vyskakovaci stranky

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj"

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.



Dále smažte cache v chrome.

[cica18]

bohuzel furt to same v chrome

ComboFix 13-07-08.04 - Marketa 08.07.2013 22:03:59.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3066.844 [GMT 2:00]
Spuštěný z: c:\users\Marketa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marketa\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleanup.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-08 do 2013-07-08 )))))))))))))))))))))))))))))))
.
.
2013-07-08 20:20 . 2013-07-08 20:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-08 20:20 . 2013-07-08 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-08 12:33 . 2013-07-08 20:20 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA7BE760-8BEB-481E-B559-C5CCBC393275}\offreg.dll
2013-07-07 21:04 . 2013-07-07 21:04 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-07-06 09:58 . 2013-07-06 09:58 -------- d-----w- C:\rsit
2013-07-05 07:47 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA7BE760-8BEB-481E-B559-C5CCBC393275}\mpengine.dll
2013-07-04 01:50 . 2013-07-04 01:50 -------- d-----w- c:\users\Marketa\AppData\Local\AVG SafeGuard toolbar
2013-07-04 01:50 . 2013-07-04 01:49 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-04 01:49 . 2013-07-04 01:50 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-07-04 01:49 . 2013-07-04 01:50 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-07-04 01:49 . 2013-07-04 01:49 -------- d--h--w- c:\programdata\Common Files
2013-07-03 19:40 . 2013-07-03 19:40 -------- d-----w- c:\users\Marketa\AppData\Local\CRE
2013-07-02 19:27 . 2013-07-02 21:52 -------- d-----w- C:\sh4ldr
2013-07-02 19:27 . 2013-07-02 19:27 -------- d-----w- c:\program files\Enigma Software Group
2013-07-02 19:24 . 2013-07-02 19:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-06-21 08:21 . 2013-06-21 08:21 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-06-13 04:07 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-13 04:07 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 20:46 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 20:46 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 20:46 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 20:46 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 20:46 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 20:46 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 20:46 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 20:46 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 20:46 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 20:46 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 20:46 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 20:46 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 20:03 . 2013-03-01 22:39 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 20:03 . 2011-09-14 09:28 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 20:03 . 2011-09-14 09:28 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-16 13:47 . 2012-04-02 03:04 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-16 13:47 . 2011-09-26 18:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-22 03:07 . 2013-05-22 03:07 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-22 03:07 . 2013-05-22 03:07 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-22 03:07 . 2013-05-22 03:07 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-05-22 03:07 . 2013-05-22 03:07 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-05-22 03:07 . 2013-05-22 03:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-22 03:07 . 2013-05-22 03:07 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-05-22 03:07 . 2013-05-22 03:07 361984 ----a-w- c:\windows\system32\html.iec
2013-05-22 03:07 . 2013-05-22 03:07 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-05-22 03:07 . 2013-05-22 03:07 158720 ----a-w- c:\windows\system32\msls31.dll
2013-05-22 03:07 . 2013-05-22 03:07 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-05-22 03:07 . 2013-05-22 03:07 138752 ----a-w- c:\windows\system32\wextract.exe
2013-05-22 03:07 . 2013-05-22 03:07 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-22 03:07 . 2013-05-22 03:07 12800 ----a-w- c:\windows\system32\mshta.exe
2013-05-22 03:07 . 2013-05-22 03:07 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-22 03:07 . 2013-05-22 03:07 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-22 03:07 . 2013-05-22 03:07 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-22 03:07 . 2013-05-22 03:07 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-09 08:59 . 2013-03-01 22:39 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-02-25 21:34 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2011-09-14 09:28 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-09-14 09:28 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2011-09-14 09:28 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-09-14 09:28 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-09-14 09:28 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-09 08:33 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-09-23 15:07 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-15 03:17 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 03:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:55 . 2011-11-10 18:06 21720 ----a-w- c:\windows\help\OEM\Scripts\PSGRedirector.exe
2013-04-12 13:45 . 2013-04-23 17:06 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 03:17 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 03:17 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 03:17 2347520 ----a-w- c:\windows\system32\win32k.sys
