vypínání antivirového programu

[Rudy]

Předem nic nemažte.

Psal jsem vám jasně, abyste před mazáním čehokoli sem dal log. Je to proto, abychom minimalizovali smazání něčeho regulérního. MBAM občas má falešné detekce. Pokud jste si smazal něco regulérní, je to vaše věc. Log vypadá takto: http://forum.viry.cz/viewtopic.php?f=13 ... m#p1420785 a kompletní návod na program je zde:
http://forum.viry.cz/viewtopic.php?f=29&t=144868 .

[levhart48]

Omlouvám se, špatně jsem vás pochopil.. Chod PC jde pořád stejně, ale ten antivirus se pořád sám vypíná. Tak mám znovu oskenovat systém MBAM a dát log? Teď už ale asi nic nenajde..

[Rudy]

Asi takto: Dal jsem vám tento pokyn:

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Vy píšete, že jste nalezené hrozby smazal. Toto jsem vám určitě nedoporučil, protože MBAM má občas falešné detekce. Smazáním byste si mohl poškodit některou aplikaci. proto jsem chtěl log před smazaním vidět, abych vás mohl případně upozornit na to, co eventuálně nemáte mazat.

Teď zkuste ten antivir, který se vypíná, přeinstalovat.

[levhart48]

Tak včera jsem ho přeinstaloval, dnes zapnu PC, antivirus je zapnutý, ale asi po dvou minutách se vypne. Nevím proč

[Rudy]

Zkusíme proskenovat ComboFixem:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[levhart48]

