Prosím o kontrolu HJT mám v pc asi virus

[memphisto]

Spíš ten log z Combofixu není celý...

[Reklama]

[helpmeboys]

já ho skopčil celý..

[helpmeboys]

ComboFix 13-08-07.01 - admin 08.08.2013 11:12:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3070.2576 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\install.exe
c:\windows\inf\ntvdm.vbe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000115_.tmp.dll
c:\windows\system32\frapsvid.dll
c:\windows\system32\SET641.tmp
c:\windows\system32\SET645.tmp
c:\windows\system32\SET64D.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-08 do 2013-08-08 )))))))))))))))))))))))))))))))
.
.
2013-08-07 19:37 . 2013-08-07 19:37 -------- d-----w- c:\windows\ERUNT
2013-08-07 18:54 . 2013-08-07 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-07 18:54 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-07 18:31 . 2013-08-07 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2013-08-07 15:20 . 2013-08-07 15:20 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-08-07 15:20 . 2013-08-07 15:20 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-08-07 15:04 . 2013-08-07 15:04 -------- d-----w- c:\program files\Deep Silver
2013-08-07 10:10 . 2013-08-07 10:10 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-07 10:10 . 2013-08-07 10:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-07 10:10 . 2013-08-07 10:10 -------- d-----w- c:\program files\Java
2013-08-07 09:55 . 2013-08-07 09:55 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-06 14:47 . 2013-08-07 09:54 -------- d-----w- c:\program files\uTorrent 3.3.0
2013-08-04 17:59 . 2013-08-04 17:59 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\TechSmith
2013-08-04 17:58 . 2013-08-04 17:58 -------- d-----w- c:\windows\system32\QuickTime
2013-08-04 17:58 . 2013-08-04 17:58 -------- d-----w- c:\program files\QuickTime
2013-08-04 17:58 . 2013-08-04 17:58 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2013-08-04 17:57 . 2013-08-04 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2013-08-04 17:57 . 2013-08-04 17:57 -------- d-----w- c:\program files\TechSmith
2013-08-04 09:32 . 2013-08-04 09:32 -------- d-----w- c:\program files\Screaming Bee
2013-08-04 09:24 . 2013-08-04 09:24 -------- d-----w- c:\program files\Common Files\Screaming Bee
2013-08-04 09:12 . 2013-08-04 09:12 -------- d-----w- c:\program files\Bandicam
2013-08-04 09:11 . 2013-08-04 09:12 -------- d-----w- c:\program files\BandiMPEG1
2013-08-03 21:32 . 2013-08-03 21:32 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\NVIDIA
2013-08-03 21:20 . 2013-08-03 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2013-08-03 21:20 . 2013-08-03 21:20 -------- d-----w- c:\program files\AGEIA Technologies
2013-08-03 21:18 . 2013-08-07 09:55 -------- d-----w- c:\documents and settings\UpdatusUser.ADMIN-9F8DE0D0F
2013-08-03 21:18 . 2013-06-21 09:54 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-08-03 21:18 . 2013-06-21 09:54 144160 ----a-w- c:\windows\system32\nvcolor.exe
2013-08-03 21:18 . 2013-06-21 09:54 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-08-03 21:18 . 2013-06-21 09:54 15677728 ----a-w- c:\windows\system32\nvcpl.dll
2013-08-03 21:18 . 2013-06-21 09:54 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-08-03 21:17 . 2013-02-25 05:27 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2013-08-03 21:17 . 2013-02-25 05:27 128672 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2013-08-03 21:17 . 2013-01-29 08:35 892704 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-08-03 21:13 . 2013-08-03 21:18 1098236 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-08-03 21:13 . 2013-08-03 21:18 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-08-03 21:13 . 2013-08-03 21:18 1098236 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-08-03 21:12 . 2012-08-30 19:10 888168 ----a-r- c:\windows\system32\nvdispgenco32.dll
2013-08-03 21:12 . 2012-08-30 19:10 1009512 ----a-r- c:\windows\system32\nvdispco32.dll
2013-08-03 21:01 . 2013-06-21 12:02 893728 ----a-w- c:\windows\system32\nvdispgenco3232049.dll
2013-08-03 21:01 . 2013-06-21 12:02 1024288 ----a-w- c:\windows\system32\nvdispco3232049.dll
2013-08-02 16:43 . 2013-08-02 16:43 -------- d--h--w- c:\windows\PIF
2013-08-01 19:40 . 2013-08-01 19:40 -------- d-----w- c:\program files\HWiNFO32
2013-07-30 08:25 . 2013-07-30 08:26 -------- d-----w- c:\windows\system32\MRT
