Prosím o konrolu Logu

Aktebis · Příspěvekod **Aktebis** » 17 úno 2014 18:35

ComboFix 14-02-12.01 - dealer4 17.02.2014 18:03:00.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1791.1183 [GMT 1:00]
Spuštěný z: c:\users\dealer4\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\dealer4\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-17 do 2014-02-17 )))))))))))))))))))))))))))))))
.
.
2014-02-17 17:12 . 2014-02-17 17:12 -------- d-----w- c:\users\pc27\AppData\Local\temp
2014-02-17 17:12 . 2014-02-17 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-17 14:21 . 2014-02-17 14:21 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7972791-64FA-4CA3-993C-C48C1D620A96}\offreg.dll
2014-02-17 14:07 . 2014-02-17 14:08 -------- d-----w- c:\program files\BlueStacks
2014-02-17 14:06 . 2014-02-17 14:08 -------- d-----w- c:\programdata\BlueStacks
2014-02-11 07:23 . 2014-02-11 07:23 -------- d-----w- c:\program files\Common Files\PCSuite
2014-02-11 04:54 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7972791-64FA-4CA3-993C-C48C1D620A96}\mpengine.dll
2014-02-10 11:13 . 2014-02-10 11:14 -------- d-----w- c:\users\dealer4\AppData\Local\Nokia
2014-02-10 11:12 . 2014-02-11 07:22 -------- d-----w- c:\program files\Common Files\Nokia
2014-02-10 11:12 . 2014-02-10 11:13 -------- d-----w- c:\programdata\Nokia
2014-02-10 11:11 . 2012-10-17 13:53 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2014-02-10 11:11 . 2014-02-10 11:11 -------- d-----w- c:\program files\PC Connectivity Solution
2014-02-10 11:09 . 2014-02-11 07:22 -------- d-----w- c:\program files\Nokia
2014-02-07 15:16 . 2014-02-07 15:16 -------- d-----w- c:\users\dealer4\AppData\Local\Diagnostics
2014-02-04 18:36 . 2014-02-04 18:36 -------- d-----w- c:\users\dealer4\AppData\Local\VirtualStore
2014-02-04 16:25 . 2014-02-04 16:25 -------- d-----w- c:\windows\ERUNT
2014-02-04 16:14 . 2014-02-04 16:14 -------- d-----w- c:\programdata\RegClean
2014-02-04 07:36 . 2014-02-04 07:36 -------- d-----w- c:\users\dealer4\AppData\Local\Adobe
2014-02-04 07:03 . 2014-02-04 07:03 -------- d-----w- c:\users\dealer4\AppData\Local\Apple Computer
2014-02-04 07:02 . 2014-02-04 07:02 -------- d-----w- c:\users\dealer4\AppData\Local\ATI
2014-02-03 18:55 . 2014-02-04 16:08 -------- d-----w- C:\AdwCleaner
2014-02-03 18:53 . 2014-02-03 18:53 -------- d-----w- c:\users\dealer4\AppData\Roaming\Malwarebytes
2014-02-03 18:53 . 2014-02-03 18:53 -------- d-----w- c:\programdata\Malwarebytes
2014-02-03 18:53 . 2014-02-03 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-03 18:53 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-31 18:51 . 2014-01-31 18:51 388096 ----a-r- c:\users\dealer4\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-31 18:51 . 2014-01-31 18:51 -------- d-----w- c:\program files\Trend Micro
2014-01-29 11:13 . 2014-01-29 11:13 -------- d-----w- c:\users\dealer4\.android
2014-01-22 11:36 . 2014-02-13 14:09 -------- d-----w- C:\sport_tj
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-07 15:59 . 2012-04-10 07:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-07 15:59 . 2011-05-31 06:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-07-29 91648]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2013-12-20 807696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 23040]
R3 MSICDSetup;MSICDSetup;D:\CDriver.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-10 172032]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2013-12-20 106256]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2013-12-20 385808]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2677160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
S3 VPPP;DrayTek Virtual PPP Adapter;c:\windows\system32\DRIVERS\VPPP.sys [2010-03-31 31696]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 15:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googel.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB
FF - ProfilePath - c:\users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5344)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\BlueStacks\HD-Service.exe
c:\program files\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\BlueStacks\HD-Network.exe
c:\windows\system32\conhost.exe
c:\program files\BlueStacks\HD-BlockDevice.exe
c:\windows\system32\conhost.exe
c:\program files\BlueStacks\HD-SharedFolder.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\conhost.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2014-02-17 18:32:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-17 17:32
ComboFix2.txt 2014-02-14 14:51
.
Před spuštěním: Volných bajtů: 16 307 437 568
Po spuštění: Volných bajtů: 16 126 619 648
.
- - End Of File - - EDCC6323ED057B5F54A246F91107A85D
A36C5E4F47E84449FF07ED3517B43A31

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:52:06, on 31.1.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: maucampo - {89ea300a-d75b-4270-a63f-c45f0ff5f7a3} - C:\Program Files\maucampo\maucampobho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpeedUpMyComputer] C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 6219 bytes

https://www.virustotal.com/cs/file/f28c ... 392735075/

Reklama

Aktebis · Příspěvekod **Aktebis** » 17 úno 2014 18:44

Co se týče Virustotalu, tak mi píše hlášku:

K souboru není přidružen program,který b ymohl provést tuto akci.Nainstalujte potřebný program pokud je jaý nainstalovaný,vytvořte přídružení pomocí ovladdacího panelu . Výchozí programy.

Příspěvekod **Orcus** » 17 úno 2014 19:59

Proveď CF v nouzovém režimu. Soubory atapi.sys zkus nejprve zkopírovat na plochu.

Aktebis · Příspěvekod **Aktebis** » 17 úno 2014 20:09

Ahoj,
můžeš mi to napsat v češtině:)Promiň,ale jsem Lama:)

Příspěvekod **jaro3** » 18 úno 2014 09:33

Zkopíruj si ten soubor na plochu a otestuj ho na VT.