Tak oskenováno a tady je log..
ComboFix 15-10-06.01 - xxx_xxx . 10. 2015 14:27:29.2.4 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3976.2628 [GMT 2:00]
Spuštěný z: c:\users\xxx.xxx\Documents\UZITECNE_SS\ComboFix.exe
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xxx.xxx\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\XXX~1.XXX\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-24 do 2015-10-24 )))))))))))))))))))))))))))))))
.
.
2015-10-24 12:38 . 2015-10-24 12:38 -------- d-----w- c:\users\xxx.xxx\AppData\Local\temp
2015-10-24 12:38 . 2015-10-24 12:38 -------- d-----w- c:\users\xxx_xxx\AppData\Local\temp
2015-10-24 12:38 . 2015-10-24 12:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-22 19:10 . 2015-10-22 19:20 -------- d-----w- c:\programdata\SystemExplorer
2015-10-22 19:10 . 2015-10-22 19:10 -------- d-----w- c:\program files (x86)\System Explorer
2015-10-20 17:04 . 2015-10-22 19:12 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\WinPatrol
2015-10-18 14:23 . 2015-10-18 14:23 885504 ----a-w- c:\windows\system32\drivers\Rt630x64.sys
2015-10-18 14:23 . 2015-10-18 14:23 82544 ----a-w- c:\windows\system32\RtNicProp64.dll
2015-10-18 14:21 . 2015-10-18 14:21 599208 ----a-w- c:\windows\system32\drivers\SynTP.sys
2015-10-18 14:21 . 2015-10-18 14:21 256168 ----a-w- c:\windows\system32\SynTPAPI.dll
2015-10-18 14:21 . 2015-10-18 14:21 212136 ----a-w- c:\windows\system32\SynTPCo20.dll
2015-10-18 14:21 . 2015-10-18 14:21 409256 ----a-w- c:\windows\SysWow64\SynCom.dll
2015-10-18 14:21 . 2015-10-18 14:21 201416 ----a-w- c:\windows\system32\pca-manta.bin
2015-10-18 14:20 . 2015-10-18 14:20 78496 ----a-w- c:\windows\SPRemove_x64.exe
2015-10-18 14:20 . 2015-10-18 14:20 68984 ----a-w- c:\windows\system32\DextUVCB_x64.ax
2015-10-18 14:20 . 2015-10-18 14:20 674592 ----a-w- c:\windows\system32\drivers\SPUVCBv_x64.sys
2015-10-18 14:20 . 2015-10-18 14:20 63864 ----a-w- c:\windows\SysWow64\DextUVCB.ax
2015-10-18 14:20 . 2015-10-18 14:20 384672 ----a-w- c:\windows\system32\VCamPPage_x64.dll
2015-10-18 14:20 . 2015-10-18 14:20 328352 ----a-w- c:\windows\system32\CoInstaller_x64.dll
2015-10-18 14:20 . 2015-10-18 14:20 321184 ----a-w- c:\windows\SysWow64\VCamPPage.dll
2015-10-18 14:20 . 2015-10-18 14:20 103640 ----a-w- c:\windows\un_dext.exe
2015-10-18 14:20 . 2015-10-18 14:20 1205448 ----a-w- c:\windows\system32\drivers\rtbth.sys
2015-10-18 14:20 . 2015-10-18 14:20 40958 ----a-w- c:\windows\system32\drivers\rt3298.bin
2015-10-18 14:20 . 2015-10-18 14:20 2536648 ----a-w- c:\windows\system32\drivers\netr28x.sys
2015-10-18 14:19 . 2015-10-18 14:18 697856 ------w- c:\windows\system32\stapi64.dll
2015-10-18 14:18 . 2015-10-18 14:18 551936 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2015-10-18 14:18 . 2015-10-18 14:18 499200 ----a-w- c:\windows\system32\stcplx64.dll
2015-10-18 14:18 . 2015-10-18 14:18 256000 ----a-w- c:\windows\system32\st646499.dll
2015-10-18 14:18 . 2015-10-18 14:18 2213376 ----a-w- c:\windows\system32\stapo64.dll
2015-10-18 14:17 . 2015-10-18 14:17 2276560 ----a-w- c:\windows\system32\coin95ip.dll
2015-10-18 14:17 . 2015-10-18 14:17 50896 ----a-w- c:\windows\system32\drivers\point64.sys
2015-10-18 14:15 . 2015-10-18 14:15 49584 ----a-w- c:\windows\system32\drivers\IvtUrbBtFlt.sys
2015-10-18 14:11 . 2015-10-18 14:11 184608 ----a-w- c:\windows\system32\drivers\TeeDriverW8x64.sys
2015-10-18 13:26 . 2015-10-18 13:26 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\ProductData
2015-10-18 13:23 . 2015-01-10 13:32 128288 ----a-w- c:\windows\SysWow64\IObitSmartDefragExtension.dll
2015-10-18 13:22 . 2015-10-18 13:22 -------- d-----w- c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-10-18 13:22 . 2015-10-18 13:22 -------- d-----w- c:\program files (x86)\Common Files\IObit
2015-10-18 13:21 . 2015-10-18 13:21 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\Apple Computer
2015-10-18 13:21 . 2015-10-18 13:25 -------- d-----w- c:\programdata\ProductData
2015-10-18 13:21 . 2015-10-18 13:21 -------- d-----w- c:\users\xxx_xxx\AppData\Roaming\IObit
2015-10-18 13:20 . 2015-10-18 13:20 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-10-16 20:36 . 2015-10-24 12:42 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-16 20:36 . 2015-10-05 07:50 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-16 20:36 . 2015-10-05 07:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-16 20:36 . 2015-10-05 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-16 20:36 . 2015-10-16 21:15 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-16 20:36 . 2015-10-16 20:36 -------- d-----w- c:\programdata\Malwarebytes
2015-10-15 14:48 . 2015-09-18 15:09 32432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 14:48 . 2015-09-18 13:30 699904 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 14:48 . 2015-09-18 13:30 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 14:48 . 2015-09-18 13:30 503296 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 14:48 . 2015-09-18 13:30 1290752 ----a-w- c:\windows\system32\appraiser.dll
2015-10-15 14:48 . 2015-09-18 13:30 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 14:48 . 2015-09-18 13:10 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-10-15 14:47 . 2015-09-29 03:33 6971224 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-15 14:47 . 2015-09-22 17:53 1405408 ----a-w- c:\windows\system32\winload.efi
2015-10-15 14:47 . 2015-09-22 17:53 1273184 ----a-w- c:\windows\system32\winload.exe
2015-10-15 14:47 . 2015-10-01 23:55 1043968 ----a-w- c:\windows\system32\usercpl.dll
2015-10-15 14:47 . 2015-10-01 23:55 588800 ----a-w- c:\windows\system32\SHCore.dll
