prosím o preventivku

[jjeennddaa]

nedaří se mi spustit nouzový režim. držím f8 a nabídka nikde

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: Marťas [Práva správce]
Mód: Kontrola -- Datum: 07/29/2012 14:22:38

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SUSP PATH] SRNTService.exe -- C:\Windows\srntservice.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrů: 11 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-19[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-20[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-892274279-3574375534-938609954-1000[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3160812A ATA Device +++++
--- User ---
[MBR] 2e56ef81142f4b6a6eaee66c542dc8b2
[BSP] 6ff7d1e178389bea0dec6b543b0a8e87 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

[vyosek]

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

• C:\Windows\srntservice.exe
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

[jjeennddaa]

https://www.virustotal.com/file/d6b4a44 ... 343564951/

[vyosek]

OK, zatim avptool nechte tak, jeste zkusime jedno mazani

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Skript pro ComboFix (CF primo na c:\, skript tez) - postup jako minule

Kód: Vybrat vše

KillAll::

Collect::
C:\Windows\srntservice.exe

File::
C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\Profiles\s8dfs4ux.default\searchplugins\my-web-search.xml

Driver::
RegServ

Reboot::

[jjeennddaa]

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: Marťas [Práva správce]
Mód: Odebrat -- Datum: 07/29/2012 14:41:42

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SUSP PATH] SRNTService.exe -- C:\Windows\srntservice.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrů: 10 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> DELETED
[SUSP PATH] HKUS\.DEFAULT[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> DELETED
[SUSP PATH] HKUS\S-1-5-19[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> DELETED
[SUSP PATH] HKUS\S-1-5-20[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> DELETED
[SUSP PATH] _uninst_19602099.lnk @Marťas : C:\Users\Marťas\AppData\Local\temp\_uninst_19602099.bat -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[12] : NtAdjustPrivilegesToken @ 0x834C1D8D -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EEE36)
SSDT[22] : NtAlpcConnectPort @ 0x834B244E -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F1074)
SSDT[23] : NtAlpcCreatePort @ 0x83431CFE -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F12EE)
SSDT[39] : NtAlpcSendWaitReceivePort @ 0x8348F0BE -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F1564)
SSDT[50] : NtClose @ 0x834814F8 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF74A)
SSDT[59] : ExpInterlockedPopEntrySListResume @ 0x834B4F59 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F057E)
SSDT[64] : NtCreateEvent @ 0x8347D7EF -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0AC8)
SSDT[66] : NtCreateFile @ 0x8348C362 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EFA26)
SSDT[74] : NtCreateMutant @ 0x8344D28E -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F09AE)
SSDT[75] : NtCreateNamedPipeFile @ 0x834BD749 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EEA24)
SSDT[77] : NtCreatePort @ 0x8342E851 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0882)
SSDT[84] : NtCreateSection @ 0x8346004D -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EEBCC)
SSDT[85] : NtCreateSemaphore @ 0x83442A85 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0BE8)
SSDT[87] : NtCreateThread @ 0x83518ED6 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF3D0)
SSDT[88] : NtCreateThreadEx @ 0x834AD34B -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF4CE)
SSDT[93] : NtCreateUserProcess @ 0x834AB27D -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F17AE)
SSDT[94] : NtCreateWaitablePort @ 0x833E11B8 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0918)
SSDT[96] : NtDebugActiveProcess @ 0x834EADB0 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F22D6)
SSDT[107] : NtDeviceIoControlFile @ 0x834B05F1 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EFEA8)
SSDT[111] : NtDuplicateObject @ 0x8346E65A -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F34E4)
SSDT[134] : NtFsControlFile @ 0x834928B0 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EFCB6)