2013-07-27 16:48 . 2013-07-27 16:48 -------- d-----w- c:\documents and settings\admin\Application Data\PhrozenSoft
2013-07-13 16:43 . 2013-07-13 16:43 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2013-07-13 16:43 . 2013-07-13 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2013-07-11 20:56 . 2013-07-13 20:20 -------- d-----w- c:\program files\World of Warcraft 3.3.5a (no install)
2013-07-09 17:42 . 2013-07-09 17:48 -------- d-----w- c:\documents and settings\admin\Application Data\Shifters Anticheat
2013-07-09 17:42 . 2013-07-09 17:42 -------- d-----w- C:\Shifters Anticheat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-07 10:10 . 2012-12-28 21:39 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-07 10:10 . 2012-12-28 21:39 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-15 07:20 . 2012-12-06 12:32 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-15 07:20 . 2012-12-06 12:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-28 08:05 . 2013-03-07 22:27 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-28 08:05 . 2013-03-07 22:27 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-28 08:05 . 2013-03-07 22:27 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-21 12:02 . 2013-01-18 18:07 6320128 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-21 12:02 . 2013-01-18 18:07 20197376 ----a-w- c:\windows\system32\nvoglnt.dll
2013-06-21 12:02 . 2013-01-18 18:07 2783008 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-21 12:02 . 2013-01-18 18:07 2002720 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-21 12:02 . 2013-01-18 18:07 7663616 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-21 12:02 . 2013-01-18 18:07 2548736 ----a-w- c:\windows\system32\nvapi.dll
2013-06-21 12:02 . 2013-01-18 18:07 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-21 12:02 . 2008-09-03 14:37 10973504 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-06-21 12:02 . 2008-04-14 00:12 4014592 ----a-w- c:\windows\system32\nv4_disp.dll
2013-06-11 19:41 . 2013-03-22 23:06 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-06-11 19:41 . 2013-03-22 23:06 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-06-11 19:41 . 2012-12-29 22:58 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-06-11 19:38 . 2012-12-29 22:58 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-06-07 21:56 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-07 21:55 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2013-06-07 11:45 . 2013-08-04 09:19 84992 --s-a-w- c:\windows\inf\mssdbj\zlib1.dll
2013-06-07 11:45 . 2013-08-04 09:19 612352 --s-a-w- c:\windows\inf\mssdbj\libcurl.dll
2013-06-07 11:45 . 2013-08-04 09:19 364544 --s-a-w- c:\windows\inf\mssdbj\ssleay32.dll
2013-06-07 11:45 . 2013-08-04 09:19 279955 --s-a-w- c:\windows\inf\mssdbj\libidn-11.dll
2013-06-07 11:45 . 2013-08-04 09:19 183382 --s-a-w- c:\windows\inf\mssdbj\librtmp.dll
2013-06-07 11:45 . 2013-08-04 09:19 171008 --s-a-w- c:\windows\inf\mssdbj\libssh2.dll
2013-06-07 11:45 . 2013-08-04 09:19 1704448 --s-a-w- c:\windows\inf\mssdbj\libeay32.dll
2013-06-07 11:45 . 2013-08-04 09:19 110094 --s-a-w- c:\windows\inf\mssdbj\libusb-1.0.dll
2013-06-04 07:23 . 2004-08-04 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-12 21:37 . 2013-06-14 19:56 893728 ----a-w- c:\windows\system32\nvdispgenco3232018.dll
2013-05-12 21:37 . 2013-06-14 19:56 1024288 ----a-w- c:\windows\system32\nvdispco3232018.dll
2013-05-12 21:37 . 2008-04-14 00:12 4013568 ----a-w- c:\windows\system32\nv4_disp(2).dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-03-23 4270640]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-29 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-29 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-29 141848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
"NvMediaCenter"="NvMCTray.dll" [2013-06-21 223008]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-06-21 2586912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"83.125.22.190,255.255.255.255,10.0.0.1,1"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-06-21 09:54 15677728 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-03 14:59 19604072 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-07-26 22:46 1807272 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\admin\\My Documents\\Track-mania-nations-forever\\Track mania nations forever\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\World of Warcraft 3.3.5a (no install)\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57936:TCP"= 57936:TCP:Pando Media Booster