Aktebis · Příspěvekod **Aktebis** » 19 úno 2014 21:44

ComboFix 14-02-12.01 - dealer4 17.02.2014 18:03:00.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1791.1183 [GMT 1:00]
Spuštěný z: c:\users\dealer4\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\dealer4\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-17 do 2014-02-17 )))))))))))))))))))))))))))))))
.
.
2014-02-17 17:12 . 2014-02-17 17:12 -------- d-----w- c:\users\pc27\AppData\Local\temp
2014-02-17 17:12 . 2014-02-17 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-17 14:21 . 2014-02-17 14:21 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7972791-64FA-4CA3-993C-C48C1D620A96}\offreg.dll
2014-02-17 14:07 . 2014-02-17 14:08 -------- d-----w- c:\program files\BlueStacks
2014-02-17 14:06 . 2014-02-17 14:08 -------- d-----w- c:\programdata\BlueStacks
2014-02-11 07:23 . 2014-02-11 07:23 -------- d-----w- c:\program files\Common Files\PCSuite
2014-02-11 04:54 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7972791-64FA-4CA3-993C-C48C1D620A96}\mpengine.dll
2014-02-10 11:13 . 2014-02-10 11:14 -------- d-----w- c:\users\dealer4\AppData\Local\Nokia
2014-02-10 11:12 . 2014-02-11 07:22 -------- d-----w- c:\program files\Common Files\Nokia
2014-02-10 11:12 . 2014-02-10 11:13 -------- d-----w- c:\programdata\Nokia
2014-02-10 11:11 . 2012-10-17 13:53 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2014-02-10 11:11 . 2014-02-10 11:11 -------- d-----w- c:\program files\PC Connectivity Solution
2014-02-10 11:09 . 2014-02-11 07:22 -------- d-----w- c:\program files\Nokia
2014-02-07 15:16 . 2014-02-07 15:16 -------- d-----w- c:\users\dealer4\AppData\Local\Diagnostics
2014-02-04 18:36 . 2014-02-04 18:36 -------- d-----w- c:\users\dealer4\AppData\Local\VirtualStore
2014-02-04 16:25 . 2014-02-04 16:25 -------- d-----w- c:\windows\ERUNT
2014-02-04 16:14 . 2014-02-04 16:14 -------- d-----w- c:\programdata\RegClean
2014-02-04 07:36 . 2014-02-04 07:36 -------- d-----w- c:\users\dealer4\AppData\Local\Adobe
2014-02-04 07:03 . 2014-02-04 07:03 -------- d-----w- c:\users\dealer4\AppData\Local\Apple Computer
2014-02-04 07:02 . 2014-02-04 07:02 -------- d-----w- c:\users\dealer4\AppData\Local\ATI
2014-02-03 18:55 . 2014-02-04 16:08 -------- d-----w- C:\AdwCleaner
2014-02-03 18:53 . 2014-02-03 18:53 -------- d-----w- c:\users\dealer4\AppData\Roaming\Malwarebytes
2014-02-03 18:53 . 2014-02-03 18:53 -------- d-----w- c:\programdata\Malwarebytes
2014-02-03 18:53 . 2014-02-03 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-03 18:53 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-31 18:51 . 2014-01-31 18:51 388096 ----a-r- c:\users\dealer4\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-31 18:51 . 2014-01-31 18:51 -------- d-----w- c:\program files\Trend Micro
2014-01-29 11:13 . 2014-01-29 11:13 -------- d-----w- c:\users\dealer4\.android
2014-01-22 11:36 . 2014-02-13 14:09 -------- d-----w- C:\sport_tj
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-07 15:59 . 2012-04-10 07:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-07 15:59 . 2011-05-31 06:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-07-29 91648]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2013-12-20 807696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 23040]
R3 MSICDSetup;MSICDSetup;D:\CDriver.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-10 172032]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2013-12-20 106256]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2013-12-20 385808]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2677160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
S3 VPPP;DrayTek Virtual PPP Adapter;c:\windows\system32\DRIVERS\VPPP.sys [2010-03-31 31696]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 15:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googel.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB
FF - ProfilePath - c:\users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5344)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\BlueStacks\HD-Service.exe
c:\program files\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\BlueStacks\HD-Network.exe
c:\windows\system32\conhost.exe
c:\program files\BlueStacks\HD-BlockDevice.exe
c:\windows\system32\conhost.exe
c:\program files\BlueStacks\HD-SharedFolder.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\conhost.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2014-02-17 18:32:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-17 17:32
ComboFix2.txt 2014-02-14 14:51
.
Před spuštěním: Volných bajtů: 16 307 437 568
Po spuštění: Volných bajtů: 16 126 619 648
.
- - End Of File - - EDCC6323ED057B5F54A246F91107A85D
A36C5E4F47E84449FF07ED3517B43A31

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:52:06, on 31.1.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: maucampo - {89ea300a-d75b-4270-a63f-c45f0ff5f7a3} - C:\Program Files\maucampo\maucampobho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpeedUpMyComputer] C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 6219 bytes

https://www.virustotal.com/cs/file/f28c ... 392735075/

Příspěvekod **jaro3** » 20 úno 2014 10:07

Odinstaluj:
AppGraffiti
maucampo
SpeedUpMyComputer

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: maucampo - {89ea300a-d75b-4270-a63f-c45f0ff5f7a3} - C:\Program Files\maucampo\maucampobho.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
D:\CDriver.sys

Folder::
C:\Program Files\maucampo
C:\PROGRA~1\APPGRA~1

Driver::
MSICDSetup

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Aktebis · Příspěvekod **Aktebis** » 20 úno 2014 18:50

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:25:20, on 20.2.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 5435 bytes

