [x] -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{0126E96C-D256-49A3-A71A-324229F5D87C} : NameServer (212.111.0.10,194.213.32.237) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{0126E96C-D256-49A3-A71A-324229F5D87C} : NameServer (212.111.0.10,194.213.32.237) -> NOT REMOVED, USE DNSFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x832E1DA5 -> HOOKED (Unknown @ 0x86B35A20)
SSDT[14] : NtAlertThread @ 0x83234CC7 -> HOOKED (Unknown @ 0x86B35B00)
SSDT[19] : NtAllocateVirtualMemory @ 0x8322DCBC -> HOOKED (Unknown @ 0x86B3C438)
SSDT[22] : NtAlpcConnectPort @ 0x8327956E -> HOOKED (Unknown @ 0x86AED3D8)
SSDT[43] : NtAssignProcessToJobObject @ 0x832030BE -> HOOKED (Unknown @ 0x86B39818)
SSDT[74] : NtCreateMutant @ 0x8321434C -> HOOKED (Unknown @ 0x86B39DC0)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x832059C6 -> HOOKED (Unknown @ 0x86B3CD48)
SSDT[87] : NtCreateThread @ 0x832DFFE2 -> HOOKED (Unknown @ 0x86B3A990)
SSDT[88] : NtCreateThreadEx @ 0x8327449B -> HOOKED (Unknown @ 0x86B3CE38)
SSDT[96] : NtDebugActiveProcess @ 0x832B1EAA -> HOOKED (Unknown @ 0x86B398F8)
SSDT[111] : NtDuplicateObject @ 0x83235761 -> HOOKED (Unknown @ 0x86B3A6D8)
SSDT[131] : NtFreeVirtualMemory @ 0x830BC81C -> HOOKED (Unknown @ 0x86B3C278)
SSDT[145] : NtImpersonateAnonymousToken @ 0x831F9962 -> HOOKED (Unknown @ 0x86B39EB0)
SSDT[147] : NtImpersonateThread @ 0x8327D962 -> HOOKED (Unknown @ 0x86B39F90)
SSDT[155] : NtLoadDriver @ 0x831C9C32 -> HOOKED (Unknown @ 0x869E6048)
SSDT[168] : NtMapViewOfSection @ 0x8324A5F1 -> HOOKED (Unknown @ 0x86B3C178)
SSDT[177] : NtOpenEvent @ 0x83213D48 -> HOOKED (Unknown @ 0x86B39CE0)
SSDT[190] : NtOpenProcess @ 0x83215B93 -> HOOKED (Unknown @ 0x86B3A878)
SSDT[191] : NtOpenProcessToken @ 0x8326836F -> HOOKED (Unknown @ 0x86B3C508)
SSDT[194] : NtOpenSection @ 0x8326D9EB -> HOOKED (Unknown @ 0x86B39B20)
SSDT[198] : NtOpenThread @ 0x832620EE -> HOOKED (Unknown @ 0x86B3A7A8)
SSDT[215] : NtProtectVirtualMemory @ 0x83246651 -> HOOKED (Unknown @ 0x86B3CF38)
SSDT[304] : NtResumeThread @ 0x832746C2 -> HOOKED (Unknown @ 0x86B35BE0)
SSDT[316] : NtSetContextThread @ 0x832E1851 -> HOOKED (Unknown @ 0x86B35E80)
SSDT[333] : NtSetInformationProcess @ 0x8323C875 -> HOOKED (Unknown @ 0x86B35F60)
SSDT[350] : NtSetSystemInformation @ 0x8325237A -> HOOKED (Unknown @ 0x86B399D8)
SSDT[366] : NtSuspendProcess @ 0x832E1CDF -> HOOKED (Unknown @ 0x86B39C00)
SSDT[367] : NtSuspendThread @ 0x8329919B -> HOOKED (Unknown @ 0x86B35CC0)
SSDT[370] : NtTerminateProcess @ 0x8325ED86 -> HOOKED (Unknown @ 0x86B3AA70)
SSDT[371] : NtTerminateThread @ 0x8327C69B -> HOOKED (Unknown @ 0x86B35DA0)
SSDT[385] : NtUnmapViewOfSection @ 0x832689AA -> HOOKED (Unknown @ 0x86B3C098)
SSDT[399] : NtWriteVirtualMemory @ 0x83263A83 -> HOOKED (Unknown @ 0x86B3C368)
S_SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8682F9D0)
S_SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x87820300)
S_SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x879FBE00)
S_SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x86809428)
S_SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x86B4DDF0)
S_SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x8671B008)
S_SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x8680B120)
S_SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x87C560B0)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x87A14AD0)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x867E46B0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-007AA0 ATA Device +++++
--- User ---
[MBR] 1a86fd64952cb3c8dbf34dd257209a36
[BSP] 8e2c31f611748354ff4a79bb592eea95 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_06082013_02d2212.txt >>
RKreport[1]_S_06082013_02d2047.txt ; RKreport[2]_S_06082013_02d2211.txt ; RKreport[3]_D_06082013_02d2212.txt

