Modrá smrt

[dalibor119]

Zdravím,
pravděpodobně bratr stáhl nějaký sobour který vyvolal nejaké chujoviny. Počítač nabíhá ale při přihlašovaní uživatele to hodí modrou smrt pouze když je v pc sítový kabel. Když pc není připojení k internetu normalně běží,nod 32 nenajde žádnej vir,jakmile kdykoliv se připojí k internetu hned to hodí modrou smrt. Stažený sobour který stahl jsem smazal -nepomohlo to. Jak mám postupovat ? díky za rady

[Rudy]

Také zdravím!
Dejte nejprve log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

[dalibor119]

je to bez připojého sitového kabelu (jinak bych se tam ani nedostal)

ogfile of random's system information tool 1.09 (written by random/random)
Run by Dalibor at 2013-01-26 19:27:42
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 24 GB (47%) free of 52 GB
Total RAM: 2046 MB (53% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\ROC_JAN2013_TB_rmv.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Dalibor\AppData\Roaming\Mozilla\Firefox\Profiles\7weaovur.default

prefs.js - "browser.startup.homepage" - "http://isearch.avg.com/?cid={01AE25A6-1 ... 2011-12-25 13:25:45&v=14.0.2.14&pid=avg&sg=&sap=hp"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="

"avg@toolbar"=C:\ProgramData\AVG Secure Search\8.0.0.40\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
avg-secure-search.xml
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Dalibor\AppData\Roaming\Mozilla\Firefox\Profiles\7weaovur.default\extensions\
yasearch@yandex.ru
{687578b9-7132-4a7a-80e4-30ee31099e03}

C:\Users\Dalibor\AppData\Roaming\Mozilla\Firefox\Profiles\7weaovur.default\searchplugins\
conduit.xml
ybqs-firmy.xml
ybqs-mapy.xml
ybqs-seznam.xml
ybqs-sz_vidia.xml
ybqs-zbozi.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll [2013-01-15 1883824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C93F72A2-2162-4BBA-A07A-F13663C297A6}]
Vizuální záložky - C:\Program Files\Yandex\YandexBarIE\fastdial.dll [2011-10-13 2697528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0181C6E-9218-4792-9F3C-E8DF52B2F1AC}]
GretechBHO Class - C:\Program Files\GRETECH\GomPicker\GomPickerBHO.dll [2011-12-14 1184888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll [2013-01-15 1883824]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
{91397D20-1446-11D4-8AF4-0040CA1127B6} - Yandex.Bar - C:\Program Files\Yandex\YandexBarIE\yndbar.dll [2011-10-20 12336440]
{687578b9-7132-4a7a-80e4-30ee31099e03} - uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2013-01-15 1101488]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-01-03 1391272]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-04-18 421888]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-10 2254768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"RGSC"=D:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"winmon"=C:\Users\Dalibor\AppData\Roaming\winmon.exe [2012-08-19 3252224]
"EA Core"=D:\Hry\EADM\Core.exe -silent []
"Connectify"=C:\Program Files\Connectify\Connectify.exe [2010-01-15 920064]
"Microsoft Windows Service"=C:\Users\Dalibor\46357865364647353\winsvc.exe [2013-01-26 79872]
"APN PIP"=C:\Users\Dalibor\AppData\Roaming\624AC8\624AC8.exe []
"HotKeysCmds"=C:\Users\Dalibor\AppData\Roaming\click.EXE [2013-01-26 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=0
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"VIDC.XFR1"=xfcodec.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-26 19:27:46 ----D---- C:\Program Files\trend micro
2013-01-26 19:27:42 ----D---- C:\rsit
2013-01-26 17:39:59 ----D---- C:\ProgramData\Local Settings
2013-01-26 17:29:53 ----A---- C:\Windows\ntbtlog.txt
2013-01-26 17:28:02 ----D---- C:\Windows\Minidump
2013-01-26 17:26:43 ----A---- C:\Users\Dalibor\AppData\Roaming\click.exe
2013-01-26 17:25:55 ----A---- C:\Users\Dalibor\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
2013-01-26 17:25:53 ----A---- C:\Users\Dalibor\AppData\Roaming\nMNtffsdf5ev.exe
2013-01-26 17:22:03 ----AH---- C:\Users\Dalibor\AppData\Roaming\winsvcns.sys
2013-01-19 01:21:40 ----D---- C:\Program Files\Mozilla Firefox
2013-01-03 14:04:23 ----D---- C:\Program Files\LogMeIn Hamachi

