Dobrý den,
prosím o preventivní kontrolu logu. Pc se mi jeví pomalejší.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Eliška at 2014-05-14 10:41:37
Microsoft Windows 7 Enterprise Service Pack 1
System drive C: has 52 GB (59%) free of 88 GB
Total RAM: 998 MB (13% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:04, on 14.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eliška\Downloads\RSIT.exe
C:\Program Files\trend micro\Eliška.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.alawarhry.cz/?pid=6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.alawarhry.cz/?pid=6
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - C:\Users\ELIKA~1\AppData\Local\Temp\f5tmp\cachecleaner.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6853 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3621528751-113829383-3647307772-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3621528751-113829383-3647307772-1000UA.job
C:\Windows\tasks\HP Photo Creations Communicator.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-06 597816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
""= []
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2012-09-13 1009288]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-06 3854640]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-05 136176]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-02-10 20922016]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm
"SENTINEL"=snti386.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-05-14 10:28:23 ----D---- C:\Program Files\trend micro
2014-05-14 10:28:22 ----D---- C:\rsit
2014-05-07 20:27:29 ----A---- C:\Windows\system32\mshtml.dll
2014-05-07 10:54:53 ----SD---- C:\Windows\system32\CompatTel
2014-05-06 16:35:20 ----A---- C:\Windows\system32\vbscript.dll
2014-05-06 16:35:18 ----A---- C:\Windows\system32\ieui.dll
2014-05-06 16:35:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 16:35:05 ----A---- C:\Windows\system32\ieapfltr.dll
2014-05-06 16:35:02 ----A---- C:\Windows\system32\msrating.dll
2014-05-06 16:35:01 ----A---- C:\Windows\system32\msfeeds.dll
2014-05-06 16:35:01 ----A---- C:\Windows\system32\jsproxy.dll
2014-05-06 16:34:59 ----A---- C:\Windows\system32\dxtmsft.dll
2014-05-06 16:34:58 ----A---- C:\Windows\system32\dxtrans.dll
2014-05-06 16:34:57 ----A---- C:\Windows\system32\ie4uinit.exe
2014-05-06 16:34:56 ----A---- C:\Windows\system32\ieUnatt.exe
2014-05-06 16:34:56 ----A---- C:\Windows\system32\iesetup.dll
2014-05-06 16:34:56 ----A---- C:\Windows\system32\iernonce.dll
2014-05-06 16:34:54 ----A---- C:\Windows\system32\jscript9diag.dll
2014-05-06 16:34:54 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 16:34:54 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-05-06 16:34:54 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-05-06 16:34:53 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 16:34:45 ----A---- C:\Windows\system32\iertutil.dll
2014-05-06 16:34:43 ----A---- C:\Windows\system32\wininet.dll
2014-05-06 16:34:43 ----A---- C:\Windows\system32\urlmon.dll
2014-05-06 16:34:39 ----A---- C:\Windows\system32\ieframe.dll
2014-05-06 16:34:26 ----A---- C:\Windows\system32\jscript9.dll
2014-05-06 13:30:09 ----A---- C:\Windows\system32\aepdu.dll
2014-05-06 13:30:07 ----A---- C:\Windows\system32\aeinv.dll
======List of files/folders modified in the last 1 month======
2014-05-14 10:41:42 ----D---- C:\Windows\Temp
2014-05-14 10:29:23 ----D---- C:\Windows\System32
2014-05-14 10:29:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-14 10:29:22 ----D---- C:\Windows\inf
2014-05-14 10:28:23 ----RD---- C:\Program Files
2014-05-14 10:23:25 ----D---- C:\Users\Eliška\AppData\Roaming\Skype
2014-05-14 10:22:58 ----D---- C:\Windows\system32\config
2014-05-13 13:17:57 ----D---- C:\Windows\Prefetch
2014-05-11 19:01:40 ----SHD---- C:\System Volume Information
2014-05-07 20:27:48 ----D---- C:\Windows\system32\catroot
2014-05-07 20:27:46 ----D---- C:\Windows\winsxs
2014-05-07 12:22:57 ----D---- C:\Windows\rescache
2014-05-07 10:54:53 ----D---- C:\Windows\PolicyDefinitions
2014-05-07 10:54:52 ----D---- C:\Windows\system32\en-US
2014-05-07 10:54:52 ----D---- C:\Windows\system32\cs-CZ
2014-05-07 10:54:51 ----D---- C:\Program Files\Internet Explorer
2014-05-06 16:35:49 ----D---- C:\Windows\system32\catroot2
2014-04-29 23:15:41 ----A---- C:\Windows\system32\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-04-06 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-04-06 180760]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-04-06 81768]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-04-06 776976]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-04-06 411552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-04-06 67824]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-04-06 67264]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-14 211456]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\Windows\system32\drivers\es1371mp.sys [2002-06-03 40832]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
R3 USBET;USB 2.0 WebCAM; C:\Windows\system32\DRIVERS\ETdrv.sys [2010-11-29 5116544]
