Prosim o kontrolu logu. Podezreni na keylogger.

[chytkova1979]

# AdwCleaner v2.300 - Log vytvooen 30/04/2013 v 19:00:13
# Aktualizováno 28/04/2013 Xplode
# Operaení systém : Windows 7 Ultimate (32 bits)
# Uživatel : B lanka - ASUS_NTBOOK
# Spuštin systém : Normální
# Spuštino z : C:\Users\B lanka\Desktop\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****


***** [Registry] *****

Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\PIP
Klíe Nalezeno : HKCU\Software\Softonic
Klíe Nalezeno : HKLM\Software\PIP

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry jsou eisté.

-\\ Google Chrome v26.0.1410.64

Soubor : C:\Users\B lanka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

-\\ Opera v12.15.1748.0

Soubor : C:\Users\B lanka\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [1066 octets] - [30/04/2013 18:59:43]
AdwCleaner[R2].txt - [999 octets] - [30/04/2013 19:00:13]

########## EOF - C:\AdwCleaner[R2].txt - [1058 octets] ##########

[Márty84]

Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Smazat
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner [S1].txt ). Ten mi sem zase zkopirujte.

[chytkova1979]

# AdwCleaner v2.300 - Log vytvooen 30/04/2013 v 20:04:09
# Aktualizováno 28/04/2013 Xplode
# Operaení systém : Windows 7 Ultimate (32 bits)
# Uživatel : B lanka - ASUS_NTBOOK
# Spuštin systém : Normální
# Spuštino z : C:\Users\B lanka\Desktop\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****


***** [Registry] *****

Klíe Vymazáno : HKCU\Software\APN PIP
Klíe Vymazáno : HKCU\Software\PIP
Klíe Vymazáno : HKCU\Software\Softonic
Klíe Vymazáno : HKLM\Software\PIP

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry jsou eisté.

-\\ Google Chrome v26.0.1410.64

Soubor : C:\Users\B lanka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

-\\ Opera v12.15.1748.0

Soubor : C:\Users\B lanka\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [1066 octets] - [30/04/2013 18:59:43]
AdwCleaner[R2].txt - [1127 octets] - [30/04/2013 19:00:13]
AdwCleaner[S1].txt - [1057 octets] - [30/04/2013 20:04:09]

########## EOF - C:\AdwCleaner[S1].txt - [1117 octets] ##########

[Márty84]

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[chytkova1979]