SSDT[155] : NtLoadDriver @ 0x83402BFC -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F23C8)
SSDT[168] : NtMapViewOfSection @ 0x83483512 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2B30)
SSDT[177] : NtOpenEvent @ 0x8344CC8A -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0B5E)
SSDT[179] : NtOpenFile @ 0x8346EC7A -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF7CC)
SSDT[187] : NtOpenMutant @ 0x8349E2F0 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0A3E)
SSDT[190] : NtOpenProcess @ 0x8344EAD4 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF074)
SSDT[194] : NtOpenSection @ 0x834A689B -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F28CA)
SSDT[195] : NtOpenSemaphore @ 0x834221B8 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0C7E)
SSDT[198] : NtOpenThread @ 0x8349AF95 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EEF64)
SSDT[224] : NtQueryDirectoryObject @ 0x83495BFE -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F1868)
SSDT[254] : NtQuerySection @ 0x834B3C36 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2E6A)
SSDT[269] : NtQueueApcThread @ 0x83438D9C -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F275C)
SSDT[292] : NtReplaceKey @ 0x834D8B18 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26ED6DE)
SSDT[294] : NtReplyPort @ 0x8342DB2F -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0FE2)
SSDT[295] : NtReplyWaitReceivePort @ 0x8347574C -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0EA8)
SSDT[299] : NtRequestWaitReplyPort @ 0x8347AA43 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2070)
SSDT[302] : NtRestoreKey @ 0x834CEB5C -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EDA56)
SSDT[304] : NtResumeThread @ 0x834AD572 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F3386)
SSDT[309] : NtSaveKey @ 0x834D03CE -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26ED676)
SSDT[312] : NtSecureConnectPort @ 0x8349AFCA -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F02C4)
SSDT[316] : NtSetContextThread @ 0x8351A755 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF5EC)
SSDT[336] : NtSetInformationToken @ 0x83440878 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F190A)
SSDT[347] : NtSetSecurityObject @ 0x8343E71E -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2566)
SSDT[350] : NtSetSystemInformation @ 0x8348B26C -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2FBA)
SSDT[366] : NtSuspendProcess @ 0x8351ABE3 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F30AC)
SSDT[367] : NtSuspendThread @ 0x834D2085 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F31E6)
SSDT[368] : NtSystemDebugControl @ 0x834C26BC -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F21FA)
SSDT[370] : NtTerminateProcess @ 0x83497BCD -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF21A)
SSDT[371] : NtTerminateThread @ 0x834B5584 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF170)
SSDT[385] : NtUnmapViewOfSection @ 0x834A185A -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2D0E)
SSDT[399] : NtWriteVirtualMemory @ 0x8349C92A -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF306)
S_SSDT[14] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27016D0)
S_SSDT[237] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27017A6)
S_SSDT[247] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701816)
S_SSDT[302] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC270173A)
S_SSDT[318] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701D9E)
S_SSDT[323] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC270187E)
S_SSDT[396] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27014F4)
S_SSDT[402] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701302)
S_SSDT[434] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701602)
S_SSDT[436] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC270134E)
S_SSDT[490] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701446)
S_SSDT[508] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC270139A)
S_SSDT[509] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27013EE)
S_SSDT[524] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC270158A)
S_SSDT[536] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27014A6)
S_SSDT[560] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701C50)
S_SSDT[585] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701248)
S_SSDT[588] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27012A0)

