Prosím o kontrolu logu - pomalý ntb Vyřešeno

[Babis]

tady je ten novej log z combofixu, ale připadá mi, že se nestalo, co mělo..

ComboFix 13-10-28.01 - Míra 30.10.2013 14:28:10.2.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1790.1453 [GMT 1:00]
Spuštěný z: c:\users\MÝra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\MÝra\Desktop\CFScript.txt
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-28 do 2013-10-30 )))))))))))))))))))))))))))))))
.
.
2013-10-30 13:34 . 2013-10-30 13:34 -------- d-----w- c:\users\Mˇra\AppData\Local\temp
2013-10-30 13:34 . 2013-10-30 13:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-28 17:44 . 2013-10-28 17:44 -------- d-----w- c:\users\Míra\AppData\Roaming\NVIDIA
2013-10-27 19:49 . 2013-10-27 19:49 -------- d-----w- c:\users\Míra\AppData\Local\Adobe
2013-10-27 19:42 . 2013-10-27 19:42 -------- d-----w- C:\TDSSKiller_Quarantine
2013-10-26 15:51 . 2013-10-26 15:51 -------- d-----w- c:\windows\ERUNT
2013-10-25 10:39 . 2013-10-25 10:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-25 10:39 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-25 10:31 . 2013-10-26 15:46 -------- d-----w- C:\AdwCleaner
2013-10-25 10:29 . 2013-10-25 10:29 -------- d-----w- c:\users\Míra\AppData\Local\Apple Computer
2013-10-24 13:25 . 2013-10-24 13:25 388096 ----a-r- c:\users\Míra\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-24 13:25 . 2013-10-24 13:25 -------- d-----w- c:\program files\Trend Micro
2013-10-20 16:38 . 2013-10-20 16:38 -------- d-----w- c:\programdata\NVIDIA
2013-10-20 16:37 . 2013-09-12 06:28 662816 ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-20 16:37 . 2013-09-12 06:28 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-10-20 16:37 . 2013-09-12 06:28 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-10-20 16:37 . 2013-09-12 06:28 4265760 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-20 16:37 . 2013-09-12 06:28 3006240 ----a-w- c:\windows\system32\nvsvc.dll
2013-10-20 16:37 . 2013-09-12 06:28 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-20 16:36 . 2013-10-20 16:36 -------- d-----w- C:\temp
2013-10-20 16:36 . 2013-10-20 16:36 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-10-20 15:01 . 2013-10-20 15:01 -------- d-----w- c:\users\Míra\My Documents
2013-10-20 15:01 . 2013-10-20 15:01 536576 ----a-r- c:\users\Míra\AppData\Roaming\Microsoft\Installer\{ECE3188A-3B11-4332-B1B9-43FAA9A02626}\TheSkyX.exe_0B6E1533768448FFB9F15B3B99DC89D5.exe
2013-10-20 15:01 . 2013-10-20 15:01 536576 ----a-r- c:\users\Míra\AppData\Roaming\Microsoft\Installer\{ECE3188A-3B11-4332-B1B9-43FAA9A02626}\ARPPRODUCTICON.exe
2013-10-20 15:01 . 2013-10-20 15:01 49152 ----a-r- c:\users\Míra\AppData\Roaming\Microsoft\Installer\{ECE3188A-3B11-4332-B1B9-43FAA9A02626}\UNINST_Uninstall_T_0B6E1533768448FFB9F15B3B99DC89D5.exe
2013-10-20 15:00 . 2013-10-20 15:00 -------- d-----w- c:\program files\Plus!
2013-10-20 14:59 . 2013-10-20 14:59 -------- d-----w- c:\program files\Software Bisque
2013-10-20 14:39 . 2001-06-19 15:53 266293 ----a-w- c:\windows\system32\temp.001
2013-10-20 14:31 . 2001-06-19 15:53 266293 ----a-w- c:\windows\system32\temp.000
2013-10-03 17:33 . 2013-10-03 17:33 -------- d-----r- c:\users\Míra\Pictures
2013-09-30 14:11 . 2013-09-30 14:11 -------- d-----w- c:\program files\Activision
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-24 13:25 . 2013-10-24 13:25 388096 ----a-r- c:\users\Míra\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-24 13:25 . 2013-10-24 13:25 388096 ----a-r- c:\users\Míra\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-20 16:35 . 2009-07-23 19:01 13628208 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-10-20 15:01 . 2013-10-20 15:01 536576 ----a-r- c:\users\Míra\AppData\Roaming\Microsoft\Installer\{ECE3188A-3B11-4332-B1B9-43FAA9A02626}\ARPPRODUCTICON.exe
2013-10-20 15:01 . 2013-10-20 15:01 536576 ----a-r- c:\users\Míra\AppData\Roaming\Microsoft\Installer\{ECE3188A-3B11-4332-B1B9-43FAA9A02626}\ARPPRODUCTICON.exe
2013-10-09 18:15 . 2012-05-06 06:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 18:15 . 2011-05-29 08:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-24 10:54 . 2013-04-25 09:05 85464 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-09-24 10:54 . 2013-04-15 16:38 44752 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-09-24 10:54 . 2013-04-15 16:38 582936 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-09-24 10:54 . 2013-04-15 16:38 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-09-24 10:53 . 2013-04-23 13:04 354240 ----a-w- c:\windows\system32\guard32.dll
2013-09-24 10:53 . 2013-04-15 16:38 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-09-24 10:53 . 2013-04-15 16:38 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-09-24 10:53 . 2013-04-15 16:38 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2005-07-26 14:23 . 2005-07-26 14:23 482000 ----a-w- c:\program files\DXSETUP.exe
2005-07-26 14:23 . 2005-07-26 14:23 75472 ----a-w- c:\program files\DSETUP.dll
2005-07-26 14:23 . 2005-07-26 14:23 2245840 ----a-w- c:\program files\dsetup32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-10-20 1576152]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2013-05-13 659456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2012-02-20 13:53 1679360 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-09-24 582936]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-09-24 44752]
R2 0210061369676595mcinstcleanup;McAfee Application Installer Cleanup (0210061369676595); [x]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
R2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-09-24 131288]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-10-29 23456]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 jbridgep;jbridgep; [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-09-24 20072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 14:40 453736 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 19:01 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 18:15]
.
2013-10-30 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-10-20 09:12]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-13 10:38]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-13 10:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-10-30 14:35:58
ComboFix-quarantined-files.txt 2013-10-30 13:35
ComboFix2.txt 2013-10-29 13:02
.
Před spuštěním: Volných bajtů: 68 158 648 320
Po spuštění: Volných bajtů: 68 034 281 472
.
- - End Of File - - 339124F1ABF9D98295AA2441E106FA4D
A36C5E4F47E84449FF07ED3517B43A31