ComboFix 13-04-29.01 - B lanka 30.04.2013 23:51:33.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2814.1783 [GMT 2:00]
Spuštěný z: c:\users\B lanka\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-28 do 2013-04-30 )))))))))))))))))))))))))))))))
.
.
2013-04-30 22:00 . 2013-04-30 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-30 22:00 . 2013-04-30 22:00 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0FF4615-CC5A-4610-9938-39A7C301C226}\offreg.dll
2013-04-29 20:07 . 2013-04-29 20:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-29 20:07 . 2013-04-29 20:07 -------- d-----w- c:\users\B lanka\AppData\Roaming\Malwarebytes
2013-04-29 20:05 . 2013-04-29 20:05 -------- d-----w- c:\programdata\Malwarebytes
2013-04-29 20:05 . 2013-04-30 06:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-28 18:17 . 2013-04-28 18:36 512 ----a-w- C:\PhysicalMBR.bin
2013-04-26 12:49 . 2013-04-12 13:58 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-26 12:49 . 2013-04-17 04:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0FF4615-CC5A-4610-9938-39A7C301C226}\mpengine.dll
2013-04-26 08:29 . 2013-04-26 08:33 -------- d-----w- C:\rsit
2013-04-26 08:29 . 2013-04-26 08:33 -------- d-----w- c:\program files\trend micro
2013-04-26 08:17 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-04-26 08:17 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-04-26 08:17 . 2013-03-06 22:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-04-26 08:17 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-04-26 08:17 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-04-26 08:17 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-26 08:17 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-26 08:17 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-26 08:17 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-26 08:17 . 2013-04-26 08:17 -------- d-----w- c:\program files\CCleaner
2013-04-26 08:15 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-04-26 08:15 . 2013-04-26 08:15 -------- d-----w- c:\program files\AVAST Software
2013-04-26 08:13 . 2013-04-26 08:15 -------- d-----w- c:\programdata\AVAST Software
2013-04-26 07:51 . 2013-04-26 07:51 -------- d-----w- c:\users\B lanka\AppData\Local\Avg2013
2013-04-10 05:43 . 2013-03-01 03:11 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 05:43 . 2013-01-24 04:51 195816 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 05:42 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 05:42 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 05:42 . 2013-03-19 04:54 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 05:42 . 2013-03-19 02:50 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 05:42 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 05:42 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 05:42 . 2013-02-12 13:59 36864 ----a-w- c:\windows\system32\tsgqec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-30 06:53 . 2013-03-25 15:28 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-30 06:53 . 2013-03-25 15:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-25 18:31 . 2013-03-25 18:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-03-25 18:31 . 2013-03-25 18:31 161792 ----a-w- c:\windows\system32\msls31.dll
2013-03-25 18:31 . 2013-03-25 18:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-25 18:31 . 2013-03-25 18:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-25 18:31 . 2013-03-25 18:31 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-25 18:31 . 2013-03-25 18:31 86528 ----a-w- c:\windows\system32\iesysprep.dll
2013-03-25 18:31 . 2013-03-25 18:31 63488 ----a-w- c:\windows\system32\tdc.ocx
2013-03-25 18:31 . 2013-03-25 18:31 367104 ----a-w- c:\windows\system32\html.iec
2013-03-25 18:31 . 2013-03-25 18:31 74752 ----a-w- c:\windows\system32\iesetup.dll
2013-03-25 18:31 . 2013-03-25 18:31 23552 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-25 18:31 . 2013-03-25 18:31 152064 ----a-w- c:\windows\system32\wextract.exe
2013-03-25 18:31 . 2013-03-25 18:31 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-03-25 18:31 . 2013-03-25 18:31 11776 ----a-w- c:\windows\system32\mshta.exe
2013-03-25 18:31 . 2013-03-25 18:31 101888 ----a-w- c:\windows\system32\admparse.dll
2013-03-25 18:31 . 2013-03-25 18:31 35840 ----a-w- c:\windows\system32\imgutil.dll
2013-03-25 12:39 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2013-03-25 12:39 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2013-03-11 23:10 . 2013-03-25 15:26 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-07 18:00 . 2013-03-25 20:26 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-02-12 13:51 . 2013-03-26 22:00 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-03-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-21 98304]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-06-10 548744]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2013-3-25 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 14:28 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-18 14:28 38112 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-04-13 16:25 8555040 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
2013-02-18 11:50 774168 ----a-w- c:\program files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
.
R3 aswVmm;aswVmm; [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
S3 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 18:57 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-25 06:53]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-26 16:52]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-26 16:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-05-01 00:08:01
ComboFix-quarantined-files.txt 2013-04-30 22:07
.
Před spuštěním: Volných bajtů: 53 084 626 944
Po spuštění: Volných bajtů: 52 997 693 440
.
- - End Of File - - BEAB23C01E81879ED42AB49BAA801D48

[Márty84]

Najdete tento soubor c:\windows\System32\user32.dll a otestujte ho na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 Vysledky sem zkopirujte, nebo dejte odkaz.




Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\users\B lanka\AppData\Local\Avg2013

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
PanService

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[chytkova1979]

soubor cisty.