======List of files/folders modified in the last 1 month======

2013-01-26 19:27:47 ----D---- C:\Windows\Temp
2013-01-26 19:27:46 ----RD---- C:\Program Files
2013-01-26 18:37:26 ----D---- C:\Windows\system32\catroot2
2013-01-26 18:37:21 ----SHD---- C:\System Volume Information
2013-01-26 18:23:44 ----D---- C:\Windows
2013-01-26 17:39:59 ----HD---- C:\ProgramData
2013-01-26 17:27:10 ----SHD---- C:\Users\Dalibor\AppData\Roaming\624AC8
2013-01-26 17:27:08 ----D---- C:\Windows\System32
2013-01-26 17:26:04 ----D---- C:\Windows\system32\Tasks
2013-01-26 17:21:59 ----D---- C:\Windows\Prefetch
2013-01-26 16:47:56 ----D---- C:\Users\Dalibor\AppData\Roaming\Mumble
2013-01-26 10:18:35 ----D---- C:\Windows\system32\config
2013-01-25 06:51:19 ----D---- C:\Program Files\Connectify
2013-01-19 09:16:44 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-01-15 14:32:22 ----D---- C:\Windows\Tasks
2013-01-15 14:32:22 ----D---- C:\Program Files\AVG Secure Search
2013-01-15 14:32:18 ----D---- C:\Program Files\Common Files\AVG Secure Search
2013-01-10 19:57:05 ----D---- C:\Windows\system32\wdi
2013-01-06 15:27:34 ----D---- C:\Users\Dalibor\AppData\Roaming\Skype
2013-01-03 14:04:28 ----SHD---- C:\Windows\Installer
2012-12-31 15:12:59 ----D---- C:\Windows\inf
2012-12-31 15:12:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-31 00:26:30 ----D---- C:\Users\Dalibor\AppData\Roaming\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\drivers\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2013-01-15 31576]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-21 242240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 mbmiodrvr;mbmiodrvr; \??\C:\Windows\system32\mbmiodrvr.sys [2004-04-10 2944]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [2011-09-21 21992]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 ip100Avista;ASUS NX1001 Network Adapter NT Driver; C:\Windows\system32\DRIVERS\ipfnd51.sys [2007-09-28 29696]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064]
S1 MpKslb2305d74;MpKslb2305d74; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90EF20CB-E32B-42EC-B55D-10F3CADE1A1A}\MpKslb2305d74.sys []
S2 3259;3259; \??\C:\Users\Dalibor\AppData\Local\Temp\3259.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-05-29 1528672]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-15 945328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-04 116648]
S2 KMService;KMService; C:\Windows\system32\srvany.exe [2012-01-25 8192]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-04 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-19 115608]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-26 1343400]

-----------------EOF-----------------







díky za odpověd

[Rudy]

Ještě poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[dalibor119]

