pomalý počítač

Zpráva

#16 Příspěvek od **vyosek** » 25 črc 2012 21:27

Aaaano, je to napsano i v navodu "PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem"

mala_kea · #17 Příspěvek od **mala_kea** » 25 črc 2012 21:46

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-3901736656-496437738-2820992977-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3901736656-496437738-2820992977-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3901736656-496437738-2820992977-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3901736656-496437738-2820992977-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3901736656-496437738-2820992977-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-3901736656-496437738-2820992977-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3901736656-496437738-2820992977-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}\ not found.
File C:\Program Files (x86)\CentrumczToolbar\IEToolbar.dll not found.
HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56C12526-EEE3-461A-BEB3-99D159182174}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56C12526-EEE3-461A-BEB3-99D159182174}\ not found.
Registry key HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "BS Player Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" removed from browser.search.defaulturl
Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://mystart.incredibar.com/mb128?a=6OyHdoEt0x&i=26" removed from browser.startup.homepage
Prefs.js: DTToolbar@toolbarnet.com:1.1.2.0185 removed from extensions.enabledItems
Prefs.js: "http://mystart.incredibar.com/mb128/?lo ... 26&search=" removed from keyword.URL
Folder C:\Users\mala_kea\AppData\Roaming\mozilla\Firefox\Profiles\kbpy7xf1.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\ not found.
Folder C:\Users\mala_kea\AppData\Roaming\mozilla\Firefox\Profiles\kbpy7xf1.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
Folder C:\Users\mala_kea\AppData\Roaming\mozilla\Firefox\Profiles\kbpy7xf1.default\extensions\DTToolbar@toolbarnet.com\ not found.
Folder C:\Users\mala_kea\AppData\Roaming\mozilla\Firefox\Profiles\kbpy7xf1.default\extensions\plugin@yontoo.com\ not found.
Folder C:\Users\mala_kea\AppData\Roaming\mozilla\Firefox\Profiles\kbpy7xf1.default\extensions\radiobar@toolbar\ not found.
Folder C:\Users\mala_kea\AppData\Roaming\mozilla\Firefox\Profiles\kbpy7xf1.default\extensions\toolbar@ask.com\ not found.
File C:\Users\mala_kea\AppData\Roaming\Mozilla\Firefox\Profiles\kbpy7xf1.default\searchplugins\bing.xml not found.
File C:\Users\mala_kea\AppData\Roaming\Mozilla\Firefox\Profiles\kbpy7xf1.default\searchplugins\conduit.xml not found.
File C:\Users\mala_kea\AppData\Roaming\Mozilla\Firefox\Profiles\kbpy7xf1.default\searchplugins\daemon-search.xml not found.
File C:\Users\mala_kea\AppData\Roaming\Mozilla\Firefox\Profiles\kbpy7xf1.default\searchplugins\icqplugin.xml not found.
File C:\Users\mala_kea\AppData\Roaming\Mozilla\Firefox\Profiles\kbpy7xf1.default\searchplugins\MyStart Search.xml not found.