ComboFix 13-04-29.01 - B lanka 01.05.2013 9:58.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2814.1648 [GMT 2:00]
Spuštěný z: c:\users\B lanka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\B lanka\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\B lanka\AppData\Local\Avg2013
c:\users\B lanka\AppData\Local\Avg2013\log\avgcfg.log
c:\users\B lanka\AppData\Local\Avg2013\log\avgcfg.log.lock
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PanService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-01 do 2013-05-01 )))))))))))))))))))))))))))))))
.
.
2013-05-01 08:07 . 2013-05-01 08:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-30 22:00 . 2013-04-30 22:00 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0FF4615-CC5A-4610-9938-39A7C301C226}\offreg.dll
2013-04-29 20:07 . 2013-04-29 20:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-29 20:07 . 2013-04-29 20:07 -------- d-----w- c:\users\B lanka\AppData\Roaming\Malwarebytes
2013-04-29 20:05 . 2013-04-29 20:05 -------- d-----w- c:\programdata\Malwarebytes
2013-04-29 20:05 . 2013-04-30 06:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-28 18:17 . 2013-04-28 18:36 512 ----a-w- C:\PhysicalMBR.bin
2013-04-26 12:49 . 2013-04-12 13:58 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-26 12:49 . 2013-04-17 04:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0FF4615-CC5A-4610-9938-39A7C301C226}\mpengine.dll
2013-04-26 08:29 . 2013-04-26 08:33 -------- d-----w- C:\rsit
2013-04-26 08:29 . 2013-04-26 08:33 -------- d-----w- c:\program files\trend micro
2013-04-26 08:17 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-04-26 08:17 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-04-26 08:17 . 2013-03-06 22:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-04-26 08:17 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-04-26 08:17 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-04-26 08:17 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-26 08:17 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-26 08:17 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-26 08:17 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-26 08:17 . 2013-04-26 08:17 -------- d-----w- c:\program files\CCleaner
2013-04-26 08:15 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-04-26 08:15 . 2013-04-26 08:15 -------- d-----w- c:\program files\AVAST Software
2013-04-26 08:13 . 2013-04-26 08:15 -------- d-----w- c:\programdata\AVAST Software
2013-04-10 05:43 . 2013-03-01 03:11 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 05:43 . 2013-01-24 04:51 195816 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 05:42 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 05:42 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 05:42 . 2013-03-19 04:54 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 05:42 . 2013-03-19 02:50 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 05:42 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 05:42 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 05:42 . 2013-02-12 13:59 36864 ----a-w- c:\windows\system32\tsgqec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-30 06:53 . 2013-03-25 15:28 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-30 06:53 . 2013-03-25 15:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-25 18:31 . 2013-03-25 18:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-03-25 18:31 . 2013-03-25 18:31 161792 ----a-w- c:\windows\system32\msls31.dll
2013-03-25 18:31 . 2013-03-25 18:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-25 18:31 . 2013-03-25 18:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-25 18:31 . 2013-03-25 18:31 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-25 18:31 . 2013-03-25 18:31 86528 ----a-w- c:\windows\system32\iesysprep.dll
2013-03-25 18:31 . 2013-03-25 18:31 63488 ----a-w- c:\windows\system32\tdc.ocx
2013-03-25 18:31 . 2013-03-25 18:31 367104 ----a-w- c:\windows\system32\html.iec
2013-03-25 18:31 . 2013-03-25 18:31 74752 ----a-w- c:\windows\system32\iesetup.dll
2013-03-25 18:31 . 2013-03-25 18:31 23552 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-25 18:31 . 2013-03-25 18:31 152064 ----a-w- c:\windows\system32\wextract.exe
2013-03-25 18:31 . 2013-03-25 18:31 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-03-25 18:31 . 2013-03-25 18:31 11776 ----a-w- c:\windows\system32\mshta.exe
2013-03-25 18:31 . 2013-03-25 18:31 101888 ----a-w- c:\windows\system32\admparse.dll
2013-03-25 18:31 . 2013-03-25 18:31 35840 ----a-w- c:\windows\system32\imgutil.dll
2013-03-25 12:39 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2013-03-25 12:39 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2013-03-11 23:10 . 2013-03-25 15:26 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-07 18:00 . 2013-03-25 20:26 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-02-12 13:51 . 2013-03-26 22:00 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-03-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-21 98304]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-06-10 548744]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2013-3-25 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-04-13 16:25 8555040 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
R3 aswVmm;aswVmm; [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 18:57 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\BatteryCare\BatteryCare.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Celkový čas: 2013-05-01 10:18:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-01 08:18
ComboFix2.txt 2013-04-30 22:08
.
Před spuštěním: Volných bajtů: 56 564 797 440
Po spuštění: Volných bajtů: 56 516 534 272
.
- - End Of File - - 67DCF2D950CB072D651B73380A2965E6

[Márty84]

Dejte novy log z RSIT

[chytkova1979]