2015-10-15 14:47 . 2015-09-29 02:02 961536 ----a-w- c:\windows\SysWow64\usercpl.dll
2015-10-15 14:47 . 2015-09-29 02:02 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2015-10-15 14:47 . 2015-09-29 02:01 668160 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-10-15 14:45 . 2015-08-01 13:56 19778048 ----a-w- c:\windows\system32\shell32.dll
2015-10-13 20:24 . 2015-10-13 20:24 -------- d-----w- C:\_OTM
2015-10-12 20:00 . 2015-10-12 20:00 -------- d-----w- c:\users\xxx.xxx\AppData\Local\AviraSpeedup
2015-10-12 19:37 . 2015-10-13 20:40 -------- d-----w- c:\program files\trend micro
2015-10-12 19:37 . 2015-10-12 19:37 -------- d-----w- C:\rsit
2015-10-06 19:05 . 2015-10-06 19:32 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\Avira
2015-10-06 19:03 . 2015-10-07 16:53 74440 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-10-06 19:03 . 2015-10-07 16:53 137800 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-10-06 19:03 . 2015-10-06 19:28 148632 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-10-06 19:03 . 2015-02-04 15:51 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-10-06 19:03 . 2015-10-10 14:25 -------- d-----w- c:\program files (x86)\Avira
2015-10-04 19:25 . 2015-10-04 19:25 -------- d-----w- c:\users\xxx.xxx\AppData\Local\Apps
2015-10-04 19:25 . 2015-10-04 19:26 -------- d-----w- c:\users\xxx.xxx\AppData\Local\Deployment
2015-10-04 17:35 . 2015-10-04 17:35 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F21111-7394-43C4-BC6E-578841D86666}\offreg.3040.dll
2015-10-04 17:32 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F21111-7394-43C4-BC6E-578841D86666}\mpengine.dll
2015-10-04 12:37 . 2015-10-04 15:13 -------- d-----w- c:\users\Xxx
2015-10-02 16:09 . 2015-10-02 16:09 -------- d-----w- c:\users\xxx.xxx\AppData\Local\IsolatedStorage
2015-10-02 16:08 . 2015-10-04 18:10 -------- d-----w- c:\programdata\Norton
2015-10-02 16:07 . 2015-10-04 17:23 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\ImperiaOnline
2015-10-02 14:40 . 2015-10-02 14:40 17314496 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-09-28 11:23 . 2015-08-05 13:52 1624576 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-09-28 11:23 . 2015-08-05 13:52 1326080 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-09-28 11:23 . 2015-08-05 13:52 1278976 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-09-28 11:23 . 2015-08-05 13:52 1313792 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-09-28 11:23 . 2015-08-05 15:03 1032704 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2015-09-27 12:20 . 2015-10-04 17:23 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\Audacity
2015-09-27 12:19 . 2015-09-27 12:20 -------- d-----w- c:\program files (x86)\Audacity
2015-09-27 09:46 . 2015-10-19 16:00 -------- d-----w- c:\program files (x86)\Seznam.cz
2015-09-27 09:44 . 2015-10-19 16:01 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\Seznam.cz
2015-09-27 08:45 . 2015-10-18 13:23 -------- d-----w- c:\programdata\IObit
2015-09-27 08:45 . 2015-01-10 13:32 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2015-09-27 08:45 . 2014-06-04 13:17 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2015-09-27 08:45 . 2014-06-04 13:17 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2015-09-27 08:45 . 2015-10-20 13:39 -------- d-----w- c:\program files (x86)\IObit
2015-09-27 08:45 . 2015-10-18 13:24 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\IObit
2015-09-27 08:39 . 2015-09-27 08:39 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-09-25 18:25 . 2015-10-20 20:17 -------- d-----w- c:\users\xxx.xxx\AppData\Local\UmmyVideoDownloader
2015-09-24 15:43 . 2015-06-24 13:00 1190000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{558D8B51-C1E1-499D-9266-3952EAFE5BE6}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-20 17:41 . 2013-06-28 14:44 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-10-18 14:21 . 2013-10-29 21:28 753320 ----a-w- c:\windows\system32\SynCOM.dll
2015-10-18 14:18 . 2013-07-10 20:20 6154240 ----a-w- c:\windows\system32\stlang64.dll
2015-10-18 14:18 . 2013-07-10 20:20 1703424 ----a-w- c:\windows\sttray64.exe
2015-10-18 14:18 . 2013-07-10 20:20 464384 ----a-w- c:\windows\system32\slapoi64.dll
2015-10-18 14:18 . 2013-07-10 20:20 253952 ----a-w- c:\windows\system32\IDTNJ.exe
2015-10-18 14:18 . 2013-07-10 20:20 2233344 ----a-w- c:\windows\system32\IDTNX.dll
2015-10-18 14:18 . 2013-07-10 20:20 8157184 ----a-w- c:\windows\system32\IDTNHP.dll
2015-10-18 14:18 . 2013-07-10 20:20 8131584 ----a-w- c:\windows\system32\IDTNGUI.exe
2015-10-18 14:18 . 2013-07-10 20:20 1897984 ----a-w- c:\windows\system32\IDTNC64.cpl
2015-10-18 14:18 . 2013-07-10 20:20 224768 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2015-10-16 06:35 . 2014-12-10 21:30 809944 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-16 06:35 . 2014-12-10 21:30 176096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-23 07:30 . 2015-09-23 07:30 52872 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2015-09-12 13:29 . 2015-09-23 13:10 148480 ----a-w- c:\windows\system32\poqexec.exe
2015-09-12 13:29 . 2015-09-23 13:10 122880 ----a-w- c:\windows\system32\VmHostAI.dll
2015-09-12 13:29 . 2015-09-23 13:10 144896 ----a-w- c:\windows\system32\tssdisai.dll
2015-09-12 13:29 . 2015-09-23 13:10 126976 ----a-w- c:\windows\system32\RDWebAI.dll
2015-09-12 13:29 . 2015-09-23 13:10 135680 ----a-w- c:\windows\system32\appserverai.dll
2015-09-02 13:49 . 2015-09-09 11:48 2341376 ----a-w- c:\windows\system32\msxml6.dll
2015-09-02 13:49 . 2015-09-09 11:48 1850880 ----a-w- c:\windows\system32\msxml3.dll