File C:\Users\mala_kea\AppData\Roaming\Mozilla\Firefox\Profiles\kbpy7xf1.default\searchplugins\qip-search.xml not found.
File C:\Users\mala_kea\AppData\Roaming\Mozilla\Firefox\Profiles\kbpy7xf1.default\searchplugins\web-search.xml not found.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Users\mala_kea\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files (x86)\Yontoo\YontooIEClient.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ not found.
File C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67a15fa1-ef71-11df-a5f0-00262d645032}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67a15fa1-ef71-11df-a5f0-00262d645032}\ not found.
File/Folder C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp not found.
File/Folder C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp not found.
File/Folder C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp not found.
File/Folder C:\Windows\SoftwareDistribution\Download\03ef743b4ce9192ba36e9a627d9cdfb2\*.tmp not found.
File/Folder C:\Windows\SoftwareDistribution\Download\4885e6e0696b9a7c129b577cb213c5fa\*.tmp not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
File/Folder C:\Windows\Temp\*.tmp not found.
Folder C:\Users\mala_kea\AppData\Roaming\.#\ not found.
File C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3901736656-496437738-2820992977-1000Core.job not found.
File C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3901736656-496437738-2820992977-1000UA.job not found.
File C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.
Unable to delete ADS C:\ProgramData\Temp:AB689DEA .
Unable to delete ADS C:\ProgramData\Temp:5D7E5A8F .
Unable to delete ADS C:\ProgramData\Temp:4D066AD2 .
Unable to delete ADS C:\ProgramData\Temp:93DE1838 .
Unable to delete ADS C:\ProgramData\Temp:E3C56885 .
Unable to delete ADS C:\ProgramData\Temp:1D32EC29 .
Unable to delete ADS C:\ProgramData\Temp:E1F04E8D .
Unable to delete ADS C:\ProgramData\Temp:ABE89FFE .
Unable to delete ADS C:\ProgramData\Temp:0B9176C0 .
Unable to delete ADS C:\ProgramData\Temp:4CF61E54 .
========== SERVICES/DRIVERS ==========
Error: No service named gupdate was found to stop!
Service\Driver key gupdate not found.
Error: No service named gupdatem was found to stop!
Service\Driver key gupdatem not found.
Error: No service named gusvc was found to stop!
Service\Driver key gusvc not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PC Suite Tray not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\NWEReboot not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Ask.com not found.
File\Folder C:\Program Files (x86)\DAEMON Tools Toolbar not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mala_kea
->Temp folder emptied: 1478732 bytes
->Temporary Internet Files folder emptied: 801094 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 104796797 bytes
->Flash cache emptied: 4363 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3270 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1565888147 bytes