ComboFix 14-02-12.01 - dealer4 20.02.2014 17:37:34.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1791.1011 [GMT 1:00]
Spuštěný z: c:\users\dealer4\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\dealer4\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"D:\CDriver.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\dealer4\AppData\Local\Temp\NOSEventMessages.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MSICDSETUP
-------\Service_MSICDSetup
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-20 do 2014-02-20 )))))))))))))))))))))))))))))))
.
.
2014-02-20 16:45 . 2014-02-20 16:45 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7972791-64FA-4CA3-993C-C48C1D620A96}\offreg.dll
2014-02-20 16:44 . 2014-02-20 16:44 -------- d-----w- c:\users\pc27\AppData\Local\temp
2014-02-20 16:44 . 2014-02-20 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-17 14:07 . 2014-02-17 14:08 -------- d-----w- c:\program files\BlueStacks
2014-02-17 14:06 . 2014-02-17 14:08 -------- d-----w- c:\programdata\BlueStacks
2014-02-11 07:23 . 2014-02-11 07:23 -------- d-----w- c:\program files\Common Files\PCSuite
2014-02-11 04:54 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7972791-64FA-4CA3-993C-C48C1D620A96}\mpengine.dll
2014-02-10 11:13 . 2014-02-10 11:14 -------- d-----w- c:\users\dealer4\AppData\Local\Nokia
2014-02-10 11:12 . 2014-02-11 07:22 -------- d-----w- c:\program files\Common Files\Nokia
2014-02-10 11:12 . 2014-02-10 11:13 -------- d-----w- c:\programdata\Nokia
2014-02-10 11:11 . 2012-10-17 13:53 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2014-02-10 11:11 . 2014-02-10 11:11 -------- d-----w- c:\program files\PC Connectivity Solution
2014-02-10 11:09 . 2014-02-11 07:22 -------- d-----w- c:\program files\Nokia
2014-02-07 15:16 . 2014-02-07 15:16 -------- d-----w- c:\users\dealer4\AppData\Local\Diagnostics
2014-02-04 18:36 . 2014-02-17 17:34 -------- d-----w- c:\users\dealer4\AppData\Local\VirtualStore
2014-02-04 16:25 . 2014-02-04 16:25 -------- d-----w- c:\windows\ERUNT
2014-02-04 16:14 . 2014-02-04 16:14 -------- d-----w- c:\programdata\RegClean
2014-02-04 07:36 . 2014-02-04 07:36 -------- d-----w- c:\users\dealer4\AppData\Local\Adobe
2014-02-04 07:03 . 2014-02-04 07:03 -------- d-----w- c:\users\dealer4\AppData\Local\Apple Computer
2014-02-04 07:02 . 2014-02-04 07:02 -------- d-----w- c:\users\dealer4\AppData\Local\ATI
2014-02-03 18:55 . 2014-02-04 16:08 -------- d-----w- C:\AdwCleaner
2014-02-03 18:53 . 2014-02-03 18:53 -------- d-----w- c:\users\dealer4\AppData\Roaming\Malwarebytes
2014-02-03 18:53 . 2014-02-03 18:53 -------- d-----w- c:\programdata\Malwarebytes
2014-02-03 18:53 . 2014-02-03 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-03 18:53 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-31 18:51 . 2014-01-31 18:51 388096 ----a-r- c:\users\dealer4\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-31 18:51 . 2014-01-31 18:51 -------- d-----w- c:\program files\Trend Micro
2014-01-29 11:13 . 2014-01-29 11:13 -------- d-----w- c:\users\dealer4\.android
2014-01-22 11:36 . 2014-02-13 14:09 -------- d-----w- C:\sport_tj
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-07 15:59 . 2012-04-10 07:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-07 15:59 . 2011-05-31 06:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-07-29 91648]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2013-12-20 807696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 23040]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-10 172032]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2013-12-20 106256]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2013-12-20 385808]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2677160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
S3 VPPP;DrayTek Virtual PPP Adapter;c:\windows\system32\DRIVERS\VPPP.sys [2010-03-31 31696]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 15:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googel.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB
FF - ProfilePath - c:\users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\BlueStacks\HD-Service.exe
c:\program files\BlueStacks\HD-Network.exe
c:\windows\system32\conhost.exe
c:\program files\BlueStacks\HD-BlockDevice.exe
c:\windows\system32\conhost.exe
c:\program files\BlueStacks\HD-SharedFolder.exe
c:\windows\system32\conhost.exe
c:\program files\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\system32\PhotoScreensaver.scr
.
**************************************************************************
.
Celkový čas: 2014-02-20 18:20:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-20 17:20
ComboFix2.txt 2014-02-17 17:32
ComboFix3.txt 2014-02-14 14:51
.
Před spuštěním: Volných bajtů: 14 940 897 280
Po spuštění: Volných bajtů: 14 757 273 600
.
- - End Of File - - 129F321E98A65163D0E43C698D06ADB9
A36C5E4F47E84449FF07ED3517B43A31

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-13 19:53:11
-----------------------------
19:53:11.535 OS Version: Windows 6.1.7601 Service Pack 1
19:53:11.535 Number of processors: 2 586 0x603
19:53:11.548 ComputerName: PC27 UserName:
19:53:15.357 Initialize success
19:53:21.284 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:53:21.288 Disk 0 Vendor: WDC_WD1600AAJS-60Z0A0 03.03E03 Size: 152627MB BusType: 3
19:53:21.397 Disk 0 MBR read successfully
19:53:21.401 Disk 0 MBR scan
19:53:21.404 Disk 0 Windows 7 default MBR code
19:53:21.414 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:53:21.423 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
19:53:21.431 Disk 0 scanning sectors +312579760
19:53:21.508 Disk 0 scanning C:\Windows\system32\drivers
19:53:28.354 Service scanning
19:53:42.618 Modules scanning
19:53:52.958 Disk 0 trace - called modules:
19:53:52.979 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
19:53:52.981 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8607b030]
19:53:53.014 3 CLASSPNP.SYS[88d8f59e] -> nt!IofCallDriver -> [0x86088918]
19:53:53.018 5 ACPI.sys[83ba93d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8606c908]
19:53:53.022 Scan finished successfully
19:54:10.416 Disk 0 MBR has been saved successfully to "C:\Users\dealer4\Desktop\Vir\MBR.dat"
19:54:10.431 The log file has been saved successfully to "C:\Users\dealer4\Desktop\Vir\aswMBR.txt"

Příspěvekod **Orcus** » 21 úno 2014 07:15

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?