[Reklama]

[memphisto]

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.

[Zlatopalcův Medovar]

08:57:57.0660 2504 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:57:57.0785 2504 ============================================================
08:57:57.0785 2504 Current date / time: 2013/06/09 08:57:57.0785
08:57:57.0785 2504 SystemInfo:
08:57:57.0785 2504
08:57:57.0785 2504 OS Version: 6.1.7601 ServicePack: 1.0
08:57:57.0785 2504 Product type: Workstation
08:57:57.0785 2504 ComputerName: ADMIN-PC
08:57:57.0785 2504 UserName: Admin
08:57:57.0785 2504 Windows directory: C:\Windows
08:57:57.0785 2504 System windows directory: C:\Windows
08:57:57.0785 2504 Processor architecture: Intel x86
08:57:57.0785 2504 Number of processors: 2
08:57:57.0785 2504 Page size: 0x1000
08:57:57.0785 2504 Boot type: Normal boot
08:57:57.0785 2504 ============================================================
08:57:58.0768 2504 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:57:58.0768 2504 ============================================================
08:57:58.0768 2504 \Device\Harddisk0\DR0:
08:57:58.0768 2504 MBR partitions:
08:57:58.0768 2504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
08:57:58.0768 2504 ============================================================
08:57:58.0783 2504 C: <-> \Device\Harddisk0\DR0\Partition1
08:57:58.0783 2504 ============================================================
08:57:58.0783 2504 Initialize success
08:57:58.0783 2504 ============================================================

[Zlatopalcův Medovar]