"57936:UDP"= 57936:UDP:Pando Media Booster
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [8.3.2013 0:27 49376]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2012 15:03 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.3.2013 0:27 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.3.2013 0:27 369584]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [1.8.2013 21:40 19064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.3.2013 0:27 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8.3.2013 0:27 66336]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\atchksrv.exe [3.9.2008 15:05 183064]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [3.9.2008 15:05 2521880]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26.11.2009 1:06 34896]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2013 16:27 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.8.2013 20:54 701512]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [12.7.2013 14:37 3289472]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.6.2013 16:54 162408]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [8.3.2013 0:27 175176]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2013 16:27 136176]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [24.2.2013 19:10 4544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.8.2013 20:54 22856]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064]
S3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys [9.3.2013 17:54 12864]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [16.1.2011 16:24 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [16.1.2011 16:24 11104]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 udsstub;USBDeviceShare USB Device Stub;c:\windows\system32\drivers\udsstub.sys [26.1.2013 23:42 16000]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 07:20]
.
2013-08-07 c:\windows\Tasks\AdobeAAMUpdater-1.0-ADMIN-9F8DE0D0F-admin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-08-07 15:42]
.
2013-08-02 c:\windows\Tasks\At1.job
- c:\program files\Red Giant Link\Common\Red Giant Link.exe [2011-11-18 05:18]
.
2013-08-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-07 08:58]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-06 14:26]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-06 14:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\admin\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-NtVdmSrv - c:\windows\inf\ntvdm.vbe
MSConfigStartUp-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
MSConfigStartUp-Facebook Update - c:\documents and settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
AddRemove-{E973253D-692B-7C0F-5577-4207670533EB}_is1 - c:\program files\MorphVOX_Pro_4.3.13_Build_22345\unins000.exe
AddRemove-{F2835483-37F2-4123-B4FE-0E77D58447F2} - c:\program files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-08 11:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,40,d0,9a,c0,38,04,41,9f,ab,77,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,40,d0,9a,c0,38,04,41,9f,ab,77,\
.
[HKEY_USERS\S-1-5-21-842925246-1708537768-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:66,9e,a2,c5,4e,71,3d,e4,64,da,47,59,35,c4,7b,f0,78,1f,7f,08,d0,
ac,85,9e,3a,ad,2b,f7,f8,d4,97,18,fe,56,e4,18,03,46,0d,dd,2d,fb,b9,03,48,37,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-08-08 11:19:00
ComboFix-quarantined-files.txt 2013-08-08 09:18
.
Před spuštěním: 393 037 639 680 bytes free
Po spuštění: 393 320 951 808 bytes free
.
- - End Of File - - E29F31DB3223C195984B60A4BFDF4AED
8F558EB6672622401DA993E1E865C861

[helpmeboys]

pardon

[memphisto]

Tohle znáš? Jsou to nějaké německé IP adresy AttractSoft GmbH

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"83.125.22.190,255.255.255.255,10.0.0.1,1"=""

[helpmeboys]

neznám.. jen 10.0.0.1 mi něco říká. já mám nějakou 90.180.X.X

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Google\Update
c:\program files\Skype\Updater


DirLook::
c:\documents and settings\UpdatusUser.ADMIN-9F8DE0D0F

Driver::
gupdate
SkypeUpdate
gupdatem

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"83.125.22.190,255.255.255.255,10.0.0.1,1"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.