Aktebis · Příspěvekod **Aktebis** » 21 úno 2014 17:25

DelFix v10.6 - Logfile created 21/02/2014 at 17:22:04
# Updated 11/11/2013 by Xplode
# Username : dealer4 - PC27
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : C:\Users\dealer4\Desktop\RK_Quarantine
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.2.8.16.0_04.02.2014_19.33.34_log.txt
Deleted : C:\TDSSKiller.2.8.16.0_04.02.2014_19.34.10_log.txt
Deleted : C:\TDSSKiller.2.8.16.0_04.02.2014_19.34.18_log.txt
Deleted : C:\Users\dealer4\Desktop\aswmbr.exe
Deleted : C:\Users\dealer4\Desktop\JRT.txt
Deleted : C:\Users\dealer4\Desktop\RKreport[0]_D_02042014_193059.txt
Deleted : C:\Users\dealer4\Desktop\RKreport[0]_S_02042014_174637.txt
Deleted : C:\Users\dealer4\Desktop\RKreport[0]_S_02042014_193046.txt
Deleted : C:\Users\dealer4\Downloads\aswmbr.exe
Deleted : C:\Users\dealer4\Downloads\JRT.exe
Deleted : C:\Users\dealer4\Downloads\tdsskiller.zip
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #270 [ComboFix created restore point | 02/21/2014 14:09:23]

New restore point created !

########## - EOF - ##########

Počítač je stále nějaký zpomalený.
Přemínaní mezi okny je hrozná doba. Neustále mi padá internet. Vyskakují mi furt nějaké okna s pornem.
Padá mi neustále připojení na vzdálenou plochu,seká se internet e třeba čekám minutu než s emi načte http://www.seznam.cz.

Tyto problémi nejsou furt,ale v průběhu dne se mi to stane třeba 5x.

Příspěvekod **Orcus** » 22 úno 2014 09:01

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Aktebis · Příspěvekod **Aktebis** » 24 úno 2014 13:10

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2014 02
Ran by dealer4 at 2014-02-24 13:07:53
Running from C:\Users\dealer4\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD USB Filter Driver (Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{176A02AC-6C89-A8B2-6D0A-F11DBA363C3F}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Castle Clash ULTIMATE Hack Tool 5.1 (HKLM\...\Castle Clash ULTIMATE Hack Tool 5.1) (Version: 5.1 - Castle Clash ULTIMATE Hack)
Catalyst Control Center Core Implementation (Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0210.2206.39615 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0210.2206.39615 - ATI) Hidden
CCC Help Czech (Version: 2010.0210.2205.39615 - Název společnosti:) Hidden
CCC Help Danish (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Dutch (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help English (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Finnish (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help French (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help German (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Greek (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Italian (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Japanese (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Korean (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Polish (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Russian (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Spanish (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Swedish (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Thai (Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Turkish (Version: 2010.0210.2205.39615 - ATI) Hidden
ccc-core-static (Version: 2010.0210.2206.39615 - Název společnosti:) Hidden
ccc-utility (Version: 2010.0210.2206.39615 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Classic Shell (HKLM\...\{F9FCCFE9-5AC1-4914-AA94-94A4C3D53157}) (Version: 2.8.3 - IvoSoft)
ČSTV TJ/SK PLNÁ VERZE 3.01 (HKLM\...\CSTV_TJ_is1) (Version: - Kubatova)
DrayTek Smart VPN Client (HKLM\...\DrayTek Smart VPN Client) (Version: - )
ESET NOD32 Antivirus (HKLM\...\{4FAD70B6-E246-496E-9719-449E3756BF0B}) (Version: 4.2.64.12 - ESET, spol. s r.o.)
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 4.0 - Solvusoft Corporation)
Garmin Lifetime Updater (HKLM\...\{028BB5A9-6385-4CF6-A6FF-D512D5015DBA}) (Version: 2.1.6 - Garmin)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.1.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}) (Version: 2.0.58.0 - HTC)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
Java Auto Updater (Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
karat.exe (HKLM\...\{8388C6E9-A490-43DE-894B-2295B66A8F44}) (Version: 0.1 - Administrator)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile CSY Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (Czech) (HKLM\...\{95120000-00AF-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 27.0.1 (x86 cs) (HKLM\...\Mozilla Firefox 27.0.1 (x86 cs)) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 cs) (HKLM\...\Mozilla Thunderbird 24.3.0 (x86 cs)) (Version: 24.3.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
Nucleus Kernel for PowerPoint Demo ver 4.02 (HKLM\...\Nucleus Kernel for PowerPoint Demo_is1) (Version: - Nucleus Technologies.com)
Nvu 1.0 (HKLM\...\Nvu) (Version: 1.0 - CZilla)
ParadisePoker 1.0.0 (HKLM\...\ParadisePoker_is1) (Version: 1.0.0 - SBS)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Recovery for PowerPoint 3.1.19636.2 Demo License (HKLM\...\{CC5DD1EC-CC1A-4BDF-A41B-1A54CC704272}) (Version: 3.1.19636.2 - Recoveronix)
Registrace uživatele zařízení Canon MG5100 series (HKLM\...\Registrace uživatele zařízení Canon MG5100 series) (Version: - )
Rozpis Profi (HKLM\...\Rozpis Profi) (Version: - )
TeamViewer 7 Host (HKLM\...\TeamViewer 7 Host) (Version: 7.0.13989 - TeamViewer)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.56 - Ghisler Software GmbH)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinThruster (HKLM\...\WinThruster_is1) (Version: 1.79 - solvusoft Corporation)