ComboFix 13-06-08.02 - Admin 09.06.2013 9:05.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.2030.1112 [GMT -7:00]
Spuštěný z: c:\users\Admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\frapsvid.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-09 do 2013-06-09 )))))))))))))))))))))))))))))))
.
.
2013-06-09 16:12 . 2013-06-09 16:13 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-06-09 16:12 . 2013-06-09 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-09 03:20 . 2013-06-09 03:20 97 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-09 00:13 . 2013-06-09 00:13 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2013-06-09 00:13 . 2013-06-09 00:13 -------- d-----w- c:\programdata\Malwarebytes
2013-06-09 00:13 . 2013-06-09 00:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-09 00:13 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-08 17:25 . 2013-06-08 17:32 -------- d-----w- c:\program files\Remember Me
2013-06-08 15:34 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37F10423-335B-4F7F-8FDA-E3874D623559}\mpengine.dll
2013-06-06 21:39 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-02 15:54 . 2013-06-02 16:22 -------- d-----w- c:\users\Admin\AppData\Local\Arma 3 Alpha Lite
2013-06-02 15:54 . 2013-06-02 15:54 -------- d-----w- c:\programdata\Bohemia Interactive
2013-06-01 18:23 . 2013-06-01 18:23 -------- d-----w- c:\program files\Remedy Entertainment
2013-06-01 16:16 . 2013-06-09 00:01 -------- d-----w- c:\program files\trend micro
2013-06-01 16:16 . 2013-06-01 16:16 -------- d-----w- C:\rsit
2013-05-30 18:28 . 2013-05-30 18:28 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2013-05-27 18:13 . 2013-05-27 18:13 -------- d-----w- c:\program files\NirSoft
2013-05-27 12:09 . 2013-05-27 12:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-27 12:09 . 2013-05-27 12:09 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-26 14:23 . 2013-05-31 08:09 -------- d-----w- c:\program files\Call of Juarez Gunslinger
2013-05-21 12:32 . 2013-05-21 12:31 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79B9A65C-7543-4BAE-9080-D8BD14080627}\gapaengine.dll
2013-05-19 15:33 . 2013-05-19 15:33 -------- d-----w- c:\users\Admin\AppData\Local\The_Witcher_2_Tweaker
2013-05-19 15:12 . 2013-05-19 15:12 -------- d-----w- c:\programdata\ATI
2013-05-19 15:11 . 2013-05-19 15:11 -------- d-----w- c:\program files\AMD AVT
2013-05-19 15:11 . 2013-05-19 15:11 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-05-19 15:09 . 2013-05-19 15:10 -------- d-----w- c:\program files\ATI Technologies
2013-05-19 15:09 . 2013-05-19 15:09 -------- d-----w- c:\program files\ATI
2013-05-19 14:41 . 2013-05-19 14:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2013-05-19 14:41 . 2013-05-19 14:41 -------- d-----w- c:\programdata\ASUS OC Profiles
2013-05-19 14:24 . 2013-05-19 14:24 -------- d-----w- c:\windows\system32\Macromed
2013-05-19 14:21 . 2008-12-03 03:05 184320 ----a-w- c:\windows\system32\drivers\UpdateHelper.dll
2013-05-19 14:21 . 2001-09-06 04:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2013-05-19 14:21 . 2001-09-05 11:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-05-19 14:21 . 2001-09-05 11:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-05-19 14:21 . 2001-09-05 11:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-05-19 14:20 . 2013-05-19 14:20 -------- d-----w- c:\programdata\ASUS
2013-05-19 14:20 . 2013-05-19 14:21 -------- d-----w- c:\program files\ASUS
2013-05-19 14:20 . 2010-08-24 07:31 11456 ----a-r- c:\windows\system32\drivers\AsIO.sys
2013-05-19 14:20 . 2010-06-29 07:41 28672 ----a-r- c:\windows\system32\AsIO.dll
2013-05-19 14:20 . 2008-01-04 05:34 11832 ------w- c:\windows\system32\drivers\AsInsHelp64.sys
2013-05-19 14:20 . 2013-05-19 14:20 -------- d-----w- c:\program files\Common Files\Adobe
2013-05-19 14:18 . 2010-01-14 12:26 40736 ----a-r- c:\windows\system32\drivers\RtTeam60.sys
2013-05-19 14:18 . 2010-01-14 12:27 25376 ----a-r- c:\windows\system32\drivers\RtVlan60.sys
2013-05-19 14:18 . 2010-01-14 12:26 33056 ----a-r- c:\windows\system32\drivers\RtNdPt60.sys
2013-05-19 06:22 . 2013-05-27 13:03 -------- d-----w- c:\program files\GOG.com
2013-05-18 15:21 . 2013-05-18 15:21 -------- d-----w- c:\users\Admin\AppData\Local\FLT
2013-05-18 14:49 . 2013-05-18 15:14 -------- d-----w- c:\program files\BioShock Infinite
2013-05-18 09:52 . 2013-05-18 09:52 -------- d-----w- c:\windows\system32\searchplugins
2013-05-18 09:52 . 2013-05-18 09:52 -------- d-----w- c:\windows\system32\Extensions
2013-05-18 09:52 . 2013-06-04 20:12 -------- d-----w- c:\programdata\BrowserProtect
2013-05-18 09:51 . 2013-05-18 09:54 -------- d-----w- c:\users\Admin\AppData\Roaming\DAEMON Tools Lite
2013-05-18 09:50 . 2013-05-18 09:55 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-05-18 09:43 . 2013-05-18 09:43 -------- d-----w- c:\program files\Alcohol Soft
2013-05-18 09:29 . 2013-05-18 09:29 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-05-18 09:28 . 2013-05-18 09:49 -------- d-----w- c:\users\Admin\AppData\Roaming\HoolappForAndroid
2013-05-17 16:44 . 2013-05-17 16:44 22560 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2013-05-17 16:44 . 2013-05-17 16:44 -------- d-----w- c:\program files\HWiNFO32
2013-05-16 14:56 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 14:56 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 14:56 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 14:56 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-16 14:56 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-16 14:56 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 19:59 . 2013-05-15 20:00 -------- d-----w- c:\users\Admin\AppData\Local\WMTools Downloaded Files
