PC se sekne při otevření .doc souboru .pdf souboru

[Rudy]

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Sice předpokládám, že problém je systémový, nicméně je třeba mít jistotu, že je PC bez virů.

[Kachnacicek]

ComboFix 12-12-29.02 - Nikol 29.12.2012 11:21:23.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2813.1884 [GMT 1:00]
Spuštěný z: c:\users\Nikol\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-29 )))))))))))))))))))))))))))))))
.
.
2012-12-29 10:32 . 2012-12-29 10:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-29 10:21 . 2012-12-29 10:21 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6648F23A-C30D-4386-BDFD-99FFE5687438}\offreg.dll
2012-12-28 17:39 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6648F23A-C30D-4386-BDFD-99FFE5687438}\mpengine.dll
2012-12-27 15:45 . 2012-12-28 21:55 -------- d-----w- c:\program files\trend micro
2012-12-26 13:20 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-26 13:20 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 21:12 . 2012-12-13 21:12 -------- d-----w- C:\f2f6db9427ee7ce386fc73
2012-12-13 13:08 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 13:06 . 2012-10-27 06:23 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-12-13 13:06 . 2012-11-12 11:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 13:06 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-07-25 16:08 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-05-27 17:20 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-05-27 17:20 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2010-05-27 17:20 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2010-05-27 17:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-08-26 15:41 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2010-05-27 17:19 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 07:39 . 2012-11-27 18:09 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-04-25 22:19 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 17:40 . 2012-11-15 14:11 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 14:11 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-03 16:58 . 2012-11-15 14:12 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-15 14:12 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-15 14:12 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-15 14:12 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-15 14:12 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 14:12 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-15 14:12 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-15 14:12 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-05 458844]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Nikol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-3 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AliWGP;Composite Device;c:\windows\system32\DRIVERS\mfpcomp.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-18 c:\windows\Tasks\HPCeeScheduleForNikol.job
- c:\program files\hewlett-packard\hp ceement\HPCEE.exe [2010-09-13 21:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\www
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_E6C807F38EB64284.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-29 11:41:41
ComboFix-quarantined-files.txt 2012-12-29 10:41
.
Před spuštěním: Volných bajtů: 257 611 943 936
Po spuštění: Volných bajtů: 257 517 936 640
.
- - End Of File - - 4408ED2158FDABC415E915B51E331D5A

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Kachnacicek]

Hotovo, žádné viditelné zlepšení.
Log:

ComboFix 12-12-29.02 - Nikol 29.12.2012 15:35:32.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2813.1638 [GMT 1:00]
Spuštěný z: c:\users\Nikol\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Nikol\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-29 )))))))))))))))))))))))))))))))
.
.
2012-12-29 14:42 . 2012-12-29 14:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 17:39 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6648F23A-C30D-4386-BDFD-99FFE5687438}\mpengine.dll
2012-12-27 15:45 . 2012-12-28 21:55 -------- d-----w- c:\program files\trend micro
2012-12-26 13:20 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-26 13:20 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 21:12 . 2012-12-13 21:12 -------- d-----w- C:\f2f6db9427ee7ce386fc73
2012-12-13 13:08 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 13:06 . 2012-10-27 06:23 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-12-13 13:06 . 2012-11-12 11:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 13:06 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-07-25 16:08 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-05-27 17:20 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-05-27 17:20 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2010-05-27 17:20 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2010-05-27 17:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-08-26 15:41 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2010-05-27 17:19 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 07:39 . 2012-11-27 18:09 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-04-25 22:19 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 17:40 . 2012-11-15 14:11 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 14:11 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-03 16:58 . 2012-11-15 14:12 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-15 14:12 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-15 14:12 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-15 14:12 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-15 14:12 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 14:12 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-15 14:12 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-15 14:12 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-05 458844]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Nikol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-3 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AliWGP;Composite Device;c:\windows\system32\DRIVERS\mfpcomp.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-18 c:\windows\Tasks\HPCeeScheduleForNikol.job
- c:\program files\hewlett-packard\hp ceement\HPCEE.exe [2010-09-13 21:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\www
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5092)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\windows\system32\sppsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2012-12-29 15:49:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-29 14:49
ComboFix2.txt 2012-12-29 11:57
ComboFix3.txt 2012-12-29 10:41
.
Před spuštěním: Volných bajtů: 257 593 798 656
Po spuštění: Volných bajtů: 257 544 978 432
.
- - End Of File - - F2746ECC1C071DD3A54C1722F998F52C

[Rudy]

PC jsme vyčistili od šmejdů a zbytečností. Pokud se stav nezměnil, je to problém systému. Co jste instalovala těsné před tím, než se problém objevil? Myslím tím programy a aktualizace.