==================== Restore Points =========================

21-02-2014 16:22:16 End of disinfection

==================== Hosts content: ==========================

2009-07-14 03:04 - 2014-02-20 18:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {8630A651-365B-4F63-8798-43A31BBF7B9E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {A8D72540-A52D-4A72-B99B-547DFDF88EFA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-08-25 09:25 - 2001-10-28 15:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-04-26 18:01 - 2013-04-26 18:01 - 00030056 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2013-04-26 18:02 - 2013-04-26 18:02 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2013-04-26 18:02 - 2013-04-26 18:02 - 00044392 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2013-04-26 18:02 - 2013-04-26 18:02 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-04-26 18:03 - 2013-04-26 18:03 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-04-26 18:07 - 2013-04-26 18:07 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2011-05-13 16:01 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2012-12-07 17:27 - 2012-12-07 17:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2013-04-26 18:03 - 2013-04-26 18:03 - 00169312 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2010-12-14 17:13 - 2010-12-14 17:13 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 02302040 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 08197208 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00345688 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00202328 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00027736 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00282200 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
2013-12-11 12:51 - 2014-02-11 13:50 - 03019376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2013-12-11 12:51 - 2014-02-11 13:50 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-11 12:51 - 2014-02-11 13:50 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-12-23 19:36 - 2014-02-17 10:36 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-21 08:59 - 2014-02-21 08:59 - 16265096 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2014 01:05:47 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1032) SUS20ClientDataStore: Pokus o čtení ze souboru C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log s posunem 619008 (0x0000000000097200) o 512 (0x00000200) bajtů se po wuaueng.dll0 sekundách nezdařil. Došlo k systémové chybě 23 (0x00000017): Chyba dat (cyklická redundantní kontrola). . Operace čtení se nezdaří a dojde k chybě -1021 (0xfffffc03). Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit ze záložní kopie.

Error: (02/24/2014 01:05:41 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1032) SUS20ClientDataStore: Pokus o čtení ze souboru C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log s posunem 618496 (0x0000000000097000) o 512 (0x00000200) bajtů se po wuaueng.dll0 sekundách nezdařil. Došlo k systémové chybě 23 (0x00000017): Chyba dat (cyklická redundantní kontrola). . Operace čtení se nezdaří a dojde k chybě -1021 (0xfffffc03). Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit ze záložní kopie.

Error: (02/24/2014 01:05:27 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1032) SUS20ClientDataStore: Pokus o čtení ze souboru C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log s posunem 528384 (0x0000000000081000) o 262144 (0x00040000) bajtů se po wuaueng.dll0 sekundách nezdařil. Došlo k systémové chybě 23 (0x00000017): Chyba dat (cyklická redundantní kontrola). . Operace čtení se nezdaří a dojde k chybě -1021 (0xfffffc03). Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit ze záložní kopie.

Error: (02/24/2014 01:05:13 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1032) SUS20ClientDataStore: Pokus o čtení ze souboru C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log s posunem 619008 (0x0000000000097200) o 512 (0x00000200) bajtů se po wuaueng.dll0 sekundách nezdařil. Došlo k systémové chybě 23 (0x00000017): Chyba dat (cyklická redundantní kontrola). . Operace čtení se nezdaří a dojde k chybě -1021 (0xfffffc03). Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit ze záložní kopie.

Error: (02/24/2014 01:05:07 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1032) SUS20ClientDataStore: Pokus o čtení ze souboru C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log s posunem 618496 (0x0000000000097000) o 512 (0x00000200) bajtů se po wuaueng.dll0 sekundách nezdařil. Došlo k systémové chybě 23 (0x00000017): Chyba dat (cyklická redundantní kontrola). . Operace čtení se nezdaří a dojde k chybě -1021 (0xfffffc03). Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit ze záložní kopie.

Error: (02/24/2014 01:04:54 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1032) SUS20ClientDataStore: Pokus o čtení ze souboru C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log s posunem 528384 (0x0000000000081000) o 262144 (0x00040000) bajtů se po wuaueng.dll0 sekundách nezdařil. Došlo k systémové chybě 23 (0x00000017): Chyba dat (cyklická redundantní kontrola). . Operace čtení se nezdaří a dojde k chybě -1021 (0xfffffc03). Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit ze záložní kopie.

Error: (02/24/2014 00:34:26 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1032) SUS20ClientDataStore: Pokus o čtení ze souboru C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log s posunem 619008 (0x0000000000097200) o 512 (0x00000200) bajtů se po wuaueng.dll0 sekundách nezdařil. Došlo k systémové chybě 23 (0x00000017): Chyba dat (cyklická redundantní kontrola). . Operace čtení se nezdaří a dojde k chybě -1021 (0xfffffc03). Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit ze záložní kopie.

Error: (02/24/2014 00:34:21 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1032) SUS20ClientDataStore: Pokus o čtení ze souboru C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log s posunem 618496 (0x0000000000097000) o 512 (0x00000200) bajtů se po wuaueng.dll0 sekundách nezdařil. Došlo k systémové chybě 23 (0x00000017): Chyba dat (cyklická redundantní kontrola). . Operace čtení se nezdaří a dojde k chybě -1021 (0xfffffc03). Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit ze záložní kopie.

Error: (02/24/2014 00:34:07 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1032) SUS20ClientDataStore: Pokus o čtení ze souboru C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log s posunem 528384 (0x0000000000081000) o 262144 (0x00040000) bajtů se po wuaueng.dll0 sekundách nezdařil. Došlo k systémové chybě 23 (0x00000017): Chyba dat (cyklická redundantní kontrola). . Operace čtení se nezdaří a dojde k chybě -1021 (0xfffffc03). Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit ze záložní kopie.

Error: (02/24/2014 00:33:52 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1032) SUS20ClientDataStore: Pokus o čtení ze souboru C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log s posunem 619008 (0x0000000000097200) o 512 (0x00000200) bajtů se po wuaueng.dll0 sekundách nezdařil. Došlo k systémové chybě 23 (0x00000017): Chyba dat (cyklická redundantní kontrola). . Operace čtení se nezdaří a dojde k chybě -1021 (0xfffffc03). Pokud tyto potíže potrvají, je soubor pravděpodobně poškozen a bude nutné jej obnovit ze záložní kopie.

