Prosím o kontrolu

Zpráva

hav.pet · #16 Příspěvek od **hav.pet** » 13 lis 2012 15:06

To je pravda,že jsem tam měla nebo ještě mám 2 sw.Avast určitě ponecháme.MSE jsem tam taky měla,ale zmyzel mi po testu z oznamovacího pole a navíc jsem ho měla vypnut,právě proto,aby se nepletly. Bránu Firewall mám od windows a antivir.program by měl být Avast.

#17 Příspěvek od **vyosek** » 13 lis 2012 19:11

Projedte PC timto http://go.microsoft.com/?linkid=9748340 a pak jeste timto http://download.microsoft.com/download/ ... leanUp.exe - tim se zbavime zbytku po MSE

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

hav.pet · #18 Příspěvek od **hav.pet** » 13 lis 2012 20:53

Toto my vyběhlo po druhém scanu a restartu pc. Nevím jak se dělají screeny,tak aspoň takto jsem to sem vložila

---------------------------
Microsoft Security Client
---------------------------
An error has occurred in the program during initialization. If this problem continues, please contact your system administrator.

Error code: 0x80070002
---------------------------
OK
---------------------------

#19 Příspěvek od **vyosek** » 13 lis 2012 20:54

OK, on je ten MSE poskozeny, takze to asi neprobehlo jak melo, nevadi, uvidime co tam zbylo a pripadne docistime rucne...

Ten aplikujte ten skript pro ComboFix

hav.pet · #20 Příspěvek od **hav.pet** » 13 lis 2012 21:02

Po vložení do Combo Fixu,chce po mě Combo update.Mám ho dát nebo ne?

#21 Příspěvek od **vyosek** » 13 lis 2012 21:20

Ano, update (aktualizaci povolte), sUBs (autor CF) asi pridal nejake dalsi vecicky - kolikrat jej aktualizuje i 3x denne

hav.pet · #22 Příspěvek od **hav.pet** » 13 lis 2012 21:46

Aktualizace proběhla, CF my udělal log,ale nešlo zapnout zabezpečení pc a nešlo kliknout na nic. Respektive otevřít,takže jsem provedla další restart,zapnula bránu firewall a Avast a teď nevím,kde ten log mám. Opět my vyskakuje okénko s hlášením "výstraha zabezpečení". Kam se mi ten nový log uložil?