2015-09-02 13:48 . 2015-09-09 11:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 13:38 . 2015-09-09 11:48 1744384 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-09-02 13:38 . 2015-09-09 11:48 1422336 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-09-02 13:38 . 2015-09-09 11:47 35328 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-01 23:25 . 2015-09-09 11:47 4065280 ----a-w- c:\windows\system32\win32k.sys
2015-08-28 21:59 . 2015-09-09 11:47 304128 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:41 . 2015-09-09 11:47 366592 ----a-w- c:\windows\system32\atmfd.dll
2015-08-13 10:49 . 2015-08-19 20:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-13 10:44 . 2015-08-19 20:13 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-05 13:52 . 2015-09-09 11:48 1287680 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-04 14:42 . 2015-09-09 11:48 1229824 ----a-w- c:\windows\SysWow64\Windows.UI.Immersive.dll
2015-08-04 14:42 . 2015-09-09 11:48 8858112 ----a-w- c:\windows\SysWow64\twinui.dll
2015-08-04 14:42 . 2015-09-09 11:48 356352 ----a-w- c:\windows\SysWow64\SettingSync.dll
2015-08-04 14:42 . 2015-09-09 11:48 100864 ----a-w- c:\windows\SysWow64\SettingSyncInfo.dll
2015-08-04 14:42 . 2015-09-09 11:48 2038784 ----a-w- c:\windows\SysWow64\authui.dll
2015-08-04 13:54 . 2015-09-09 11:48 1399808 ----a-w- c:\windows\system32\Windows.UI.Immersive.dll
2015-08-04 13:54 . 2015-09-09 11:48 10116608 ----a-w- c:\windows\system32\twinui.dll
2015-08-04 13:53 . 2015-09-09 11:48 449024 ----a-w- c:\windows\system32\SettingSync.dll
2015-08-04 13:53 . 2015-09-09 11:48 128512 ----a-w- c:\windows\system32\SettingSyncInfo.dll
2015-08-04 13:53 . 2015-09-09 11:48 2307584 ----a-w- c:\windows\system32\authui.dll
2015-08-01 16:21 . 2015-09-09 11:48 73352 ----a-w- c:\windows\system32\appidapi.dll
2015-08-01 15:22 . 2015-09-09 11:48 63992 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-08-01 13:56 . 2015-09-09 11:48 139776 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-08-01 13:56 . 2015-09-09 11:48 18432 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-08-01 13:56 . 2015-09-09 11:48 39424 ----a-w- c:\windows\system32\appidsvc.dll
2015-07-30 13:11 . 2015-08-12 15:55 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:10 . 2015-08-12 15:55 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-29 14:45 . 2015-08-12 15:56 1412608 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-29 13:52 . 2015-08-12 15:56 1280000 ----a-w- c:\windows\system32\FntCache.dll
2015-07-29 13:52 . 2015-08-12 15:56 1840640 ----a-w- c:\windows\system32\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93}]
2015-04-14 13:14 38104 ----a-w- c:\program files (x86)\PDF Architect 3\creator-ie-helper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2DFF3579-5AA7-45B9-9328-1D38EA230861}"= "c:\program files (x86)\PDF Architect 3\creator-ie-plugin.dll" [2015-04-14 496344]
.
[HKEY_CLASSES_ROOT\clsid\{2dff3579-5aa7-45b9-9328-1d38ea230861}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{882BBDC8-4C5D-46A7-8333-5F4E819666F4}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-10-07 782520]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-09-21 66320]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2015-08-19 3389160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-08-01 21:56 75680 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNe64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwNe64.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R4 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [x]
R4 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R4 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
R4 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe [x]
R4 PDF Architect 3 Creator;PDF Architect 3 Creator;c:\program files (x86)\PDF Architect 3\creator-ws.exe;c:\program files (x86)\PDF Architect 3\creator-ws.exe [x]
R4 PDF Architect 3;PDF Architect 3;c:\program files (x86)\PDF Architect 3\ws.exe;c:\program files (x86)\PDF Architect 3\ws.exe [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R4 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
R4 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys;c:\windows\SYSNATIVE\drivers\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\System32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SensorsServiceDriver;Služba Reflektor UMDF pro knihovnu SensorsServiceDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\System32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\System32\drivers\WUDFRd.sys;c:\windows\SYSNATIVE\drivers\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-15 14:42 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-28 17:56]
.
2015-10-24 c:\windows\Tasks\HPCeeScheduleForlegend_killer.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2015-10-18 1703424]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\program files (x86)\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.77.221.1 10.109.255.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-WinPatrol - c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe
AddRemove-Akamai - c:\users\xxx.xxx\AppData\Local\Akamai\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Avira\Launcher\Avira.Systray.exe
.
**************************************************************************
.
Celkový čas: 2015-10-24 14:50:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-10-24 12:50
ComboFix2.txt 2015-10-10 18:12
.
Před spuštěním: 633 338 859 520 bytes free
Po spuštění: 632 880 529 408 bytes free
.
- - End Of File - - 21CAD5E30A91A03321402C3F72596FC3