Logfile of random's system information tool 1.09 (written by random/random)
Run by B lanka at 2013-05-01 19:58:56
Microsoft Windows 7 Ultimate
System drive C: has 53 GB (74%) free of 72 GB
Total RAM: 2814 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:59:11, on 1.5.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BatteryCare\BatteryCare.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\B lanka\Downloads\RSIT.exe
C:\Program Files\trend micro\B lanka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - ASUSTeK Computer Inc. - C:\Windows\system32\FBAgent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 4305 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-21 98304]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 548744]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]
"HControlUser"=C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [2010-09-23 1601536]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-04-13 8555040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-05-01 10:18:41 ----A---- C:\ComboFix.txt
2013-05-01 10:10:24 ----D---- C:\$RECYCLE.BIN
2013-04-30 23:50:21 ----A---- C:\Windows\zip.exe
2013-04-30 23:50:21 ----A---- C:\Windows\SWSC.exe
2013-04-30 23:50:21 ----A---- C:\Windows\SWREG.exe
2013-04-30 23:50:21 ----A---- C:\Windows\sed.exe
2013-04-30 23:50:21 ----A---- C:\Windows\PEV.exe
2013-04-30 23:50:21 ----A---- C:\Windows\NIRCMD.exe
2013-04-30 23:50:21 ----A---- C:\Windows\MBR.exe
2013-04-30 23:50:21 ----A---- C:\Windows\grep.exe
2013-04-30 23:50:15 ----D---- C:\Qoobox
2013-04-30 23:50:02 ----D---- C:\Windows\erdnt
2013-04-30 20:04:09 ----A---- C:\AdwCleaner[S1].txt
2013-04-30 19:00:13 ----A---- C:\AdwCleaner[R2].txt
2013-04-30 18:59:43 ----A---- C:\AdwCleaner[R1].txt
2013-04-29 22:07:44 ----D---- C:\Users\B lanka\AppData\Roaming\Malwarebytes
2013-04-29 22:07:44 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2013-04-29 22:05:34 ----D---- C:\ProgramData\Malwarebytes
2013-04-29 22:05:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-04-29 21:47:47 ----D---- C:\Config.Msi
2013-04-28 20:05:27 ----A---- C:\Windows\ntbtlog.txt
2013-04-26 14:49:55 ----A---- C:\Windows\system32\drivers\ntfs.sys
2013-04-26 10:29:16 ----D---- C:\rsit
2013-04-26 10:29:16 ----D---- C:\Program Files\trend micro
2013-04-26 10:17:21 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-04-26 10:17:20 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-04-26 10:17:18 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-04-26 10:17:17 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-04-26 10:17:16 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-04-26 10:17:15 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-04-26 10:17:12 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-04-26 10:17:08 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-04-26 10:17:07 ----A---- C:\Windows\system32\aswBoot.exe
2013-04-26 10:17:01 ----D---- C:\Program Files\CCleaner
2013-04-26 10:15:56 ----A---- C:\Windows\avastSS.scr
2013-04-26 10:15:32 ----D---- C:\Program Files\AVAST Software
2013-04-26 10:13:12 ----D---- C:\ProgramData\AVAST Software
2013-04-26 10:06:21 ----D---- C:\Program Files\Adobe
2013-04-10 07:51:22 ----A---- C:\Windows\system32\vbscript.dll
2013-04-10 07:51:22 ----A---- C:\Windows\system32\mshtmled.dll
2013-04-10 07:51:21 ----A---- C:\Windows\system32\jsproxy.dll
2013-04-10 07:51:21 ----A---- C:\Windows\system32\ieui.dll
2013-04-10 07:51:20 ----A---- C:\Windows\system32\wininet.dll
2013-04-10 07:51:20 ----A---- C:\Windows\system32\msfeeds.dll
2013-04-10 07:51:20 ----A---- C:\Windows\system32\jscript.dll
2013-04-10 07:51:20 ----A---- C:\Windows\system32\ieUnatt.exe
2013-04-10 07:51:19 ----A---- C:\Windows\system32\urlmon.dll
2013-04-10 07:51:19 ----A---- C:\Windows\system32\url.dll
2013-04-10 07:51:19 ----A---- C:\Windows\system32\jscript9.dll
2013-04-10 07:51:19 ----A---- C:\Windows\system32\iertutil.dll
2013-04-10 07:51:17 ----A---- C:\Windows\system32\mshtml.dll
2013-04-10 07:51:17 ----A---- C:\Windows\system32\ieframe.dll
2013-04-10 07:43:04 ----A---- C:\Windows\system32\win32k.sys
2013-04-10 07:43:02 ----A---- C:\Windows\system32\drivers\fvevol.sys
2013-04-10 07:42:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-04-10 07:42:57 ----A---- C:\Windows\system32\smss.exe
2013-04-10 07:42:57 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-04-10 07:42:57 ----A---- C:\Windows\system32\csrsrv.dll
2013-04-10 07:42:49 ----A---- C:\Windows\system32\tsgqec.dll
2013-04-10 07:42:49 ----A---- C:\Windows\system32\mstscax.dll
2013-04-10 07:42:49 ----A---- C:\Windows\system32\aaclient.dll