2010-01-26 09:11 . 2011-10-07 17:16 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2007-02-16 13:17 . 2007-02-16 13:17 3792183 ----a-w- c:\program files\face2face.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-07-07 21:04 3055280 ----a-w- c:\program files\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll" [2013-07-07 3055280]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2013-04-11 90624]
"GoogleChromeAutoLaunch_60AD4DAC0E14AC9C614E8CCC3E8C71F8"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-06-15 825808]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-07 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-07-07 2236080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Marketa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Marketa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Marketa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
path=c:\users\Marketa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2009-06-03 14:13 400936 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acevents]
2009-06-03 14:16 153640 ----a-w- c:\program files\ActivIdentity\ActivClient\acevents.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\actSessionUI32.exe]
2012-10-18 20:00 59064 ----a-w- c:\program files\ActivityMon Software\ActivityMon\actSessionUI32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2009-07-23 09:05 24848 ----a-w- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-03-27 14:18 1098072 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_60AD4DAC0E14AC9C614E8CCC3E8C71F8]
2013-06-15 01:28 825808 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2009-07-16 00:51 1668664 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-25 17:57 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 19:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-07-14 13:45 279552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2009-07-30 11:28 354360 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-07-27 22:49 288312 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-03-18 15:47 448736 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2009-05-18 11:29 3866624 ----a-w- c:\program files\Analog Devices\SoundMAX\SoundMAX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-05-18 21:28 1314816 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-06-04 00:17 1791272 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 18:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-07-12 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-07-12 11136]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-07-30 45056]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-07-12 89856]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-07-12 26624]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-07-12 182272]
R3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-07-20 5958656]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-17 1343400]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-10-01 76768]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-06-05 436792]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-07-04 37664]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-07 232512]
S1 RsvLock;RsvLock; [x]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 ActivityMon2;ActivityMon;c:\program files\ActivityMon Software\ActivityMon\svchost.exe [2012-10-18 80568]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-27 185688]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 RipCore;RipCore;c:\program files\Fawkes Engineering\AccuRIP\RipCore.exe [2012-09-20 2108352]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [2012-09-07 587472]
S2 VmbService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-07-14 9216]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-07-04 1598128]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-06-30 12:01 118656]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-07-12 73344]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 21:20 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = local
TCP: DhcpNameServer = 10.0.0.138 192.168.1.1
TCP: Interfaces\{080FA4BF-28B2-4E7A-A306-E06364A2E9F9}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{58A95CB5-18F8-4B18-929F-C7A966324B11}: NameServer = 217.77.165.81 217.77.161.131
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
Binary file temp00 matches
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2684)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\ActivityMon Software\ActivityMon\rundll32.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2013-07-08 22:29:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-07-08 20:29
ComboFix2.txt 2013-07-07 21:42
.
Před spuštěním: Volných bajtů: 10 449 313 792
Po spuštění: Volných bajtů: 10 360 090 624
.
- - End Of File - - 375373C9AF2A621961B77E76B24DB725
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Log je již OK. Stáhněte, nainstalujte, updatujte a spusťte Superantispyware: http://www.stahuj.centrum.cz/utility_a_ ... tispyware/ , proveďte sken a smažte vše, co najde.

[cica18]

provedeno, ale situace se nelepsi....jedina zmena je ze malware ted hlasi uz i avast......stranka ktera mi vyskakuje je http://reward-zone.cartrailor.com/?sov= ... ctrl1=nodl

[Rudy]

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

[cica18]

nic nenasel

[Rudy]

Zksute na to pustit SuperAntispyware: http://www.stahuj.centrum.cz/utility_a_ ... tispyware/ . Smažte vše, co najde.

[cica18]

vse smazano, stranka v chromu stale vyskakuje

[Rudy]

Zazálohujte chrome pomocí ChromeBackup: http://www.stahuj.centrum.cz/internet_a ... me-backup/ . Pak chrome odinstalujte vč. smazání jeho profilu. Nainstalujte znovu a ze zálohy pak nakopírujte jen záložky.