Prosim o kontrolu logu Vyřešeno

[Leo18]

ComboFix 13-08-20.01 - Multimedia 21.08.2013 18:03:36.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2009.1135 [GMT 2:00]
Spuštěný z: c:\users\Multimedia\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-21 do 2013-08-21 )))))))))))))))))))))))))))))))
.
.
2013-08-21 16:14 . 2013-08-21 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-21 15:40 . 2013-08-21 15:40 -------- d-----w- c:\windows\ERUNT
2013-08-21 15:20 . 2013-08-21 15:20 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2DE81EE2-BF4D-4129-99A5-A4FE5874AF67}\offreg.dll
2013-08-21 12:47 . 2013-08-21 15:06 -------- d-----w- C:\AdwCleaner
2013-08-21 12:23 . 2013-08-21 12:23 -------- d-----w- c:\users\Multimedia\AppData\Roaming\Malwarebytes
2013-08-21 12:23 . 2013-08-21 12:23 -------- d-----w- c:\programdata\Malwarebytes
2013-08-21 12:23 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-21 12:23 . 2013-08-21 12:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-21 12:22 . 2013-08-21 12:22 -------- d-----w- c:\users\Multimedia\AppData\Local\Programs
2013-08-20 16:52 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2DE81EE2-BF4D-4129-99A5-A4FE5874AF67}\mpengine.dll
2013-08-15 04:52 . 2013-07-26 02:49 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-15 04:52 . 2013-07-26 03:13 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-08-15 04:52 . 2013-07-26 03:12 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-08-15 04:52 . 2013-07-26 03:12 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-08-15 04:52 . 2013-07-26 03:12 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-08-15 04:52 . 2013-07-26 03:11 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-08-14 11:34 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 11:34 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 11:34 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 11:34 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 11:34 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 11:34 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 11:34 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 11:34 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 11:33 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 11:33 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 11:33 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 11:33 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-07-31 16:50 . 2013-08-15 05:04 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 19:47 . 2012-11-28 16:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-20 19:47 . 2012-08-16 14:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-11 07:41 . 2013-07-11 07:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-07-11 07:41 . 2013-07-11 07:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-06-05 03:05 . 2013-07-11 07:52 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-11 07:52 509440 ----a-w- c:\windows\system32\qedit.dll
2013-05-28 04:34 . 2013-05-28 04:34 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-28 04:34 . 2013-05-28 04:34 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-28 04:34 . 2013-05-28 04:34 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-05-28 04:34 . 2013-05-28 04:34 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-05-28 04:34 . 2013-05-28 04:34 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-05-28 04:34 . 2013-05-28 04:34 158720 ----a-w- c:\windows\system32\msls31.dll
2013-05-28 04:34 . 2013-05-28 04:34 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-05-28 04:34 . 2013-05-28 04:34 138752 ----a-w- c:\windows\system32\wextract.exe
2013-05-28 04:34 . 2013-05-28 04:34 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-28 04:34 . 2013-05-28 04:34 12800 ----a-w- c:\windows\system32\mshta.exe
2013-05-28 04:34 . 2013-05-28 04:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-28 04:34 . 2013-05-28 04:34 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-28 04:34 . 2013-05-28 04:34 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-05-28 04:34 . 2013-05-28 04:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-28 04:34 . 2013-05-28 04:34 361984 ----a-w- c:\windows\system32\html.iec
2013-05-28 04:34 . 2013-05-28 04:34 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-28 04:34 . 2013-05-28 04:34 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2009-05-01 21:02 . 2013-08-17 10:07 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2013-08-17 10:07 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 21:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-04-20 438272]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-07-11 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-12-02 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-12-02 8576]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-26 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 10752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-04-16 39056]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - MBAMSwissArmy
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 00:21 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-28 19:47]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Multimedia\AppData\Roaming\Mozilla\Firefox\Profiles\n9071zb8.default-1370150688715\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-08-21 18:17:47
ComboFix-quarantined-files.txt 2013-08-21 16:17
.
Před spuštěním: Volných bajtů: 52 761 669 632
Po spuštění: Volných bajtů: 52 710 035 456
.
- - End Of File - - 461A32C157D0C91792DC857F4EA4F8B8
2E5DEBB2116B3417023E0D6562D7ED07

[Reklama]

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

+ Nový log z HJT

Jak se chová PC?

[Leo18]

gfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:27:22, on 21.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://www.battlefieldheroes.com/static ... .127.0.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

--
End of file - 4143 bytes

[Leo18]

Zdá se,že Pc už běží normálně...

[memphisto]

V logu fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

Jinak OK. POkud nejsou problémy, tak poprosím zelenou fajku vpravo nahoře

[Leo18]

Ok hotovo,Pc v pořádku,díky moc..