======List of files/folders modified in the last 1 month======

2013-05-01 19:59:12 ----D---- C:\Windows\Prefetch
2013-05-01 19:59:01 ----D---- C:\Windows\Temp
2013-05-01 19:56:15 ----D---- C:\Windows\system32\config
2013-05-01 10:18:54 ----D---- C:\Windows\system32\drivers
2013-05-01 10:10:40 ----D---- C:\Windows
2013-05-01 10:10:40 ----A---- C:\Windows\system.ini
2013-05-01 10:10:17 ----D---- C:\Windows\system32\drivers\etc
2013-05-01 10:09:47 ----D---- C:\Windows\system32\Tasks
2013-05-01 10:04:34 ----D---- C:\Windows\Tasks
2013-05-01 10:01:17 ----D---- C:\Windows\System32
2013-05-01 10:01:17 ----D---- C:\Windows\AppPatch
2013-05-01 10:01:15 ----D---- C:\Program Files\Common Files
2013-05-01 09:57:22 ----SHD---- C:\System Volume Information
2013-05-01 09:53:59 ----D---- C:\Program Files\totalcmd
2013-04-30 23:49:46 ----D---- C:\Users\B lanka\AppData\Roaming\TeraCopy
2013-04-30 08:53:38 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-04-29 22:06:16 ----D---- C:\Windows\winsxs
2013-04-29 22:05:34 ----D---- C:\ProgramData
2013-04-29 22:05:32 ----RD---- C:\Program Files
2013-04-29 22:00:11 ----D---- C:\Windows\Microsoft.NET
2013-04-29 22:00:10 ----RSD---- C:\Windows\assembly
2013-04-29 21:53:17 ----A---- C:\Windows\system32\ServiceFilter.ini
2013-04-29 21:51:13 ----SHD---- C:\Windows\Installer
2013-04-29 21:50:59 ----D---- C:\ProgramData\Microsoft Help
2013-04-29 21:50:14 ----SD---- C:\ProgramData\Microsoft
2013-04-29 21:50:14 ----D---- C:\Program Files\Microsoft.NET
2013-04-29 21:50:14 ----D---- C:\Program Files\Common Files\microsoft shared
2013-04-29 21:49:27 ----RSD---- C:\Windows\Fonts
2013-04-29 21:49:04 ----D---- C:\Program Files\MSBuild
2013-04-29 21:47:58 ----D---- C:\Windows\ShellNew
2013-04-29 21:47:41 ----D---- C:\Program Files\Common Files\System
2013-04-29 21:47:39 ----A---- C:\Windows\win.ini
2013-04-28 21:15:26 ----D---- C:\Windows\system32\wdi
2013-04-28 20:01:54 ----A---- C:\Windows\system32\AutoRunFilter.ini
2013-04-26 14:49:39 ----D---- C:\Windows\system32\catroot
2013-04-26 10:32:15 ----D---- C:\Program Files\Opera
2013-04-26 10:21:36 ----D---- C:\Users\B lanka\AppData\Roaming\Media Player Classic
2013-04-26 10:21:36 ----D---- C:\Users\B lanka\AppData\Roaming\AIMP3
2013-04-26 10:19:56 ----D---- C:\Windows\Panther
2013-04-26 10:19:56 ----D---- C:\Windows\inf
2013-04-26 10:19:55 ----D---- C:\Windows\Logs
2013-04-26 10:19:55 ----D---- C:\Windows\debug
2013-04-26 10:06:22 ----D---- C:\ProgramData\Adobe
2013-04-26 10:06:21 ----D---- C:\Program Files\Common Files\Adobe
2013-04-26 10:03:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-26 09:58:02 ----D---- C:\ProgramData\MFAData
2013-04-15 14:12:42 ----D---- C:\Windows\system32\catroot2
2013-04-11 17:33:42 ----D---- C:\Users\B lanka\AppData\Roaming\vlc
2013-04-10 10:32:03 ----D---- C:\Windows\system32\migration
2013-04-10 10:32:02 ----D---- C:\Program Files\Internet Explorer
2013-04-10 07:50:07 ----A---- C:\Windows\system32\MRT.exe
2013-04-07 12:03:46 ----D---- C:\Windows\rescache
2013-04-04 07:23:13 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-03-07 60656]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [2009-07-02 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-03-07 66336]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-22 6471680]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-22 228352]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-04-08 108048]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-09-08 102912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-04-13 3074528]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-08-19 119408]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver; C:\Windows\system32\DRIVERS\JME.sys [2010-10-05 113632]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2009-05-13 14392]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-08-20 1760384]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-04-29 30464]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\BatteryCare\WinRing0.sys [2008-07-26 14416]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-09-24 102416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\BLANKA~1\AppData\Local\Temp\catchme.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2013-04-29 40776]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2010-09-30 303744]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-22 176128]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-26 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-30 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-26 116648]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-25 1343400]

-----------------EOF-----------------

[Márty84]

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
AdobeARMservice
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

[chytkova1979]

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: B lanka
->Temp folder emptied: 910 bytes
->Temporary Internet Files folder emptied: 5309663 bytes
->Google Chrome cache emptied: 6800043 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 22953345 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 33,00 mb


[EMPTYFLASH]

User: All Users

User: B lanka
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.

OTM by OldTimer - Version 3.1.21.0 log created on 05022013_082216

Files moved on Reboot...

Registry entries deleted on Reboot...

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.




3.7.2013 pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975