Total Files Cleaned = 1,596.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: mala_kea
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: mala_kea
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.54.1 log created on 07252012_222310

Files\Folders moved on Reboot...
File\Folder C:\Users\mala_kea\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...
File C:\Users\mala_kea\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

#18 Příspěvek od **vyosek** » 25 črc 2012 21:51

Stahnete RKill http://download.bleepingcomputer.com/gr ... /rkill.exe

Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

mala_kea · #19 Příspěvek od **mala_kea** » 25 črc 2012 21:55

dobře, prozatím děkuji, udělám to nejspíš zítra, dnes již musím spát. Budu se těšit na další rady

#20 Příspěvek od **vyosek** » 25 črc 2012 21:57

Prozatim neni zac, dobrou noc

mala_kea · #21 Příspěvek od **mala_kea** » 27 črc 2012 21:21

zdravím, snad není pozdě. Vkládám log z combofixu:

ComboFix 12-07-27.03 - mala_kea 27.07.2012 22:01:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3067.937 [GMT 2:00]
Spuštěný z: c:\users\mala_kea\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\Web Assistant\ExTEnsion32.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-27 do 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 20:14 . 2012-07-27 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 19:54 . 2012-07-27 19:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AA212EA-80E1-41C4-ABD0-736D262DDD50}\offreg.dll
2012-07-27 19:44 . 2012-07-27 19:44 -------- d-----w- c:\users\mala_kea\AppData\Local\PackageAware
2012-07-27 11:58 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AA212EA-80E1-41C4-ABD0-736D262DDD50}\mpengine.dll
2012-07-25 16:59 . 2012-07-25 16:59 -------- d-----w- C:\_OTL
2012-07-25 10:14 . 2012-07-25 10:14 512 ----a-w- C:\PhysicalMBR.bin
2012-07-23 19:16 . 2012-07-23 19:16 -------- d-----w- c:\program files (x86)\CDex_150
2012-07-16 21:12 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 11:56 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-16 11:56 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-16 11:56 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-16 11:56 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-16 11:55 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-07-16 11:55 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-16 11:55 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-16 11:55 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-16 11:55 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-16 11:55 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-16 11:55 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-16 11:55 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-16 11:55 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-16 11:55 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-16 11:55 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-16 11:54 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-07 12:16 . 2012-07-07 12:16 842 ----a-w- C:\user.js
2012-07-07 12:15 . 2012-07-27 20:13 -------- d-----w- c:\program files\Web Assistant
2012-07-07 12:15 . 2012-07-25 17:00 -------- d-----w- c:\program files (x86)\Yontoo
2012-07-07 12:15 . 2012-07-07 12:15 -------- d-----w- c:\programdata\Tarma Installer
2012-07-07 12:14 . 2012-07-07 12:14 -------- d-----w- c:\program files (x86)\1ClickDownload
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 21:03 . 2009-12-30 18:32 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 09:14 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 09:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 09:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 09:15 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 09:14 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 09:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 09:14 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 09:14 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 09:14 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:27 . 2012-07-16 11:55 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:48 . 2012-07-16 11:55 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2009-12-30 18:09 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 14:31 . 2010-02-12 09:53 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-30 14:31 . 2009-12-22 21:08 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-30 14:30 . 2009-12-22 21:08 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-26 17:55 . 2009-12-22 21:08 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-15 03:56 . 2012-06-13 19:40 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-13 19:39 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-13 19:40 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 10:52 . 2012-06-13 19:39 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 19:39 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 19:39 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:54 . 2012-05-03 02:54 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-05-02 05:32 . 2012-06-13 19:39 208896 ----a-w- c:\windows\system32\profsvc.dll