S1 MpKslcee61ac2;MpKslcee61ac2; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55FA2423-BDD4-4767-9C0E-F658030A3F51}\MpKslcee61ac2.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 kvnet;Kerio Virtual Network Adapter; C:\Windows\system32\DRIVERS\kvnet.sys [2010-10-25 33328]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 Sntnlusb;Rainbow USB SuperPro; C:\Windows\system32\DRIVERS\SNTNLUSB.SYS [2001-06-22 20032]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 tyspojjh;tyspojjh; C:\Windows\system32\drivers\tyspojjh.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-06 50344]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29 257712]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 108032]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-05 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Děkuji.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivka
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: Preventivka
ahoj
Presun ComboFix
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
uloz vytvoreny textovy soubor ako CFScript.txt na plochu
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
+ odinstaluj MSE
Presun ComboFix
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
Kód: Vybrat vše
Driver::
tyspojjh
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
+ odinstaluj MSE
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Preventivka
Tak tady je ten log, snad je to správně, hned po stažení Combo Fixu se vytvořil jeden log po proskenování PC, pak jsem přetáhla ten Poznámkový blok dle rady. Toto je výsledek:
ComboFix 14-05-13.01 - Eliška 14.05.2014 11:58:41.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.998.281 [GMT 2:00]
Spuštěný z: c:\users\EliÜka\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\EliÜka\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-14 do 2014-05-14 )))))))))))))))))))))))))))))))
.
.
2014-05-14 10:12 . 2014-05-14 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-14 08:41 . 2014-05-14 08:41 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89782CB-8ADC-46EC-8B66-D8636DD7AEC7}\offreg.dll
2014-05-14 08:31 . 2014-05-02 09:16 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15EF77A7-7BD3-4DA6-B5EA-CD23723A1B6C}\gapaengine.dll
2014-05-14 08:28 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89782CB-8ADC-46EC-8B66-D8636DD7AEC7}\mpengine.dll
2014-05-14 08:28 . 2014-05-14 08:42 -------- d-----w- c:\program files\trend micro
2014-05-14 08:28 . 2014-05-14 08:42 -------- d-----w- C:\rsit
2014-05-12 11:30 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-08 11:22 . 2014-05-02 09:16 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF6C7A03-337E-465E-8C40-5B265F4922DA}\gapaengine.dll
2014-05-07 18:27 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-07 08:54 . 2014-05-07 08:54 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 14:35 . 2014-03-06 08:02 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-05-06 14:35 . 2014-03-06 05:50 257536 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-05-06 14:35 . 2014-03-08 01:59 235216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-05-06 14:35 . 2014-03-06 08:31 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-06 14:35 . 2014-03-06 05:31 271360 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2014-05-06 14:35 . 2014-03-06 08:13 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-05-06 11:30 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 11:30 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 09:15 . 2013-02-28 15:06 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 09:15 . 2013-02-28 15:06 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-02 09:16 . 2011-03-25 10:43 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-06 11:32 . 2014-02-17 19:36 67264 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-06 11:32 . 2014-02-17 19:36 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-06 11:32 . 2014-02-17 19:36 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-06 11:32 . 2014-02-17 19:36 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-06 11:32 . 2014-02-17 19:36 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-06 11:32 . 2014-02-17 19:36 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-06 11:32 . 2014-02-17 19:36 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-06 11:32 . 2014-04-06 11:32 43152 ----a-w- c:\windows\avastSS.scr
2014-04-06 11:32 . 2014-02-17 19:36 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-11 07:52 . 2010-10-24 20:25 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-13 17:36 . 2014-02-13 17:36 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-02-13 17:36 . 2014-02-13 17:36 421200 ----a-w- c:\windows\system32\msvcp100.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-06 11:32 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-06 3854640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\DRIVERS\kvnet.sys [2010-10-25 33328]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-04-06 776976]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-04-06 411552]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-04-06 67824]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-04-06 67264]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL5E134785
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 09:15]
.