2013-05-15 19:49 . 2013-05-15 19:49 -------- d-----w- c:\program files\Movie Maker 2.6
2013-05-15 19:47 . 2013-05-15 19:47 -------- d-----w- c:\windows\cs
2013-05-15 19:46 . 2013-05-15 19:46 -------- d-----w- c:\windows\en
2013-05-15 19:46 . 2013-05-15 19:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-05-15 19:45 . 2013-05-15 19:45 -------- d-----w- c:\windows\PCHEALTH
2013-05-15 19:45 . 2013-05-15 19:46 -------- d-----w- c:\program files\Windows Live
2013-05-15 19:42 . 2013-05-21 13:05 -------- d-----w- c:\users\Admin\AppData\Local\Windows Live
2013-05-15 19:41 . 2013-05-15 19:41 -------- d-----w- c:\program files\Common Files\Windows Live
2013-05-15 19:36 . 2013-05-15 19:36 -------- d-----w- c:\program files\DsNET Corp
2013-05-15 17:51 . 2013-05-31 08:10 -------- d-----w- c:\program files\Metro Last Light
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 19:45 . 2012-07-17 21:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:28 . 2013-04-04 03:13 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-24 12:34 . 2013-04-24 12:35 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-12 13:45 . 2013-04-24 06:07 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-05 02:05 . 2013-04-05 02:04 2106216 ----a-w- c:\windows\system32\d3dcompiler_43.dll
2013-04-05 02:03 . 2013-04-05 02:02 4196616 ----a-w- c:\windows\system32\dffsetup-d3dcompiler_43.exe
2013-04-04 12:35 . 2013-04-25 18:23 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-04 06:11 . 2013-04-04 06:11 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-04 06:11 . 2013-04-04 06:11 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-04 06:11 . 2013-04-04 06:11 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-04 06:11 . 2013-04-04 06:11 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-04 06:11 . 2013-04-04 06:11 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-04 06:11 . 2013-04-04 06:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-04 06:11 . 2013-04-04 06:11 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-04 06:11 . 2013-04-04 06:11 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-04 06:11 . 2013-04-04 06:11 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-04 06:11 . 2013-04-04 06:11 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-04 06:11 . 2013-04-04 06:11 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-04 06:11 . 2013-04-04 06:11 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-04 06:11 . 2013-04-04 06:11 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-04 06:11 . 2013-04-04 06:11 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-04 06:11 . 2013-04-04 06:11 361984 ----a-w- c:\windows\system32\html.iec
2013-04-04 06:11 . 2013-04-04 06:11 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-04 06:11 . 2013-04-04 06:11 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 06:09 . 2013-04-04 06:09 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-04 06:09 . 2013-04-04 06:09 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-04-04 06:09 . 2013-04-04 06:09 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-04 06:09 . 2013-04-04 06:09 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-04 06:09 . 2013-04-04 06:09 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-04 06:09 . 2013-04-04 06:09 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-04 06:09 . 2013-04-04 06:09 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-04 06:09 . 2013-04-04 06:09 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-04 06:09 . 2013-04-04 06:09 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-04 06:09 . 2013-04-04 06:09 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-04 06:09 . 2013-04-04 06:09 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-04 06:09 . 2013-04-04 06:09 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-04 06:09 . 2013-04-04 06:09 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-04 06:09 . 2013-04-04 06:09 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-04 06:09 . 2013-04-04 06:09 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-04 06:09 . 2013-04-04 06:09 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-04 06:09 . 2013-04-04 06:09 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-04-04 06:09 . 2013-04-04 06:09 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-04-04 06:09 . 2013-04-04 06:09 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-04 06:09 . 2013-04-04 06:09 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-04-04 06:09 . 2013-04-04 06:09 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-04 06:09 . 2013-04-04 06:09 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-04-04 06:09 . 2013-04-04 06:09 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-04 06:09 . 2013-04-04 06:09 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-04-04 06:09 . 2013-04-04 06:09 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-04-04 06:09 . 2013-04-04 06:09 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-04 06:09 . 2013-04-04 06:09 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-04 04:34 . 2013-04-04 04:34 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-04 04:34 . 2013-04-04 04:34 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-30 04:42 . 2013-04-25 18:50 2646088 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2013-03-30 01:04 . 2013-04-25 18:50 21170176 ----a-w- c:\windows\system32\RCoRes.dat
2013-03-30 00:51 . 2013-04-25 18:50 860208 ----a-w- c:\windows\system32\SFSS_APO.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\system32\atimpc32.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\system32\amdpcom32.dll