2010-10-19 16:59 . 2010-08-18 16:48 348160 ----a-w- c:\program files (x86)\MSVCR71.DLL
2010-10-19 16:59 . 2010-08-18 16:47 1060864 ----a-w- c:\program files (x86)\MFC71.DLL
2010-10-19 16:59 . 2010-10-19 16:59 909312 ----a-w- c:\program files (x86)\WTRAN32c.DLL
2010-10-19 16:59 . 2010-10-19 16:59 827392 ----a-w- c:\program files (x86)\WDICT32c.DLL
2010-10-19 16:59 . 2010-10-19 16:59 548864 ----a-w- c:\program files (x86)\WEN.DLL
2010-10-19 16:59 . 2010-10-19 16:59 244736 ----a-w- c:\program files (x86)\C4DLL320.DLL
2010-10-19 16:59 . 2010-10-19 16:59 246424 ----a-w- c:\program files (x86)\UNICOWS.DLL
2010-10-19 16:59 . 2010-10-19 16:59 225280 ----a-w- c:\program files (x86)\POLSPELL.DLL
2010-10-19 16:59 . 2010-10-19 16:59 155648 ----a-w- c:\program files (x86)\AutoCorrectDLL.DLL
2010-10-19 16:59 . 2010-10-19 16:59 174352 ----a-w- c:\program files (x86)\RICHED32.DLL
2010-10-19 16:59 . 2010-10-19 16:59 62464 ----a-w- c:\program files (x86)\WRITE.WPC
2010-10-19 16:59 . 2010-10-19 16:59 548864 ----a-w- c:\program files (x86)\C4DLL323.DLL
2010-10-19 16:59 . 2010-10-19 16:59 164352 ----a-w- c:\program files (x86)\MSWD6_32.WPC
2010-10-19 16:59 . 2010-10-19 16:59 3600384 ----a-w- c:\program files (x86)\WTRAN32.EXE
2010-10-19 16:59 . 2010-10-19 16:59 2568192 ----a-w- c:\program files (x86)\WDICT32.EXE
2010-08-27 17:47 . 2010-09-02 12:17 440184 ----a-w- c:\program files (x86)\launcher.exe
2003-09-22 16:45 . 2010-08-18 17:01 1486848 ----a-w- c:\program files (x86)\MaxPayne2.exe
2003-09-22 11:45 . 2010-08-18 16:48 176128 ----a-w- c:\program files (x86)\oleacc.dll
2003-09-22 11:45 . 2010-08-18 16:48 499712 ----a-w- c:\program files (x86)\msvcp71.dll
2003-09-22 11:45 . 2010-08-18 16:47 49152 ----a-w- c:\program files (x86)\BugReport.exe
2003-09-22 11:45 . 2010-08-18 16:47 135168 ----a-w- c:\program files (x86)\eax.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 181480]
.
c:\users\mala_kea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\mala_kea\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-18 1079584]
GamePark klient 2.lnk - c:\program files (x86)\GamePark2\gpcl.exe [2012-2-3 442880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-06-06 185856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-05-18 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-05-18 171008]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-23 69976]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2012-03-23 191440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-05-01 81440]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-06-06 07:14 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-07 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL =
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{DEEE12E0-3A39-4EA7-854A-DF3C9FB965E5}: DhcpNameServer = 10.105.1.1
FF - ProfilePath - c:\users\mala_kea\AppData\Roaming\Mozilla\Firefox\Profiles\kbpy7xf1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: extentions.y2layers.installId - 1f83e8b7-3e5c-4641-80f6-86d7d1cdc1fd
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyHdoEt0x
FF - user.js: extensions.incredibar_i.upn2n - 92261714137570805
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyHdoEt0x&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - a43664880000000000000017c4c148a1
FF - user.js: extensions.incredibar_i.instlDay - 15528
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:16
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\SecuROM\License information*]
"datasecu"=hex:57,54,6e,2c,ca,d7,74,c8,47,09,70,3f,ff,fd,4c,fe,1d,fc,82,4c,46,
7a,9c,04,1f,5c,c1,3c,36,31,5b,4e,8f,41,0f,b2,c2,1d,03,1a,84,25,e7,62,84,fd,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-07-27 22:20:35
ComboFix-quarantined-files.txt 2012-07-27 20:20
.
Před spuštěním: 1 574 014 976
Po spuštění: 1 419 296 768
.
- - End Of File - - C96FCD2691501216253284177DCC76D5