ComboFix 13-01-26.02 - Dalibor 26.01.2013 20:04:35.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2046.1151 [GMT 1:00]
Spuštěný z: c:\users\Dalibor\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dalibor\46357865364647353
c:\users\Dalibor\46357865364647353\winsvc.exe
c:\users\Dalibor\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
c:\users\Dalibor\AppData\Roaming\nMNtffsdf5ev.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-26 do 2013-01-26 )))))))))))))))))))))))))))))))
.
.
2013-01-26 19:08 . 2013-01-26 19:08 -------- d-----w- c:\users\Dalibor\AppData\Local\temp
2013-01-26 19:08 . 2013-01-26 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-26 18:27 . 2013-01-26 18:27 -------- d-----w- c:\program files\trend micro
2013-01-26 18:27 . 2013-01-26 18:27 -------- d-----w- C:\rsit
2013-01-26 17:36 . 2013-01-26 17:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36C48597-A418-425A-96B5-201C36C700BD}\offreg.dll
2013-01-26 16:39 . 2013-01-26 16:39 -------- d-----w- c:\programdata\Local Settings
2013-01-26 16:26 . 2013-01-26 16:26 57344 ----a-w- c:\users\Dalibor\AppData\Roaming\click.exe
2013-01-26 16:22 . 2013-01-26 16:22 0 ---ha-w- c:\users\Dalibor\AppData\Roaming\winsvcns.sys
2013-01-03 13:04 . 2013-01-03 13:04 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-15 13:31 . 2012-08-30 16:24 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-25 11:32 . 2012-11-25 11:32 628788 ----a-w- c:\windows\Counter-Strike 1.6 Standalone Uninstaller.exe
2012-11-08 15:52 . 2012-11-08 15:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-08 15:52 . 2011-12-25 13:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 18:57 . 2012-09-22 06:57 44 ---h--w- c:\program files\53b63721.tmp
2013-01-19 00:21 . 2013-01-19 00:21 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-08-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-15 13:31 1883824 ----a-w- c:\program files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-15 1883824]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2011-10-20 12336440]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2011-10-20 12336440]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RGSC"="d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"winmon"="c:\users\Dalibor\AppData\Roaming\winmon.exe" [2012-08-19 3252224]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2010-01-15 920064]
"HotKeysCmds"="c:\users\Dalibor\AppData\Roaming\click.EXE" [2013-01-26 57344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-01-15 1101488]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R1 MpKslb2305d74;MpKslb2305d74;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90EF20CB-E32B-42EC-B55D-10F3CADE1A1A}\MpKslb2305d74.sys [x]
R2 3259;3259;c:\users\Dalibor\AppData\Local\Temp\3259.sys [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [x]
S3 ip100Avista;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 13:03 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-04 06:46]
.
2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-04 06:46]
.
2013-01-26 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-15 13:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.babylon.com/?affID=116775&tt=4412_2&babsrc=HP_ss&mntrId=e4624ac8000000000000bcaec5a6702c
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Dalibor\AppData\Roaming\Mozilla\Firefox\Profiles\7weaovur.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={01AE25A6-1647-43C4-B379-1198CA664ACC}&mid=c491a13d610e47d1a2056de7834299df-70c1dc6b796711370cd9ecf3d126b0ff54af609f&lang=cs&ds=is015&pr=sa&d=2011-12-25 13:25&v=14.0.2.14&pid=avg&sg=&sap=hp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-EA Core - d:\hry\EADM\Core.exe
HKCU-Run-Microsoft Windows Service - c:\users\Dalibor\46357865364647353\winsvc.exe
HKCU-Run-APN PIP - c:\users\Dalibor\AppData\Roaming\624AC8\624AC8.exe
AddRemove-Mumble - c:\program files\Mumble\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3499994948-1052064763-2106526459-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,07,51,37,48,ad,75,e5,e5,9e,e0,38,5d,a5,db,8c,72,29,47,4e,e2,
7e,c2,19,00,ac,9c,f7,1b,87,87,a4,33,9d,9f,16,0c,84,47,7e,fb,21,11,90,9b,1b,\
"rkeysecu"=hex:bd,71,ad,62,b2,69,7e,fc,fb,85,83,26,1b,8e,6f,90
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-01-26 20:09:57
ComboFix-quarantined-files.txt 2013-01-26 19:09
.
Před spuštěním: Volných bajtů: 25 167 974 400
Po spuštění: Volných bajtů: 31 911 768 064
.
- - End Of File - - 799C175947C7BC0B7A26EA967E84EA0B

[Rudy]

Ještě dočistíme. Otevřte poznámový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Collect::
c:\program files\53b63721.tmp
c:\users\Dalibor\AppData\Roaming\winmon.exe
c:\users\Dalibor\AppData\Local\Temp\3259.sys

Folder::
c:\program files\Ask.com
c:\program files\uTorrentControl2
c:\program files\Yandex

Driver::
3259

Firefox::
FF - ProfilePath - c:\users\Dalibor\AppData\Roaming\Mozilla\Firefox\Profiles\7weaovur.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[-HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[-HKEY_CLASSES_ROOT\Yandex.Toolbar]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winmon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