2014-05-14 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-03-01 09:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.alawarhry.cz/?pid=6
mStart Page = hxxp://start.alawarhry.cz/?pid=6
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-05-14 12:15:55
ComboFix-quarantined-files.txt 2014-05-14 10:15
ComboFix2.txt 2014-05-14 09:49
.
Před spuštěním: Volných bajtů: 54 349 258 752
Po spuštění: Volných bajtů: 54 168 551 424
.
- - End Of File - - 3C5BD1925983F5ADC04D04215282EF53
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-05-13.01 - Eliška 14.05.2014 11:58:41.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.998.281 [GMT 2:00]
Spuštěný z: c:\users\EliÜka\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\EliÜka\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-14 do 2014-05-14 )))))))))))))))))))))))))))))))
.
.
2014-05-14 10:12 . 2014-05-14 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-14 08:41 . 2014-05-14 08:41 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89782CB-8ADC-46EC-8B66-D8636DD7AEC7}\offreg.dll
2014-05-14 08:31 . 2014-05-02 09:16 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15EF77A7-7BD3-4DA6-B5EA-CD23723A1B6C}\gapaengine.dll
2014-05-14 08:28 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89782CB-8ADC-46EC-8B66-D8636DD7AEC7}\mpengine.dll
2014-05-14 08:28 . 2014-05-14 08:42 -------- d-----w- c:\program files\trend micro
2014-05-14 08:28 . 2014-05-14 08:42 -------- d-----w- C:\rsit
2014-05-12 11:30 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-08 11:22 . 2014-05-02 09:16 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF6C7A03-337E-465E-8C40-5B265F4922DA}\gapaengine.dll
2014-05-07 18:27 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-07 08:54 . 2014-05-07 08:54 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 14:35 . 2014-03-06 08:02 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-05-06 14:35 . 2014-03-06 05:50 257536 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-05-06 14:35 . 2014-03-08 01:59 235216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-05-06 14:35 . 2014-03-06 08:31 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-06 14:35 . 2014-03-06 05:31 271360 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2014-05-06 14:35 . 2014-03-06 08:13 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-05-06 11:30 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 11:30 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 09:15 . 2013-02-28 15:06 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 09:15 . 2013-02-28 15:06 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-02 09:16 . 2011-03-25 10:43 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-06 11:32 . 2014-02-17 19:36 67264 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-06 11:32 . 2014-02-17 19:36 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-06 11:32 . 2014-02-17 19:36 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-06 11:32 . 2014-02-17 19:36 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-06 11:32 . 2014-02-17 19:36 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-06 11:32 . 2014-02-17 19:36 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-06 11:32 . 2014-02-17 19:36 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-06 11:32 . 2014-04-06 11:32 43152 ----a-w- c:\windows\avastSS.scr
2014-04-06 11:32 . 2014-02-17 19:36 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-11 07:52 . 2010-10-24 20:25 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-13 17:36 . 2014-02-13 17:36 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-02-13 17:36 . 2014-02-13 17:36 421200 ----a-w- c:\windows\system32\msvcp100.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-06 11:32 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-06 3854640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\DRIVERS\kvnet.sys [2010-10-25 33328]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-04-06 776976]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-04-06 411552]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-04-06 67824]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-04-06 67264]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL5E134785
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 09:15]
.
2014-05-14 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-03-01 09:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.alawarhry.cz/?pid=6
mStart Page = hxxp://start.alawarhry.cz/?pid=6
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-05-14 12:15:55
ComboFix-quarantined-files.txt 2014-05-14 10:15
ComboFix2.txt 2014-05-14 09:49
.
Před spuštěním: Volných bajtů: 54 349 258 752
Po spuštění: Volných bajtů: 54 168 551 424
.