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3160812A ATA Device +++++
--- User ---
[MBR] 2e56ef81142f4b6a6eaee66c542dc8b2
[BSP] 6ff7d1e178389bea0dec6b543b0a8e87 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt




RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: Marťas [Práva správce]
Mód: Oprava HOSTS -- Datum: 07/29/2012 14:42:03

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SUSP PATH] SRNTService.exe -- C:\Windows\srntservice.exe -> KILLED [TermProc]

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[vyosek]

Fajn, nyni ComboFix, uz se nam to zacina objevovat

[jjeennddaa]

ComboFix 12-07-29.02 - Marťas 29.07.2012 14:50:25.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2972.1908 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Marťas\AppData\Roaming\Mozilla\Firefox\Profiles\s8dfs4ux.default\searchplugins\my-web-search.xml"
.
file zipped: c:\windows\srntservice.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\srntservice.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RegServ
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 12:57 . 2012-07-29 12:59 -------- d-----w- c:\users\Marťas\AppData\Local\temp
2012-07-29 12:57 . 2012-07-29 12:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 12:30 . 2012-07-29 12:30 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10088737-052A-417B-87BA-1049172930FB}\offreg.dll
2012-07-29 12:27 . 2012-07-29 12:27 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-29 09:26 . 2012-07-29 09:26 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 09:26 . 2012-07-29 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-29 09:26 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 01:38 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10088737-052A-417B-87BA-1049172930FB}\mpengine.dll
2012-07-27 06:10 . 2012-07-27 06:10 -------- d-----w- C:\_OTL
2012-07-27 06:00 . 2012-07-27 06:00 119808 ----a-r- c:\users\Marťas\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-07-27 06:00 . 2012-07-27 06:00 -------- d-----w- c:\users\Marťas\AppData\Local\Apps
2012-07-27 05:56 . 2012-07-27 05:56 -------- d-----w- C:\DriveKey
2012-07-27 05:55 . 2001-09-05 02:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-07-27 05:55 . 2001-09-05 02:18 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-07-27 05:55 . 2001-09-05 02:14 176128 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-07-27 05:55 . 2001-09-05 02:13 32768 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-07-27 05:55 . 2001-09-05 01:24 610436 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2012-07-26 06:19 . 2012-07-26 06:19 512 ----a-w- C:\PhysicalMBR.bin
2012-07-25 09:09 . 2009-08-03 22:31 3948600 ----a-r- c:\windows\system32\ntkrlStaforce.exe
2012-07-22 09:24 . 2012-07-22 09:24 -------- d-----w- c:\users\Marťas\AppData\Local\Adobe
2012-07-11 21:36 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-08 05:01 . 2012-07-08 05:01 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 17:50 . 2012-04-06 04:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 17:50 . 2011-05-19 16:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 06:00 . 2012-07-27 06:00 119808 ----a-r- c:\users\Marťas\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-07-27 06:00 . 2012-07-27 06:00 119808 ----a-r- c:\users\Marťas\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-07-03 16:21 . 2010-05-26 07:08 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-03-25 06:57 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-06-08 06:11 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-05-26 07:08 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-05-26 07:08 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-05-26 07:07 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-06-29 08:30 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-05-26 07:07 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 22:19 . 2012-06-22 17:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 17:30 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 17:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 17:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 17:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 17:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 17:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 17:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 17:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:40 . 2012-07-11 15:28 225280 ----a-w- c:\windows\system32\schannel.dll
2012-05-31 10:25 . 2010-05-25 19:49 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-12 07:58 . 2010-09-01 15:58 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2012-05-01 04:44 . 2012-06-13 04:25 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-18 18:00 . 2011-03-22 18:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-05 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-05 169496]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-25 7547424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-04-05 11:35 141848 ------w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-04-05 11:35 169496 ------w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-06-25 06:07 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 CFcatchme;CFcatchme;c:\users\MARAS~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [x]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dvdfabio;dvdfabio;c:\windows\system32\drivers\dvdfabio.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/10/30 10:08];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vdrive;vdrive;c:\windows\system32\DRIVERS\vdrive.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page =
uDefault_Search_URL =
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Marťas\AppData\Roaming\Mozilla\Firefox\Profiles\s8dfs4ux.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-07-29 15:03:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-29 13:03
ComboFix2.txt 2012-07-29 06:33
ComboFix3.txt 2012-07-28 10:25
.
Před spuštěním: Volných bajtů: 74 518 585 344
Po spuštění: Volných bajtů: 74 449 649 664
.
- - End Of File - - 43989824AF44FDD4F8EF1E8DC3B6DAFC
Nahr nˇ probŘhlo ŁspŘçnŘ

[vyosek]

A nasleduje klasicka otazka - co nas pacient

[jjeennddaa]

Hurá konečně je to pryč.

[jjeennddaa]

díky moc

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Jinak nemate zac, rado se stalo

[jjeennddaa]

jestli ještě můžu jednu věc. v tom seznamu na odinstalování mám anno 2070. je to nějaká hra. ale když kliknu odinstalovat tak se spustí instalace. tak bych rád ten instalační soubor někde našel a vyhodil ale vůbec ho nemůžu najít kde je

[vyosek]

Udelejte log z RSIT a dejte mi sem oba logy (log.txt i info.txt)...on tam muze byt jen zapomenuty zaznam v registru

[jjeennddaa]

Dobrý už jsem ten soubor našel. a ze seznamu jsem to smazal. tak ještě jednou teda mockrát díky

[vyosek]

Super, sikula

Jeste jednou, neni opravdu zac, bylo mi potesenim