Regnull::
[HKEY_USERS\S-1-5-21-3499994948-1052064763-2106526459-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[dalibor119]

nový log
omboFix 13-01-26.02 - Dalibor 26.01.2013 21:41:29.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2046.1179 [GMT 1:00]
Spuštěný z: c:\users\Dalibor\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_3259
-------\Service_3259
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-26 do 2013-01-26 )))))))))))))))))))))))))))))))
.
.
2013-01-26 20:45 . 2013-01-26 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-26 20:20 . 2013-01-26 20:45 -------- d-----w- c:\users\Dalibor\AppData\Local\temp
2013-01-26 18:27 . 2013-01-26 18:27 -------- d-----w- c:\program files\trend micro
2013-01-26 18:27 . 2013-01-26 18:27 -------- d-----w- C:\rsit
2013-01-26 17:36 . 2013-01-26 20:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36C48597-A418-425A-96B5-201C36C700BD}\offreg.dll
2013-01-26 16:39 . 2013-01-26 16:39 -------- d-----w- c:\programdata\Local Settings
2013-01-26 16:26 . 2013-01-26 16:26 57344 ----a-w- c:\users\Dalibor\AppData\Roaming\click.exe
2013-01-26 16:22 . 2013-01-26 16:22 0 ---ha-w- c:\users\Dalibor\AppData\Roaming\winsvcns.sys
2013-01-03 13:04 . 2013-01-03 13:04 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-15 13:31 . 2012-08-30 16:24 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-25 11:32 . 2012-11-25 11:32 628788 ----a-w- c:\windows\Counter-Strike 1.6 Standalone Uninstaller.exe
2012-11-08 15:52 . 2012-11-08 15:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-08 15:52 . 2011-12-25 13:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-19 00:21 . 2013-01-19 00:21 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-08-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-15 13:31 1883824 ----a-w- c:\program files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RGSC"="d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2010-01-15 920064]
"HotKeysCmds"="c:\users\Dalibor\AppData\Roaming\click.EXE" [2013-01-26 57344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-01-15 1101488]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R1 MpKslb2305d74;MpKslb2305d74;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90EF20CB-E32B-42EC-B55D-10F3CADE1A1A}\MpKslb2305d74.sys [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 CFcatchme;CFcatchme;c:\users\Dalibor\AppData\Local\Temp\CFcatchme.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [x]
S3 ip100Avista;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 13:03 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-26 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-15 13:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.babylon.com/?affID=116775&tt=4412_2&babsrc=HP_ss&mntrId=e4624ac8000000000000bcaec5a6702c
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Dalibor\AppData\Roaming\Mozilla\Firefox\Profiles\7weaovur.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={01AE25A6-1647-43C4-B379-1198CA664ACC}&mid=c491a13d610e47d1a2056de7834299df-70c1dc6b796711370cd9ecf3d126b0ff54af609f&lang=cs&ds=is015&pr=sa&d=2011-12-25 13:25&v=14.0.2.14&pid=avg&sg=&sap=hp
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-uTorrentControl2 Toolbar - c:\program files\uTorrentControl2\uninstall.exe
.
.
.
Celkový čas: 2013-01-26 21:46:52
ComboFix-quarantined-files.txt 2013-01-26 20:46
ComboFix2.txt 2013-01-26 19:09
.
Před spuštěním: Volných bajtů: 31 782 342 656
Po spuštění: Volných bajtů: 31 720 869 888
.
- - End Of File - - 7A120A396D5F523EC73F877CE557B4C0

[Rudy]

Log je již OK. Nastala nějaká změna?

[dalibor119]

bohužel pořád samé..

[Rudy]

Otevřte adresář windows\minidump, jeho obsah zabalte do raru a připojte k vašemu příštímu postu.

[dalibor119]

hmm asi po 4 restartech to přestalo, ale výrazně je pomalejší pc -pořad mám udělat co jste mi napsal ?

[Rudy]

Ano.

[dalibor119]

http://leteckaposta.cz/874778038
a možná by mohlo pomoc že plocha -explorer.exe zabírá 60% cpu..

[Rudy]

Podle minidumpů je možný nějaký problém s ovladači. Přeinstalujte ovladače zákl dasky a wifi karty.

[dalibor119]

reinstal ovladačů nepomohl -nakonec jsem to vyřešil rázně -reinstal windowsu.
Děkuji moc za tvoji ochotu a tvůj čas