#23 Příspěvek od **vyosek** » 13 lis 2012 21:49

Log mi mel byt na c:\combofix

Ta vystraha ted bude chvili skata nez dokoncime leceni, pak ji vypneme

hav.pet · #24 Příspěvek od **hav.pet** » 13 lis 2012 21:51

Tak už jsem ho našla,byl na C:/ComboFix. Takže přikládám

ComboFix 12-11-13.02 - Owner 13.11.2012 21:29:26.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.16375.14560 [GMT 1:00]
Spuštěný z: e:\dokumenty\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\dokumenty\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-13 do 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2012-11-13 20:33 . 2012-11-13 20:33 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-11-13 20:33 . 2012-11-13 20:33 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-11-13 20:33 . 2012-11-13 20:33 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-11-13 20:33 . 2012-11-13 20:33 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-11-13 20:33 . 2012-11-13 20:33 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-11-13 20:33 . 2012-11-13 20:33 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-11-13 20:33 . 2012-11-13 20:33 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-11-13 20:33 . 2012-11-13 20:33 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-11-13 19:44 . 2012-11-13 19:44 -------- d-----w- C:\WINSSLog
2012-11-13 19:41 . 2012-11-13 19:41 21180 ----a-w- C:\FixitRegBackup.reg
2012-11-13 06:53 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5434B6-D756-46EA-B8FB-AF05512B27C7}\mpengine.dll
2012-11-12 20:49 . 2012-11-12 20:49 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-11-12 20:48 . 2012-11-12 20:48 -------- d-----w- c:\programdata\Malwarebytes
2012-11-12 20:48 . 2012-11-12 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-12 20:48 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 10:43 . 2012-11-12 10:44 -------- d-----w- C:\rsit
2012-11-12 10:43 . 2012-11-12 10:44 -------- d-----w- c:\program files\trend micro
2012-11-11 22:19 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\VDLL.DLL
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\rundll16.exe
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\logo1_.exe
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\logo_1.exe
2012-11-11 11:08 . 2012-11-11 11:08 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2012-11-11 11:08 . 2012-11-11 11:08 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2012-11-11 11:08 . 2012-11-11 11:08 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2012-11-11 11:08 . 2012-11-11 11:08 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2012-11-11 11:08 . 2012-11-11 11:08 -------- d-----w- c:\programdata\MicroWorld
2012-11-07 13:01 . 2012-11-07 13:01 -------- d-----w- c:\programdata\ATI
2012-11-07 13:01 . 2012-11-07 13:01 -------- d-----w- c:\programdata\AMD
2012-11-07 13:01 . 2012-11-07 13:01 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-07 13:01 . 2012-11-07 13:01 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-07 13:00 . 2012-11-07 13:01 -------- d-----w- c:\program files\ATI Technologies
2012-11-07 12:58 . 2012-11-07 12:58 -------- d-----w- C:\AMD
2012-11-05 14:14 . 2012-11-13 19:07 -------- d-----w- c:\users\Owner\AppData\Roaming\.minecraft
2012-10-30 10:02 . 2007-10-22 02:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll
2012-10-30 09:53 . 2012-10-30 09:53 -------- d-----w- c:\programdata\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2012-04-29 04:01 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-04-29 04:22 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-04-29 04:01 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-04-29 04:01 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-04-29 04:01 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-04-29 04:00 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-04-29 04:00 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-04-29 04:01 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-04-29 04:22 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-10 06:49 . 2012-05-01 04:38 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 16:51 . 2012-08-24 17:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 16:51 . 2012-08-24 17:25 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-28 14:37 . 2012-09-28 14:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 14:36 . 2012-09-28 14:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 14:36 . 2012-09-28 14:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 14:36 . 2012-09-28 14:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 14:36 . 2012-09-28 14:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 14:36 . 2012-09-28 14:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 14:32 . 2012-09-28 14:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 14:28 . 2012-09-28 14:28 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-28 14:28 . 2012-09-28 14:28 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-09-28 02:23 . 2010-09-29 01:28 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2010-09-29 01:55 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2010-09-29 01:54 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2010-09-29 01:46 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-09-28 01:31 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-09-28 01:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2010-09-29 01:37 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2010-09-29 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2010-09-29 01:14 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2010-09-29 01:14 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2010-09-29 01:13 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-14 19:19 . 2012-10-10 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 05:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 14:35 . 2012-05-28 12:37 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-13 14:35 . 2012-05-28 12:34 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-12 15:17 . 2012-05-28 12:34 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-12 15:16 . 2012-05-28 12:34 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-12 15:03 . 2012-09-12 15:07 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-08-31 18:19 . 2012-10-10 05:32 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 19:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:03 . 2012-10-10 05:32 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 05:32 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 05:32 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 05:32 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 05:32 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 17:58 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 17:58 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 17:58 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 17:58 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 17:58 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 17:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 17:58 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 17:58 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 17:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 17:58 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 17:58 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 17:58 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 17:58 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 17:58 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 17:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 17:58 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 17:58 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 17:58 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 17:58 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 17:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 17:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="e:\program files\WFDTV\WFWIZ.exe" [2010-07-22 2920448]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-09-30 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"WinFastDTV"="e:\program files\WFDTV\DTVSchdl.exe" [2010-06-09 101888]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"BCSSync"="e:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-01 1255736]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-30 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 TomTomHOMEService;TomTomHOMEService;e:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 176640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - e:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - e:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wxvixr9s.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MsMpSvc
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2012-11-13 21:34:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-13 20:34
ComboFix2.txt 2012-11-13 07:33
.
Před spuštěním: Volných bajtů: 35 825 442 816
Po spuštění: Volných bajtů: 35 599 400 960
.
- - End Of File - - 5B7D7700C84134CFF094255CE590AF39

hav.pet · #25 Příspěvek od **hav.pet** » 13 lis 2012 21:57

Zase mi vyběhla hláška :

---------------------------
Microsoft Security Client
---------------------------
An error has occurred in the program during initialization. If this problem continues, please contact your system administrator.