2013-03-29 02:37 . 2013-03-29 02:37 118584 ----a-w- c:\windows\system32\atiuxpag.dll
2013-03-29 02:37 . 2013-03-29 02:37 92304 ----a-w- c:\windows\system32\atiu9pag.dll
2013-03-29 02:37 . 2013-03-29 02:37 970912 ----a-w- c:\windows\system32\aticfx32.dll
2013-03-29 02:36 . 2013-03-29 02:36 7233336 ----a-w- c:\windows\system32\atidxx32.dll
2013-03-29 02:36 . 2013-03-29 02:36 4450264 ----a-w- c:\windows\system32\atiumdva.dll
2013-03-29 02:36 . 2013-03-29 02:36 5944264 ----a-w- c:\windows\system32\atiumdag.dll
2013-03-29 02:33 . 2013-03-29 02:33 9986048 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-03-29 02:13 . 2013-03-29 02:13 180224 ----a-w- c:\windows\system32\clinfo.exe
2013-03-29 02:13 . 2013-03-29 02:13 798734 ----a-w- c:\windows\system32\amdocl_ld32.exe
2013-03-29 02:13 . 2013-03-29 02:13 995342 ----a-w- c:\windows\system32\amdocl_as32.exe
2013-03-29 02:13 . 2013-03-29 02:13 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2013-03-29 02:12 . 2013-03-29 02:12 56320 ----a-w- c:\windows\system32\OVDecode.dll
2013-03-29 02:10 . 2013-03-29 02:10 23810560 ----a-w- c:\windows\system32\amdocl.dll
2013-03-29 02:09 . 2013-03-29 02:09 50176 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-29 02:00 . 2013-03-29 02:00 62976 ----a-w- c:\windows\system32\coinst_12.104.dll
2013-03-29 01:57 . 2013-03-29 01:57 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-03-29 01:55 . 2013-03-29 01:55 46080 ----a-w- c:\windows\system32\aticalrt.dll
2013-03-29 01:55 . 2013-03-29 01:55 44032 ----a-w- c:\windows\system32\aticalcl.dll
2013-03-29 01:51 . 2013-03-29 01:51 13703168 ----a-w- c:\windows\system32\aticaldd.dll
2013-03-29 01:48 . 2013-03-29 01:48 19870720 ----a-w- c:\windows\system32\atioglxx.dll
2013-03-29 01:35 . 2013-03-29 01:35 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-03-29 01:34 . 2013-03-29 01:34 492544 ----a-w- c:\windows\system32\atieclxx.exe
2013-03-29 01:34 . 2013-03-29 01:34 219136 ----a-w- c:\windows\system32\atiesrxx.exe
2013-03-29 01:32 . 2013-03-29 01:32 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2013-03-29 01:32 . 2013-03-29 01:32 25600 ----a-w- c:\windows\system32\atimuixx.dll
2013-03-29 01:32 . 2013-03-29 01:32 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 430080 ----a-w- c:\windows\system32\atiadlxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-03-29 01:09 . 2013-03-29 01:09 34816 ----a-w- c:\windows\system32\atigktxx.dll
2013-03-29 01:08 . 2013-03-29 01:08 463872 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-03-29 01:07 . 2013-03-29 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-03-27 23:57 . 2013-04-25 18:50 112200 ----a-w- c:\windows\system32\RtkCoInstII.dll
2013-03-27 00:06 . 2013-04-25 18:50 2536008 ----a-w- c:\windows\system32\RtkPgExt.dll
2013-03-27 00:04 . 2013-04-25 18:49 2386464 ----a-w- c:\windows\system32\FMAPO.dll
2013-03-26 22:40 . 2013-04-25 18:50 3237448 ----a-w- c:\windows\system32\RtkAPO.dll
2013-03-26 21:38 . 2013-04-25 18:50 1596488 ----a-w- c:\windows\system32\RTSndMgr.cpl
2013-03-23 10:43 . 2013-04-25 18:49 181960 ----a-w- c:\windows\system32\AERTACap.dll
2013-03-21 07:26 . 2013-04-25 18:49 13769496 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2013-03-21 07:26 . 2013-04-25 18:49 1931032 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2013-03-20 20:17 . 2013-04-25 18:50 1822488 ----a-w- c:\windows\system32\WavesGUILib.dll
2013-03-20 20:17 . 2013-04-25 18:49 776984 ----a-w- c:\windows\system32\MaxxAudioAPOShell.dll
2013-03-20 20:17 . 2013-04-25 18:49 1656600 ----a-w- c:\windows\system32\MaxxAudioRealtek2.dll
2006-05-03 18:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 19:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 21:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-07 07:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"Steam"="c:\program files\Steam\steam.exe" [2013-05-03 1635752]
"Akamai NetSession Interface"="c:\users\Admin\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2013-03-29 6310984]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl9044ca0b;MpKsl9044ca0b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37F10423-335B-4F7F-8FDA-E3874D623559}\MpKsl9044ca0b.sys [2013-06-09 29904]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 40736]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 25376]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 40736]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2013-05-17 22560]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-29 219136]
S2 asComSvc;ASUS Com Service;c:\program files\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 33056]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-02-14 79872]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-28 327784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 21:10 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-27 12:09]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-19 12:04]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-19 12:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: aeriagames.com
TCP: Interfaces\{0126E96C-D256-49A3-A71A-324229F5D87C}: NameServer = 212.111.0.10,194.213.32.237
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-06-09 00:14:52
ComboFix-quarantined-files.txt 2013-06-09 07:14
.
Před spuštěním: 100 941 484 032 bytes free
Po spuštění: 101 478 588 416 bytes free
.
- - End Of File - - 7B35A84D6286249A8E25B000245A8CED
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Skype\Updater
c:\program files\Google\Update
c:\program files\SUPERAntiSpyware