- - End Of File - - 3C5BD1925983F5ADC04D04215282EF53
A36C5E4F47E84449FF07ED3517B43A31
Re: Preventivka
budes musiet zopakovat akciu ,,,
Použité ovládací přepínače :: c:\users\EliÜka\Desktop\CFScript.txt.txt
spravne ma byt CFScript.txt
Použité ovládací přepínače :: c:\users\EliÜka\Desktop\CFScript.txt.txt
spravne ma byt CFScript.txt
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Preventivka
OK, jdu na to
Re: Preventivka
Druhý pokus:
ComboFix 14-05-13.01 - Eliška 14.05.2014 13:25:39.3.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.998.246 [GMT 2:00]
Spuštěný z: c:\users\EliÜka\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\EliÜka\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-14 do 2014-05-14 )))))))))))))))))))))))))))))))
.
.
2014-05-14 11:40 . 2014-05-14 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-14 11:14 . 2014-05-14 11:15 17938608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-05-14 09:49 . 2014-05-14 11:40 -------- d-----w- c:\users\Eliška\AppData\Local\temp
2014-05-14 09:27 . 2014-05-14 09:27 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89782CB-8ADC-46EC-8B66-D8636DD7AEC7}\MpKsl5e134785.sys
2014-05-14 08:41 . 2014-05-14 08:41 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89782CB-8ADC-46EC-8B66-D8636DD7AEC7}\offreg.dll
2014-05-14 08:31 . 2014-05-02 09:16 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15EF77A7-7BD3-4DA6-B5EA-CD23723A1B6C}\gapaengine.dll
2014-05-14 08:28 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89782CB-8ADC-46EC-8B66-D8636DD7AEC7}\mpengine.dll
2014-05-14 08:28 . 2014-05-14 08:42 -------- d-----w- c:\program files\trend micro
2014-05-14 08:28 . 2014-05-14 08:42 -------- d-----w- C:\rsit
2014-05-12 11:30 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-08 11:22 . 2014-05-02 09:16 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF6C7A03-337E-465E-8C40-5B265F4922DA}\gapaengine.dll
2014-05-07 18:27 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-07 08:54 . 2014-05-07 08:54 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 14:35 . 2014-03-06 08:02 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-05-06 14:35 . 2014-03-06 05:50 257536 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-05-06 14:35 . 2014-03-08 01:59 235216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-05-06 14:35 . 2014-03-06 08:31 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-06 14:35 . 2014-03-06 05:31 271360 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2014-05-06 14:35 . 2014-03-06 08:13 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-05-06 11:30 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 11:30 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 11:15 . 2013-02-28 15:06 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 11:15 . 2013-02-28 15:06 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-02 09:16 . 2011-03-25 10:43 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-06 11:32 . 2014-02-17 19:36 67264 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-06 11:32 . 2014-02-17 19:36 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-06 11:32 . 2014-02-17 19:36 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-06 11:32 . 2014-02-17 19:36 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-06 11:32 . 2014-02-17 19:36 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-06 11:32 . 2014-02-17 19:36 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-06 11:32 . 2014-02-17 19:36 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-06 11:32 . 2014-04-06 11:32 43152 ----a-w- c:\windows\avastSS.scr
2014-04-06 11:32 . 2014-02-17 19:36 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-11 07:52 . 2010-10-24 20:25 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-13 17:36 . 2014-02-13 17:36 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-02-13 17:36 . 2014-02-13 17:36 421200 ----a-w- c:\windows\system32\msvcp100.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-06 11:32 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-06 3854640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\DRIVERS\kvnet.sys [2010-10-25 33328]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-04-06 776976]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-04-06 411552]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-04-06 67824]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-04-06 67264]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL5E134785
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 11:15]
.
2014-05-14 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-03-01 09:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.alawarhry.cz/?pid=6
mStart Page = hxxp://start.alawarhry.cz/?pid=6
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-05-14 13:42:54
ComboFix-quarantined-files.txt 2014-05-14 11:42
ComboFix2.txt 2014-05-14 10:15
ComboFix3.txt 2014-05-14 09:49
.
Před spuštěním: Volných bajtů: 54 707 912 704
Po spuštění: Volných bajtů: 54 657 929 216
.
- - End Of File - - CAB6537382AFBFD9450E5A3D79EC8DF0
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-05-13.01 - Eliška 14.05.2014 13:25:39.3.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.998.246 [GMT 2:00]
Spuštěný z: c:\users\EliÜka\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\EliÜka\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-14 do 2014-05-14 )))))))))))))))))))))))))))))))
.