#22 Příspěvek od **vyosek** » 28 črc 2012 09:48

Zdravim a pekne sobotni dopoledne preji

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Firefox::
FF - ProfilePath - c:\users\mala_kea\AppData\Roaming\Mozilla\Firefox\Profiles\kbpy7xf1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: extentions.y2layers.installId - 1f83e8b7-3e5c-4641-80f6-86d7d1cdc1fd
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyHdoEt0x
FF - user.js: extensions.incredibar_i.upn2n - 92261714137570805
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyHdo ... 26&search=
FF - user.js: extensions.incredibar_i.id - a43664880000000000000017c4c148a1
FF - user.js: extensions.incredibar_i.instlDay - 15528
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:16
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false

RegNull::
[HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-3901736656-496437738-2820992977-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

mala_kea · #23 Příspěvek od **mala_kea** » 10 srp 2012 12:46

omlouvám se za delší neodezvu, ale dovolená nepočká

zde vkládám požadovaný log:

ComboFix 12-07-27.03 - mala_kea 10.08.2012 13:22:38.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3067.1176 [GMT 2:00]
Spuštěný z: c:\users\mala_kea\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\mala_kea\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-10 do 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 11:34 . 2012-08-10 11:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 19:44 . 2012-07-27 19:44 -------- d-----w- c:\users\mala_kea\AppData\Local\PackageAware
2012-07-25 16:59 . 2012-07-25 16:59 -------- d-----w- C:\_OTL
2012-07-25 10:14 . 2012-07-25 10:14 512 ----a-w- C:\PhysicalMBR.bin
2012-07-23 19:16 . 2012-07-23 19:16 -------- d-----w- c:\program files (x86)\CDex_150
2012-07-16 21:12 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 11:56 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-16 11:56 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-16 11:56 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-16 11:56 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-16 11:55 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-07-16 11:55 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-16 11:55 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-16 11:55 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-16 11:55 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-16 11:55 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-16 11:55 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-16 11:55 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-16 11:55 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-16 11:55 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-16 11:55 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-16 11:54 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 21:03 . 2009-12-30 18:32 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 10:04 . 2012-08-09 21:03 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{380E5E6C-5177-419C-8362-B66BCE90484F}\mpengine.dll
2012-06-02 22:19 . 2012-06-19 09:14 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 09:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 09:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 09:15 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 09:14 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 09:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 09:14 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 09:14 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 09:14 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:27 . 2012-07-16 11:55 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:48 . 2012-07-16 11:55 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2009-12-30 18:09 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 14:31 . 2010-02-12 09:53 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-30 14:31 . 2009-12-22 21:08 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-30 14:30 . 2009-12-22 21:08 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-26 17:55 . 2009-12-22 21:08 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-15 03:56 . 2012-06-13 19:40 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-13 19:39 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-13 19:40 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2010-10-19 16:59 . 2010-08-18 16:48 348160 ----a-w- c:\program files (x86)\MSVCR71.DLL
2010-10-19 16:59 . 2010-08-18 16:47 1060864 ----a-w- c:\program files (x86)\MFC71.DLL
2010-10-19 16:59 . 2010-10-19 16:59 909312 ----a-w- c:\program files (x86)\WTRAN32c.DLL
2010-10-19 16:59 . 2010-10-19 16:59 827392 ----a-w- c:\program files (x86)\WDICT32c.DLL
2010-10-19 16:59 . 2010-10-19 16:59 548864 ----a-w- c:\program files (x86)\WEN.DLL
2010-10-19 16:59 . 2010-10-19 16:59 244736 ----a-w- c:\program files (x86)\C4DLL320.DLL
2010-10-19 16:59 . 2010-10-19 16:59 246424 ----a-w- c:\program files (x86)\UNICOWS.DLL
2010-10-19 16:59 . 2010-10-19 16:59 225280 ----a-w- c:\program files (x86)\POLSPELL.DLL
2010-10-19 16:59 . 2010-10-19 16:59 155648 ----a-w- c:\program files (x86)\AutoCorrectDLL.DLL
2010-10-19 16:59 . 2010-10-19 16:59 174352 ----a-w- c:\program files (x86)\RICHED32.DLL
2010-10-19 16:59 . 2010-10-19 16:59 62464 ----a-w- c:\program files (x86)\WRITE.WPC
2010-10-19 16:59 . 2010-10-19 16:59 548864 ----a-w- c:\program files (x86)\C4DLL323.DLL
2010-10-19 16:59 . 2010-10-19 16:59 164352 ----a-w- c:\program files (x86)\MSWD6_32.WPC
2010-10-19 16:59 . 2010-10-19 16:59 3600384 ----a-w- c:\program files (x86)\WTRAN32.EXE
2010-10-19 16:59 . 2010-10-19 16:59 2568192 ----a-w- c:\program files (x86)\WDICT32.EXE
2010-08-27 17:47 . 2010-09-02 12:17 440184 ----a-w- c:\program files (x86)\launcher.exe