System errors:
=============
Error: (02/24/2014 01:05:47 PM) (Source: Disk) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (02/24/2014 01:05:44 PM) (Source: Disk) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (02/24/2014 01:05:41 PM) (Source: Disk) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (02/24/2014 01:05:38 PM) (Source: Disk) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (02/24/2014 01:05:35 PM) (Source: Disk) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (02/24/2014 01:05:33 PM) (Source: Disk) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (02/24/2014 01:05:30 PM) (Source: Disk) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (02/24/2014 01:05:27 PM) (Source: Disk) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (02/24/2014 01:05:24 PM) (Source: Disk) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (02/24/2014 01:05:21 PM) (Source: Disk) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Microsoft Office Sessions:
=========================
Error: (08/22/2012 08:47:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1025. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 86%
Total physical RAM: 1791.18 MB
Available physical RAM: 246.46 MB
Total Pagefile: 4491.18 MB
Available Pagefile: 2439.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:19.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or

(Size: 149 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2014 02
Ran by dealer4 (administrator) on PC27 on 24-02-2014 13:07:08
Running from C:\Users\dealer4\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(Garmin) C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(DrayTek Corp.) C:\Program Files\DrayTek\Smart VPN Client\SmartVPNClient.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Microsoft Corporation) C:\Windows\system32\mstsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9394792 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2215064 2010-08-12] (ESET)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [91648 2010-07-29] (IvoSoft)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [Garmin Lifetime Updater] - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe [1446248 2011-12-15] (Garmin)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BlueStacks Agent] - C:\Program Files\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKU\S-1-5-21-195085820-1302924477-1453668872-1002\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googel.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{909EFABB-1ACE-4244-A4D9-057125D57B80}: [NameServer]194.228.41.113 160.218.161.54

FireFox:
========
FF ProfilePath: C:\Users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default
FF DefaultSearchEngine: ICQ Search
FF Homepage: https://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default\searchplugins\inbox-hledn.xml
FF SearchPlugin: C:\Users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-01-08]
FF Extension: maucampo - C:\Users\dealer4\AppData\Roaming\Mozilla\Firefox\Profiles\r7c7ov6d.default\Extensions\firefox@maucampo.net.xpi [2014-01-28]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-12-14]

========================== Services (Whitelisted) =================

R2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()

==================== Drivers (Whitelisted) ====================

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5315584 2010-02-10] (ATI Technologies Inc.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [106256 2013-12-20] (BlueStack Systems)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204448 2010-05-24] (Realtek Semiconductor Corp.)
R3 VPPP; C:\Windows\System32\DRIVERS\VPPP.sys [31696 2010-03-31] (DrayTek, Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eamon; system32\DRIVERS\eamon.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-24 13:07 - 2014-02-24 13:07 - 00010731 _____ () C:\Users\dealer4\Desktop\FRST.txt
2014-02-24 13:06 - 2014-02-24 13:07 - 00000000 ____D () C:\FRST
2014-02-24 12:35 - 2014-02-24 12:36 - 01144320 _____ (Farbar) C:\Users\dealer4\Desktop\FRST.exe
2014-02-24 07:46 - 2014-02-24 07:46 - 00000834 _____ () C:\Windows\PFRO.log
2014-02-24 07:46 - 2014-02-24 07:46 - 00000056 _____ () C:\Windows\setupact.log
2014-02-24 07:46 - 2014-02-24 07:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-21 17:22 - 2014-02-21 17:22 - 00001371 _____ () C:\DelFix.txt
2014-02-21 15:17 - 2014-02-21 15:18 - 00037520 _____ () C:\Users\dealer4\Documents\cc_20140221_151735.reg
2014-02-21 15:11 - 2014-02-21 15:11 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-21 15:11 - 2014-02-21 15:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-21 15:10 - 2014-02-21 15:10 - 04721920 _____ (Piriform Ltd) C:\Users\dealer4\Downloads\ccsetup410.exe
2014-02-21 11:28 - 2014-02-21 12:10 - 00000000 ____D () C:\Users\dealer4\Desktop\CONMETRON ZALOHA
2014-02-18 10:03 - 2009-07-14 02:26 - 00021584 _____ (Microsoft Corporation) C:\Users\dealer4\Desktop\atapi.sys
2014-02-17 15:08 - 2014-02-17 15:08 - 00001768 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-02-17 15:08 - 2014-02-17 15:08 - 00001765 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-02-17 15:07 - 2014-02-17 15:08 - 00000000 ____D () C:\Program Files\BlueStacks
2014-02-17 15:06 - 2014-02-17 15:08 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-17 15:05 - 2014-02-17 15:05 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\dealer4\Downloads\BlueStacks-SplitInstaller_native.exe
2014-02-16 18:47 - 2014-02-16 18:53 - 1002354688 _____ () C:\Users\dealer4\Downloads\Zmizení Prisoners(2013),BRRip, CZ dabing, NEW NOVINKA, normal kvalita, česky.avi
2014-02-16 18:47 - 2014-02-16 18:51 - 784441344 _____ () C:\Users\dealer4\Downloads\Ridick CZ-dabing (2013) NOVINKA.avi
2014-02-13 19:55 - 2014-02-21 15:08 - 00000000 ____D () C:\Windows\erdnt
2014-02-13 14:49 - 2014-02-13 14:49 - 03727266 _____ (Kubatova ) C:\Users\dealer4\Downloads\534MWI(1).exe
2014-02-11 10:22 - 2014-02-11 10:30 - 00000000 ____D () C:\Users\dealer4\Desktop\Matrace
2014-02-11 08:23 - 2014-02-11 08:23 - 00001996 _____ () C:\Users\Public\Desktop\Nokia PC Suite.lnk
2014-02-11 08:23 - 2014-02-11 08:23 - 00000000 ____D () C:\Program Files\Common Files\PCSuite
2014-02-11 08:09 - 2014-02-11 08:09 - 41122320 _____ () C:\Users\dealer4\Downloads\Nokia_PC_Suite_cze_web.exe
2014-02-10 12:15 - 2014-02-21 15:21 - 00000000 ____D () C:\Users\dealer4\AppData\Local\NokiaAccount
2014-02-10 12:13 - 2014-02-10 12:14 - 00000000 ____D () C:\Users\dealer4\AppData\Local\Nokia
2014-02-10 12:12 - 2014-02-21 15:21 - 00000000 ____D () C:\ProgramData\Nokia
2014-02-10 12:12 - 2014-02-21 15:21 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-02-10 12:11 - 2014-02-10 12:11 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-02-10 12:11 - 2012-10-17 14:53 - 00019072 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfd.sys
2014-02-10 12:09 - 2014-02-21 15:21 - 00000000 ____D () C:\Program Files\Nokia
2014-02-10 12:08 - 2014-02-10 12:08 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2014-02-10 12:04 - 2014-02-10 12:05 - 106320416 _____ () C:\Users\dealer4\Downloads\Nokia_Suite_webinstaller_ALL.exe
2014-02-07 16:45 - 2014-02-07 16:47 - 67963216 _____ () C:\Users\dealer4\Downloads\Nokia_PC_Suite_ALL(1).exe
2014-02-04 19:36 - 2014-02-17 18:34 - 00000000 ____D () C:\Users\dealer4\AppData\Local\VirtualStore
2014-02-04 17:25 - 2014-02-04 17:25 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 17:14 - 2014-02-04 17:14 - 00000000 ____D () C:\ProgramData\RegClean
2014-02-04 09:54 - 2014-02-20 18:48 - 00000000 ____D () C:\Users\dealer4\Desktop\Vir
2014-02-04 08:36 - 2014-02-04 08:36 - 00000000 ____D () C:\Users\dealer4\AppData\Local\Adobe
2014-02-04 08:03 - 2014-02-04 08:03 - 00000000 ____D () C:\Users\dealer4\AppData\Local\Apple Computer
2014-02-04 08:02 - 2014-02-04 08:02 - 00000000 ____D () C:\Users\dealer4\AppData\Local\ATI
2014-02-03 19:53 - 2014-02-03 19:53 - 00000000 ____D () C:\Users\dealer4\AppData\Roaming\Malwarebytes
2014-02-03 19:53 - 2014-02-03 19:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-31 19:51 - 2014-02-21 17:22 - 00000000 ____D () C:\Program Files\Trend Micro
2014-01-31 19:51 - 2014-01-31 19:51 - 00000000 ____D () C:\Users\dealer4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-01-29 12:13 - 2014-01-29 12:13 - 00000000 ____D () C:\Users\dealer4\.android
2014-01-29 11:59 - 2014-01-29 11:59 - 00010264 _____ () C:\Users\dealer4\Desktop\Prehled planu.xlsx
2014-01-29 11:55 - 2014-01-29 11:55 - 00000000 ____D () C:\Users\dealer4\Desktop\MyPhoneExplorer portable