[Rudy]

Log je OK. Nevím, co způsobuje vypínání antiviru, ale vir to není. CF přejmenujte na uninstall a spusťte. CF bude odinstalován.

[levhart48]

Omlouvám se.. co se zkrývá pod zkratkou CF?

[Rudy]

ComboFix. V logu jsou jeho zbytky.

[levhart48]

CF odinstalován. Dnes po zapnutí PC se zase antivirus vypnul

[Rudy]

Na zkoušku Aviru odinstalujte a na zkoušku nainstalujte jiný antivir a vyzkoušejte, zda se bude také vypínat.

[levhart48]

Tak přepnul jsem na předinstalovaný program Windows defender od Microsoftu. Vypnul se mi ale asi po 30min. také (a to nebylo ani po startu PC). A když jsem v defendru klikl na "Spustit nyní" objevilo se mi okno: "Službu se nepodařilo spustit." "Skupina nebo prostředek nejsou ve správném stavu, aby mohli uskutečnit požadovanou operaci." "Další informace získáte kliknutím na tlačítko Nápověda." Takže mám pocit že mi asi nějaký ten vir poškodil OS.. Jak to ale řešit?

[Rudy]

Poslední možností je sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . PC proskenujte a pokud bude nalezen vir, smažte ho. Pokud by to nepomohlo, nebo by byl sken čistý, nezbude, než oprava systému.

[levhart48]

Tak ani tento program už nic nenašel. Oprava systému? Aha, a v čem to spočívá? To se mi smažou všechny programy? Já tu mam rýsovací programy (sem stavař), které nevím jestli půjdou potom znovu nainstalovat(license)..

[Rudy]

Obnovy do továrního nastavení by měla zachovat všechny dokumenty. Nicméně se doporučuje udělat zálohy.