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Zlatopalcův Medovar]

Nastal problém,po tom , co jsem vlozil CFScript do combofixu a následně po restu systemu nešel internet,pomocí F8 to nešlo , až přes obnovovací bod , který byl nejblíže včerejšku okolo 5 hodiny .. pokud to nějak ještě půjde,rád bych pokračoval,zkoušel jsem a FPS u her se mi o něco zvýšily

[memphisto]

Zkus to v nouzovém režimu. Jinak by mělo pomoct několikrát restartovat PC

[Zlatopalcův Medovar]

PC jsem resetoval nejmeně 5x,nouzový režim taky nic,problém je že ten obnovovací bod už byl proveden , takže jsem ve včerejšku.Takže konec,nebo se s tím dá ještě něco dělat ?

[Zlatopalcův Medovar]

Tak bude se ještě něco dít ?

[memphisto]

V CF nebylo nic, co by značilo problém...

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

+ Nový log z HJT +asw

Jak se chová PC?

[Zlatopalcův Medovar]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:08:47, on 9.6.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe
C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe
C:\Users\Admin\AppData\Roaming\update_tc\update.exe
C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Admin\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SoundUpdateHelper2] C:\Users\Admin\AppData\Roaming\update_tc\update.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0126E96C-D256-49A3-A71A-324229F5D87C}: NameServer = 212.111.0.10,194.213.32.237
O17 - HKLM\System\CS1\Services\Tcpip\..\{0126E96C-D256-49A3-A71A-324229F5D87C}: NameServer = 212.111.0.10,194.213.32.237
O17 - HKLM\System\CS2\Services\Tcpip\..\{0126E96C-D256-49A3-A71A-324229F5D87C}: NameServer = 212.111.0.10,194.213.32.237
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 8610 bytes


PC se chová dobře,hry jsou lepší .... a nevím co je "asw"

[jaro3]

Odinstaluj:
Akamai

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O15 - Trusted Zone: http://*.aeriagames.com
O20 - AppInit_DLLs: c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll

Udělej znovu ATF , TFC , AdwCleaner, MbAM a RogueKiller.