==================== One Month Modified Files and Folders =======

2014-02-24 13:07 - 2014-02-24 13:07 - 00010731 _____ () C:\Users\dealer4\Desktop\FRST.txt
2014-02-24 13:07 - 2014-02-24 13:06 - 00000000 ____D () C:\FRST
2014-02-24 12:59 - 2012-04-10 08:47 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-24 12:40 - 2009-07-14 05:34 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 12:40 - 2009-07-14 05:34 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 12:36 - 2014-02-24 12:35 - 01144320 _____ (Farbar) C:\Users\dealer4\Desktop\FRST.exe
2014-02-24 07:47 - 2012-11-19 14:54 - 00000000 ____D () C:\Users\dealer4\AppData\Local\HTC MediaHub
2014-02-24 07:46 - 2014-02-24 07:46 - 00000834 _____ () C:\Windows\PFRO.log
2014-02-24 07:46 - 2014-02-24 07:46 - 00000056 _____ () C:\Windows\setupact.log
2014-02-24 07:46 - 2014-02-24 07:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-24 07:46 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 21:25 - 2010-12-14 17:08 - 01518421 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 17:22 - 2014-02-21 17:22 - 00001371 _____ () C:\DelFix.txt
2014-02-21 17:22 - 2014-01-31 19:51 - 00000000 ____D () C:\Program Files\Trend Micro
2014-02-21 15:21 - 2014-02-10 12:15 - 00000000 ____D () C:\Users\dealer4\AppData\Local\NokiaAccount
2014-02-21 15:21 - 2014-02-10 12:12 - 00000000 ____D () C:\ProgramData\Nokia
2014-02-21 15:21 - 2014-02-10 12:12 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-02-21 15:21 - 2014-02-10 12:09 - 00000000 ____D () C:\Program Files\Nokia
2014-02-21 15:18 - 2014-02-21 15:17 - 00037520 _____ () C:\Users\dealer4\Documents\cc_20140221_151735.reg
2014-02-21 15:14 - 2012-10-26 13:34 - 00000000 ____D () C:\Users\dealer4\AppData\Roaming\DAEMON Tools Lite
2014-02-21 15:14 - 2011-08-24 13:34 - 00000000 ____D () C:\Program Files\PDFCreator
2014-02-21 15:13 - 2010-12-14 16:56 - 00000000 ____D () C:\Windows\Panther
2014-02-21 15:11 - 2014-02-21 15:11 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-21 15:11 - 2014-02-21 15:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-21 15:10 - 2014-02-21 15:10 - 04721920 _____ (Piriform Ltd) C:\Users\dealer4\Downloads\ccsetup410.exe
2014-02-21 15:08 - 2014-02-13 19:55 - 00000000 ____D () C:\Windows\erdnt
2014-02-21 12:10 - 2014-02-21 11:28 - 00000000 ____D () C:\Users\dealer4\Desktop\CONMETRON ZALOHA
2014-02-21 11:01 - 2012-10-11 13:10 - 00036864 _____ () C:\Users\dealer4\Desktop\srovnavaci tabulka.xls
2014-02-21 08:59 - 2012-04-10 08:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 08:59 - 2011-05-31 07:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 18:48 - 2014-02-04 09:54 - 00000000 ____D () C:\Users\dealer4\Desktop\Vir
2014-02-20 18:10 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-02-20 17:45 - 2009-07-14 03:03 - 41680896 _____ () C:\Windows\system32\config\software.bak
2014-02-20 17:45 - 2009-07-14 03:03 - 23855104 _____ () C:\Windows\system32\config\system.bak
2014-02-20 17:45 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-02-20 17:45 - 2009-07-14 03:03 - 00053248 _____ () C:\Windows\system32\config\sam.bak
2014-02-20 17:45 - 2009-07-14 03:03 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-02-17 20:20 - 2013-03-11 09:21 - 00000000 ____D () C:\Users\dealer4\Desktop\sporic
2014-02-17 18:34 - 2014-02-04 19:36 - 00000000 ____D () C:\Users\dealer4\AppData\Local\VirtualStore
2014-02-17 16:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-17 15:08 - 2014-02-17 15:08 - 00001768 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-02-17 15:08 - 2014-02-17 15:08 - 00001765 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-02-17 15:08 - 2014-02-17 15:07 - 00000000 ____D () C:\Program Files\BlueStacks
2014-02-17 15:08 - 2014-02-17 15:06 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-17 15:08 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-17 15:05 - 2014-02-17 15:05 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\dealer4\Downloads\BlueStacks-SplitInstaller_native.exe