.
2014-05-14 11:40 . 2014-05-14 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-14 11:14 . 2014-05-14 11:15 17938608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-05-14 09:49 . 2014-05-14 11:40 -------- d-----w- c:\users\Eliška\AppData\Local\temp
2014-05-14 09:27 . 2014-05-14 09:27 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89782CB-8ADC-46EC-8B66-D8636DD7AEC7}\MpKsl5e134785.sys
2014-05-14 08:41 . 2014-05-14 08:41 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89782CB-8ADC-46EC-8B66-D8636DD7AEC7}\offreg.dll
2014-05-14 08:31 . 2014-05-02 09:16 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15EF77A7-7BD3-4DA6-B5EA-CD23723A1B6C}\gapaengine.dll
2014-05-14 08:28 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89782CB-8ADC-46EC-8B66-D8636DD7AEC7}\mpengine.dll
2014-05-14 08:28 . 2014-05-14 08:42 -------- d-----w- c:\program files\trend micro
2014-05-14 08:28 . 2014-05-14 08:42 -------- d-----w- C:\rsit
2014-05-12 11:30 . 2014-04-16 09:25 8050496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-08 11:22 . 2014-05-02 09:16 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF6C7A03-337E-465E-8C40-5B265F4922DA}\gapaengine.dll
2014-05-07 18:27 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-07 08:54 . 2014-05-07 08:54 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 14:35 . 2014-03-06 08:02 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-05-06 14:35 . 2014-03-06 05:50 257536 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-05-06 14:35 . 2014-03-08 01:59 235216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-05-06 14:35 . 2014-03-06 08:31 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-06 14:35 . 2014-03-06 05:31 271360 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2014-05-06 14:35 . 2014-03-06 08:13 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-05-06 11:30 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 11:30 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 11:15 . 2013-02-28 15:06 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 11:15 . 2013-02-28 15:06 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-02 09:16 . 2011-03-25 10:43 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-06 11:32 . 2014-02-17 19:36 67264 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-06 11:32 . 2014-02-17 19:36 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-06 11:32 . 2014-02-17 19:36 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-06 11:32 . 2014-02-17 19:36 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-06 11:32 . 2014-02-17 19:36 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-06 11:32 . 2014-02-17 19:36 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-06 11:32 . 2014-02-17 19:36 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-06 11:32 . 2014-04-06 11:32 43152 ----a-w- c:\windows\avastSS.scr
2014-04-06 11:32 . 2014-02-17 19:36 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-11 07:52 . 2010-10-24 20:25 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-13 17:36 . 2014-02-13 17:36 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-02-13 17:36 . 2014-02-13 17:36 421200 ----a-w- c:\windows\system32\msvcp100.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-06 11:32 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-06 3854640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\DRIVERS\kvnet.sys [2010-10-25 33328]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-04-06 776976]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-04-06 411552]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-04-06 67824]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-04-06 67264]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL5E134785
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 11:15]
.
2014-05-14 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-03-01 09:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.alawarhry.cz/?pid=6
mStart Page = hxxp://start.alawarhry.cz/?pid=6
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-05-14 13:42:54
ComboFix-quarantined-files.txt 2014-05-14 11:42
ComboFix2.txt 2014-05-14 10:15
ComboFix3.txt 2014-05-14 09:49
.
Před spuštěním: Volných bajtů: 54 707 912 704
Po spuštění: Volných bajtů: 54 657 929 216
.
- - End Of File - - CAB6537382AFBFD9450E5A3D79EC8DF0
A36C5E4F47E84449FF07ED3517B43A31
Re: Preventivka
OK
1. premenuj Combofix na Uninstall a spust - prebehne odinstalacia CF
2. mas tam 2 AV
doporucujem Microsoft Security Essentials odinstalovat
1. premenuj Combofix na Uninstall a spust - prebehne odinstalacia CF
2. mas tam 2 AV
doporucujem Microsoft Security Essentials odinstalovatFRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Preventivka
CF odinstalace provedena, MS Security Essencials odinstalováno též
Re: Preventivka
tak myslim, ze to mas OK
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Preventivka
oooooo rado sa stalo
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?