[Reklama]

[Babis]

a tady je hjt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:42:04, on 30.10.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: McAfee Application Installer Cleanup (0210061369676595) (0210061369676595mcinstcleanup) - - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7014 bytes

[Babis]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-30 14:43:14
-----------------------------
14:43:14.373 OS Version: Windows 6.1.7600
14:43:14.373 Number of processors: 2 586 0x301
14:43:14.373 ComputerName: MÍRA-PC UserName: Míra
14:43:16.338 Initialize success
14:43:22.533 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
14:43:22.533 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
14:43:22.720 Disk 0 MBR read successfully
14:43:22.736 Disk 0 MBR scan
14:43:22.736 Disk 0 Windows 7 default MBR code
14:43:22.751 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:43:22.783 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149900 MB offset 206848
14:43:22.798 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 155243 MB offset 307202048
14:43:22.829 Disk 0 scanning sectors +625139712
14:43:23.032 Disk 0 scanning C:\Windows\system32\drivers
14:43:30.505 Service scanning
14:43:48.367 Modules scanning
14:43:57.134 Disk 0 trace - called modules:
14:43:57.165 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
14:43:57.181 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c809c8]
14:43:57.181 3 CLASSPNP.SYS[8898d59e] -> nt!IofCallDriver -> [0x85b87338]
14:43:57.196 5 ACPI.sys[837a73b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x85b83030]
14:43:57.196 Scan finished successfully
14:47:09.201 Disk 0 MBR has been saved successfully to "C:\Users\Míra\Desktop\MBR.dat"
14:47:09.201 The log file has been saved successfully to "C:\Users\Míra\Desktop\aswMBR.txt"

[Babis]

ohledně toho testování souborů na VirusTotal, jak tak koukám na ty soubory, tak to vypadá, že je to všechno součástí jednoho hvězdářskýho programu, co si tam táta nedávno dal
brácha to dostal k hvězdářskýmu dalekohledu na cdčku, takže předpokládám, že by to mělo bejt čistý

[memphisto]

Combofix udělej znovu v nouzovém režimu se skriptem...

[Babis]

ComboFix jsem udělal přesně podle návodu i se skriptem, ale jak jsem na ikonu combofixu hodil ten skript, tak se prostě zas klasicky spustil combofix..
Zkoušel jsem to v nouzovém režimu. Zkusim to zejtra ještě jednou, ale nevěřim, že tentokrát by to šlo.. ale třeba jsem něco přehlédl.

[jaro3]

Deaktivoval si celý balík COMODA? Před Combofixem? Zkus ještě jednou.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: McAfee Application Installer Cleanup (0210061369676595) (0210061369676595mcinstcleanup) - - (no file)


[Babis]

No to bude tim.. protože vpravo dole žádná ikonka nebyla a stejně to psalo, že je Comodo zapnutý. Tak jsem vypnul i jeho procesy ve správci úloh, ale stejně to tam psalo. Tak jsem dal potvrdit, že i přesto má program pokračovat a asi to teda nevyšlo no. Jenomže jak ho vypnout teda
zatim udělám ten HJT

[jaro3]

Stáhni si rkill
a spusť ho . Spustí se sken .Po skenu se program sám ukončí.
Pozn.: NERESTARTUJ PC !

Pak zkus Combofix s tím scriptem,

[Babis]

Ok a mám to udělat v nouzáku?

[Babis]

No tak jsem to zkusil bez nouzáku, killnulo to pár těch procesů.. no a teď když jsem zkusil ten script a nemám dostatečný oprávnění zas
teď teda nevim, jestli můžu ten notebook restartovat nebo ne

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.