2014-02-17 10:36 - 2013-12-23 19:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 08:51 - 2010-12-14 17:13 - 01478822 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 21:28 - 2013-01-23 17:03 - 00000000 ____D () C:\Users\dealer4\AppData\Roaming\vlc
2014-02-16 18:53 - 2014-02-16 18:47 - 1002354688 _____ () C:\Users\dealer4\Downloads\Zmizení Prisoners(2013),BRRip, CZ dabing, NEW NOVINKA, normal kvalita, česky.avi
2014-02-16 18:51 - 2014-02-16 18:47 - 784441344 _____ () C:\Users\dealer4\Downloads\Ridick CZ-dabing (2013) NOVINKA.avi
2014-02-14 15:51 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-02-14 15:51 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-02-13 19:49 - 2013-03-10 22:36 - 00013914 _____ () C:\Users\dealer4\Desktop\cesty.xlsx
2014-02-13 15:09 - 2014-01-22 12:36 - 00000000 ____D () C:\sport_tj
2014-02-13 14:50 - 2014-01-22 12:36 - 00000599 _____ () C:\Users\dealer4\Desktop\IS TJSK.lnk
2014-02-13 14:49 - 2014-02-13 14:49 - 03727266 _____ (Kubatova ) C:\Users\dealer4\Downloads\534MWI(1).exe
2014-02-11 13:50 - 2013-12-11 12:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-11 10:30 - 2014-02-11 10:22 - 00000000 ____D () C:\Users\dealer4\Desktop\Matrace
2014-02-11 10:19 - 2011-08-24 13:27 - 00000000 ____D () C:\PDF
2014-02-11 08:26 - 2013-02-07 14:09 - 00000000 ____D () C:\Users\dealer4\AppData\Roaming\PC Suite
2014-02-11 08:23 - 2014-02-11 08:23 - 00001996 _____ () C:\Users\Public\Desktop\Nokia PC Suite.lnk
2014-02-11 08:23 - 2014-02-11 08:23 - 00000000 ____D () C:\Program Files\Common Files\PCSuite
2014-02-11 08:09 - 2014-02-11 08:09 - 41122320 _____ () C:\Users\dealer4\Downloads\Nokia_PC_Suite_cze_web.exe
2014-02-10 12:14 - 2014-02-10 12:13 - 00000000 ____D () C:\Users\dealer4\AppData\Local\Nokia
2014-02-10 12:11 - 2014-02-10 12:11 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-02-10 12:08 - 2014-02-10 12:08 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2014-02-10 12:05 - 2014-02-10 12:04 - 106320416 _____ () C:\Users\dealer4\Downloads\Nokia_Suite_webinstaller_ALL.exe
2014-02-07 16:47 - 2014-02-07 16:45 - 67963216 _____ () C:\Users\dealer4\Downloads\Nokia_PC_Suite_ALL(1).exe
2014-02-07 16:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-04 18:04 - 2011-05-13 16:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-02-04 17:25 - 2014-02-04 17:25 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 17:14 - 2014-02-04 17:14 - 00000000 ____D () C:\ProgramData\RegClean
2014-02-04 17:08 - 2012-08-27 08:21 - 00000000 ____D () C:\ProgramData\ICQ
2014-02-04 08:36 - 2014-02-04 08:36 - 00000000 ____D () C:\Users\dealer4\AppData\Local\Adobe
2014-02-04 08:03 - 2014-02-04 08:03 - 00000000 ____D () C:\Users\dealer4\AppData\Local\Apple Computer
2014-02-04 08:02 - 2014-02-04 08:02 - 00000000 ____D () C:\Users\dealer4\AppData\Local\ATI
2014-02-03 19:53 - 2014-02-03 19:53 - 00000000 ____D () C:\Users\dealer4\AppData\Roaming\Malwarebytes
2014-02-03 19:53 - 2014-02-03 19:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-03 19:52 - 2010-12-15 15:48 - 00000000 ____D () C:\Users\pc27\AppData\Local\Adobe
2014-01-31 19:51 - 2014-01-31 19:51 - 00000000 ____D () C:\Users\dealer4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-01-29 12:13 - 2014-01-29 12:13 - 00000000 ____D () C:\Users\dealer4\.android
2014-01-29 12:13 - 2010-12-17 20:08 - 00000000 ____D () C:\Users\dealer4
2014-01-29 11:59 - 2014-01-29 11:59 - 00010264 _____ () C:\Users\dealer4\Desktop\Prehled planu.xlsx
2014-01-29 11:55 - 2014-01-29 11:55 - 00000000 ____D () C:\Users\dealer4\Desktop\MyPhoneExplorer portable

Some content of TEMP:
====================
C:\Users\dealer4\AppData\Local\Temp\NOSEventMessages.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-18 17:24

==================== End Of Log ============================

Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Re: Prosím o konrolu Logu

Kdo je online