Error code: 0x80070002
---------------------------
OK
---------------------------

#26 Příspěvek od **vyosek** » 14 lis 2012 19:52

Dalsi skript pro ComboFix - postup stejny

Kód: Vybrat vše

KillAll::

SecCenter::
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
{B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
{0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

Folder::
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5434B6-D756-46EA-B8FB-AF05512B27C7}
c:\program files\Microsoft Security Client

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

Reboot::

hav.pet · #27 Příspěvek od **hav.pet** » 14 lis 2012 20:14

Dobrý večer. Přikládám log z CF.

ComboFix 12-11-14.01 - Owner 14.11.2012 20:02:52.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.16375.14334 [GMT 1:00]
Spuštěný z: e:\dokumenty\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\dokumenty\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Microsoft Security Client
c:\program files\Microsoft Security Client\Antimalware\CS-CZ\MpAsDesc.dll.mui
c:\program files\Microsoft Security Client\Antimalware\CS-CZ\MpEvMsg.dll.mui
c:\program files\Microsoft Security Client\Backup\amd64\dw20shared.msi
c:\program files\Microsoft Security Client\Backup\amd64\epp.msi
c:\program files\Microsoft Security Client\Backup\amd64\setup.exe
c:\program files\Microsoft Security Client\Backup\amd64\sqmapi.dll
c:\program files\Microsoft Security Client\Backup\amd64\Windows6.0-KB981889-v2.msu
c:\program files\Microsoft Security Client\Backup\amd64\Windows6.1-KB981889.msu
c:\program files\Microsoft Security Client\Backup\cs-cz\EULA.RTF
c:\program files\Microsoft Security Client\Backup\cs-cz\setupres.dll.mui
c:\program files\Microsoft Security Client\Backup\EppManifest.dll
c:\program files\Microsoft Security Client\Backup\setupres.dll
c:\program files\Microsoft Security Client\cs-cz\amhelp.chm
c:\program files\Microsoft Security Client\cs-cz\eula.rtf
c:\program files\Microsoft Security Client\cs-cz\MpAsDesc.dll.mui
c:\program files\Microsoft Security Client\cs-cz\MpEvMsg.dll.mui
c:\program files\Microsoft Security Client\cs-cz\MsMpRes.dll.mui
c:\program files\Microsoft Security Client\cs-cz\msseooberes.dll.mui
c:\program files\Microsoft Security Client\cs-cz\setupres.dll.mui
c:\program files\Microsoft Security Client\cs-cz\shellext.dll.mui
c:\program files\Microsoft Security Client\DbgHelp.dll
c:\program files\Microsoft Security Client\Drivers\Backup\mpfilter\mpfilter.cat
c:\program files\Microsoft Security Client\Drivers\Backup\mpfilter\mpfilter.inf
c:\program files\Microsoft Security Client\Drivers\Backup\mpfilter\mpfilter.sys
c:\program files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.cat
c:\program files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.inf
c:\program files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.man
c:\program files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys
c:\program files\Microsoft Security Client\Drivers\mpfilter\mpfilter.cat
c:\program files\Microsoft Security Client\Drivers\mpfilter\mpfilter.inf
c:\program files\Microsoft Security Client\Drivers\mpfilter\mpfilter.sys
c:\program files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.cat
c:\program files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.inf
c:\program files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.man
c:\program files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys
c:\program files\Microsoft Security Client\en-us\amhelp.chm
c:\program files\Microsoft Security Client\en-us\eula.rtf
c:\program files\Microsoft Security Client\en-us\MpAsDesc.dll.mui
c:\program files\Microsoft Security Client\en-us\mpevmsg.dll.mui
c:\program files\Microsoft Security Client\en-us\MsMpRes.dll.mui
c:\program files\Microsoft Security Client\en-us\msseooberes.dll.mui
c:\program files\Microsoft Security Client\en-us\setupres.dll.mui
c:\program files\Microsoft Security Client\en-us\shellext.dll.mui
c:\program files\Microsoft Security Client\EppManifest.dll
c:\program files\Microsoft Security Client\MpAsDesc.dll
c:\program files\Microsoft Security Client\MpClient.dll
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\program files\Microsoft Security Client\MpCommu.dll
c:\program files\Microsoft Security Client\mpevmsg.dll
c:\program files\Microsoft Security Client\MpOAv.dll
c:\program files\Microsoft Security Client\MpRTP.dll
c:\program files\Microsoft Security Client\MpSvc.dll
c:\program files\Microsoft Security Client\MSESysprep.dll
c:\program files\Microsoft Security Client\MsMpCom.dll
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Microsoft Security Client\MsMpLics.dll
c:\program files\Microsoft Security Client\MsMpRes.dll
c:\program files\Microsoft Security Client\msseces.exe
c:\program files\Microsoft Security Client\msseoobe.exe
c:\program files\Microsoft Security Client\msseooberes.dll
c:\program files\Microsoft Security Client\MsseWat.dll
c:\program files\Microsoft Security Client\NisIpsPlugin.dll