2003-09-22 16:45 . 2010-08-18 17:01 1486848 ----a-w- c:\program files (x86)\MaxPayne2.exe
2003-09-22 11:45 . 2010-08-18 16:48 176128 ----a-w- c:\program files (x86)\oleacc.dll
2003-09-22 11:45 . 2010-08-18 16:48 499712 ----a-w- c:\program files (x86)\msvcp71.dll
2003-09-22 11:45 . 2010-08-18 16:47 49152 ----a-w- c:\program files (x86)\BugReport.exe
2003-09-22 11:45 . 2010-08-18 16:47 135168 ----a-w- c:\program files (x86)\eax.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-27_20.14.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-08-10 11:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-27 16:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-27 16:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-10 11:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 16:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-10 11:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-22 05:15 . 2012-08-10 11:38 79102 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-10 11:38 47710 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-22 20:31 . 2012-08-10 10:31 28010 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3901736656-496437738-2820992977-1000_UserData.bin
- 2009-12-23 05:23 . 2012-07-27 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-23 05:23 . 2012-08-10 11:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-25 20:42 . 2012-08-10 11:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-25 20:42 . 2012-07-27 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-10 11:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-22 22:53 . 2012-07-27 11:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-22 22:53 . 2012-08-10 11:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-22 22:53 . 2012-08-10 11:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-22 22:53 . 2012-07-27 11:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-22 22:53 . 2012-07-27 11:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-22 22:53 . 2012-08-10 11:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-22 20:35 . 2012-07-27 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-22 20:35 . 2012-08-10 11:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-22 20:35 . 2012-07-27 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-22 20:35 . 2012-08-10 11:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-10 11:36 . 2012-08-10 11:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-27 11:51 . 2012-07-27 11:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-27 11:51 . 2012-07-27 11:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-10 11:36 . 2012-08-10 11:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-22 20:28 . 2012-07-28 09:56 297962 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-05 10:32 638214 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-28 06:38 638214 c:\windows\system32\perfh009.dat
+ 2009-11-07 23:32 . 2012-07-28 06:38 653296 c:\windows\system32\perfh005.dat
- 2009-11-07 23:32 . 2012-07-05 10:32 653296 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-07-05 10:32 116250 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-28 06:38 116250 c:\windows\system32\perfc009.dat
+ 2009-11-07 23:32 . 2012-07-28 06:38 131892 c:\windows\system32\perfc005.dat
- 2009-11-07 23:32 . 2012-07-05 10:32 131892 c:\windows\system32\perfc005.dat
- 2009-07-14 05:12 . 2012-07-24 15:16 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-08-10 10:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-07-25 21:59 387672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-10 11:35 387672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-07-27 12:08 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-10 10:39 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 181480]
.
c:\users\mala_kea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\mala_kea\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-18 1079584]
GamePark klient 2.lnk - c:\program files (x86)\GamePark2\gpcl.exe [2012-2-3 442880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-05-18 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-05-18 171008]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-23 69976]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2012-03-23 191440]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-06-06 185856]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-05-01 81440]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-07 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
.
------- Doplňkový sken -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL =
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.105.1.1
TCP: Interfaces\{DEEE12E0-3A39-4EA7-854A-DF3C9FB965E5}: DhcpNameServer = 10.105.1.1
FF - ProfilePath - c:\users\mala_kea\AppData\Roaming\Mozilla\Firefox\Profiles\kbpy7xf1.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2012-08-10 13:44:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-10 11:44
ComboFix2.txt 2012-07-27 20:20
.
Před spuštěním: 1 572 294 656
Po spuštění: 1 458 163 712
.
- - End Of File - - 3C443B8CF4F0B25344E60B7020217293

#24 Příspěvek od **vyosek** » 10 srp 2012 13:43

Zdravim,

nic se nedeje, kazdy mame svuj soukromy zivot

CF udelalo co melo, jak se chova PC

mala_kea · #25 Příspěvek od **mala_kea** » 10 srp 2012 13:46

řekl, bych že je relativně rychlejší

takže děkuji za pomoc, v případě dalších problémů se na vás rád obrátím

s přáním hezkého dne.

#26 Příspěvek od **vyosek** » 10 srp 2012 14:55

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

pomalý počítač

Re: pomalý počítač

Re: pomalý počítač

Re: pomalý počítač

Re: pomalý počítač

Re: pomalý počítač

Re: pomalý počítač

Re: pomalý počítač

Re: pomalý počítač

Re: pomalý počítač

Re: pomalý počítač

Re: pomalý počítač