c:\program files\Microsoft Security Client\NisLog.dll
c:\program files\Microsoft Security Client\NisSrv.exe
c:\program files\Microsoft Security Client\NisWFP.dll
c:\program files\Microsoft Security Client\Setup.exe
c:\program files\Microsoft Security Client\SetupRes.dll
c:\program files\Microsoft Security Client\shellext.dll
c:\program files\Microsoft Security Client\sqmapi.dll
c:\program files\Microsoft Security Client\SymSrv.dll
c:\program files\Microsoft Security Client\SymSrv.yes
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5434B6-D756-46EA-B8FB-AF05512B27C7}
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5434B6-D756-46EA-B8FB-AF05512B27C7}\mpasbase.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5434B6-D756-46EA-B8FB-AF05512B27C7}\mpasdlta.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5434B6-D756-46EA-B8FB-AF05512B27C7}\mpavbase.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5434B6-D756-46EA-B8FB-AF05512B27C7}\mpavdlta.vdm
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5434B6-D756-46EA-B8FB-AF05512B27C7}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NisSrv
-------\Service_NisSrv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-14 do 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-14 19:05 . 2012-11-14 19:05 -------- d-----w- c:\users\filip\AppData\Local\temp
2012-11-14 19:05 . 2012-11-14 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 19:44 . 2012-11-13 19:44 -------- d-----w- C:\WINSSLog
2012-11-13 19:41 . 2012-11-13 19:41 21180 ----a-w- C:\FixitRegBackup.reg
2012-11-12 20:49 . 2012-11-12 20:49 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-11-12 20:48 . 2012-11-12 20:48 -------- d-----w- c:\programdata\Malwarebytes
2012-11-12 20:48 . 2012-11-12 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-12 20:48 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 10:43 . 2012-11-12 10:44 -------- d-----w- C:\rsit
2012-11-12 10:43 . 2012-11-12 10:44 -------- d-----w- c:\program files\trend micro
2012-11-11 22:19 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\VDLL.DLL
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\rundll16.exe
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\logo1_.exe
2012-11-11 11:19 . 2012-11-11 11:19 -------- d---a-w- c:\windows\logo_1.exe
2012-11-11 11:08 . 2012-11-11 11:08 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2012-11-11 11:08 . 2012-11-11 11:08 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2012-11-11 11:08 . 2012-11-11 11:08 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2012-11-11 11:08 . 2012-11-11 11:08 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2012-11-11 11:08 . 2012-11-11 11:08 -------- d-----w- c:\programdata\MicroWorld
2012-11-07 13:01 . 2012-11-07 13:01 -------- d-----w- c:\programdata\ATI
2012-11-07 13:01 . 2012-11-07 13:01 -------- d-----w- c:\programdata\AMD
2012-11-07 13:01 . 2012-11-07 13:01 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-07 13:01 . 2012-11-07 13:01 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-07 13:00 . 2012-11-07 13:01 -------- d-----w- c:\program files\ATI Technologies
2012-11-07 12:58 . 2012-11-07 12:58 -------- d-----w- C:\AMD
2012-11-05 14:14 . 2012-11-14 14:54 -------- d-----w- c:\users\Owner\AppData\Roaming\.minecraft
2012-10-30 10:02 . 2007-10-22 02:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll
2012-10-30 09:53 . 2012-10-30 09:53 -------- d-----w- c:\programdata\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2012-04-29 04:01 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-04-29 04:22 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-04-29 04:01 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-04-29 04:01 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-04-29 04:01 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-04-29 04:00 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-04-29 04:00 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-04-29 04:01 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-04-29 04:22 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-10 06:49 . 2012-05-01 04:38 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 16:51 . 2012-08-24 17:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 16:51 . 2012-08-24 17:25 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-28 14:37 . 2012-09-28 14:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 14:36 . 2012-09-28 14:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 14:36 . 2012-09-28 14:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 14:36 . 2012-09-28 14:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 14:36 . 2012-09-28 14:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 14:36 . 2012-09-28 14:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 14:32 . 2012-09-28 14:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 14:28 . 2012-09-28 14:28 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-28 14:28 . 2012-09-28 14:28 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-09-28 02:23 . 2010-09-29 01:28 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2010-09-29 01:55 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2010-09-29 01:54 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2010-09-29 01:46 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-09-28 01:31 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-09-28 01:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2010-09-29 01:37 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2010-09-29 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2010-09-29 01:14 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2010-09-29 01:14 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2010-09-29 01:13 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-14 19:19 . 2012-10-10 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 05:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 14:35 . 2012-05-28 12:37 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-13 14:35 . 2012-05-28 12:34 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-12 15:17 . 2012-05-28 12:34 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-12 15:16 . 2012-05-28 12:34 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-12 15:03 . 2012-09-12 15:07 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-08-31 18:19 . 2012-10-10 05:32 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 19:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:03 . 2012-10-10 05:32 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 05:32 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 05:32 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 05:32 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 05:32 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 17:58 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 17:58 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 17:58 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 17:58 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 17:58 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 17:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 17:58 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 17:58 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 17:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 17:58 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 17:58 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 17:58 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 17:58 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 17:58 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 17:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 17:58 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 17:58 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 17:58 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 17:58 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 17:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 17:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="e:\program files\WFDTV\WFWIZ.exe" [2010-07-22 2920448]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-09-30 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"WinFastDTV"="e:\program files\WFDTV\DTVSchdl.exe" [2010-06-09 101888]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"BCSSync"="e:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-01 1255736]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-30 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 TomTomHOMEService;TomTomHOMEService;e:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 176640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - e:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - e:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wxvixr9s.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2012-11-14 20:08:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-14 19:08
ComboFix2.txt 2012-11-13 20:34
ComboFix3.txt 2012-11-13 07:33
.
Před spuštěním: Volných bajtů: 35 077 066 752
Po spuštění: Volných bajtů: 34 781 077 504
.
- - End Of File - - 9B7479A70FAEDDA4F4225AA26991ADD0

#28 Příspěvek od **vyosek** » 14 lis 2012 20:18

Jak se chova nas pacient nyni

hav.pet · #29 Příspěvek od **hav.pet** » 14 lis 2012 20:32

Pacient si ze mě dělá srandu.Upozorňuje mě pořád na výstrahu zabezpečení a přijde mi,že pomalu načítá mail od seznamu.Ale to je asi normální.Co předělaly všem schránky,tak od té doby to jde pomalu.Někdy ještě pomalejš.Jak to vidíte vy? Už to vypadá dobře? Ta hláška Microsoft security client už mi po restartu nevyběhla.

#30 Příspěvek od **vyosek** » 15 lis 2012 08:37

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Start - Ovladací panely - Uživatelské účty - Nastavení Řízení uživatelských účtů - nastavit Nikdy mě neupozorňoval(posuvník zcela dole)

Mail od seznamu je spatnej, i me to dela

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu