VIRY.CZ

nedaří se mi spustit nouzový režim. držím f8 a nabídka nikde

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: Marťas [Práva správce]
Mód: Kontrola -- Datum: 07/29/2012 14:22:38

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SUSP PATH] SRNTService.exe -- C:\Windows\srntservice.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrů: 11 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-19[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-20[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-892274279-3574375534-938609954-1000[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3160812A ATA Device +++++
--- User ---
[MBR] 2e56ef81142f4b6a6eaee66c542dc8b2
[BSP] 6ff7d1e178389bea0dec6b543b0a8e87 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

C:\Windows\srntservice.exe
Kliknete na Choose file
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Scan It
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

https://www.virustotal.com/file/d6b4a44 ... 343564951/

OK, zatim avptool nechte tak, jeste zkusime jedno mazani

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Skript pro ComboFix (CF primo na c:\, skript tez) - postup jako minule

Kód: Vybrat vše

KillAll::

Collect::
C:\Windows\srntservice.exe

File::
C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\Profiles\s8dfs4ux.default\searchplugins\my-web-search.xml

Driver::
RegServ

Reboot::

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: Marťas [Práva správce]
Mód: Odebrat -- Datum: 07/29/2012 14:41:42

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SUSP PATH] SRNTService.exe -- C:\Windows\srntservice.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrů: 10 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> DELETED
[SUSP PATH] HKUS\.DEFAULT[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> DELETED
[SUSP PATH] HKUS\S-1-5-19[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> DELETED
[SUSP PATH] HKUS\S-1-5-20[...]\Run : RSRWin.exe (C:\Windows\RSRWin.exe) -> DELETED
[SUSP PATH] _uninst_19602099.lnk @Marťas : C:\Users\Marťas\AppData\Local\temp\_uninst_19602099.bat -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[12] : NtAdjustPrivilegesToken @ 0x834C1D8D -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EEE36)
SSDT[22] : NtAlpcConnectPort @ 0x834B244E -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F1074)
SSDT[23] : NtAlpcCreatePort @ 0x83431CFE -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F12EE)
SSDT[39] : NtAlpcSendWaitReceivePort @ 0x8348F0BE -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F1564)
SSDT[50] : NtClose @ 0x834814F8 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF74A)
SSDT[59] : ExpInterlockedPopEntrySListResume @ 0x834B4F59 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F057E)
SSDT[64] : NtCreateEvent @ 0x8347D7EF -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0AC8)
SSDT[66] : NtCreateFile @ 0x8348C362 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EFA26)
SSDT[74] : NtCreateMutant @ 0x8344D28E -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F09AE)
SSDT[75] : NtCreateNamedPipeFile @ 0x834BD749 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EEA24)
SSDT[77] : NtCreatePort @ 0x8342E851 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0882)
SSDT[84] : NtCreateSection @ 0x8346004D -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EEBCC)
SSDT[85] : NtCreateSemaphore @ 0x83442A85 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0BE8)
SSDT[87] : NtCreateThread @ 0x83518ED6 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF3D0)
SSDT[88] : NtCreateThreadEx @ 0x834AD34B -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF4CE)
SSDT[93] : NtCreateUserProcess @ 0x834AB27D -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F17AE)
SSDT[94] : NtCreateWaitablePort @ 0x833E11B8 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0918)
SSDT[96] : NtDebugActiveProcess @ 0x834EADB0 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F22D6)
SSDT[107] : NtDeviceIoControlFile @ 0x834B05F1 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EFEA8)
SSDT[111] : NtDuplicateObject @ 0x8346E65A -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F34E4)
SSDT[134] : NtFsControlFile @ 0x834928B0 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EFCB6)
SSDT[155] : NtLoadDriver @ 0x83402BFC -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F23C8)
SSDT[168] : NtMapViewOfSection @ 0x83483512 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2B30)
SSDT[177] : NtOpenEvent @ 0x8344CC8A -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0B5E)
SSDT[179] : NtOpenFile @ 0x8346EC7A -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF7CC)
SSDT[187] : NtOpenMutant @ 0x8349E2F0 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0A3E)
SSDT[190] : NtOpenProcess @ 0x8344EAD4 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF074)
SSDT[194] : NtOpenSection @ 0x834A689B -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F28CA)
SSDT[195] : NtOpenSemaphore @ 0x834221B8 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0C7E)
SSDT[198] : NtOpenThread @ 0x8349AF95 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EEF64)
SSDT[224] : NtQueryDirectoryObject @ 0x83495BFE -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F1868)
SSDT[254] : NtQuerySection @ 0x834B3C36 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2E6A)
SSDT[269] : NtQueueApcThread @ 0x83438D9C -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F275C)
SSDT[292] : NtReplaceKey @ 0x834D8B18 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26ED6DE)
SSDT[294] : NtReplyPort @ 0x8342DB2F -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0FE2)
SSDT[295] : NtReplyWaitReceivePort @ 0x8347574C -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F0EA8)
SSDT[299] : NtRequestWaitReplyPort @ 0x8347AA43 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2070)
SSDT[302] : NtRestoreKey @ 0x834CEB5C -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EDA56)
SSDT[304] : NtResumeThread @ 0x834AD572 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F3386)
SSDT[309] : NtSaveKey @ 0x834D03CE -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26ED676)
SSDT[312] : NtSecureConnectPort @ 0x8349AFCA -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F02C4)
SSDT[316] : NtSetContextThread @ 0x8351A755 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF5EC)
SSDT[336] : NtSetInformationToken @ 0x83440878 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F190A)
SSDT[347] : NtSetSecurityObject @ 0x8343E71E -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2566)
SSDT[350] : NtSetSystemInformation @ 0x8348B26C -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2FBA)
SSDT[366] : NtSuspendProcess @ 0x8351ABE3 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F30AC)
SSDT[367] : NtSuspendThread @ 0x834D2085 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F31E6)
SSDT[368] : NtSystemDebugControl @ 0x834C26BC -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F21FA)
SSDT[370] : NtTerminateProcess @ 0x83497BCD -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF21A)
SSDT[371] : NtTerminateThread @ 0x834B5584 -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF170)
SSDT[385] : NtUnmapViewOfSection @ 0x834A185A -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26F2D0E)
SSDT[399] : NtWriteVirtualMemory @ 0x8349C92A -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC26EF306)
S_SSDT[14] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27016D0)
S_SSDT[237] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27017A6)
S_SSDT[247] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701816)
S_SSDT[302] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC270173A)
S_SSDT[318] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701D9E)
S_SSDT[323] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC270187E)
S_SSDT[396] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27014F4)
S_SSDT[402] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701302)
S_SSDT[434] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701602)
S_SSDT[436] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC270134E)
S_SSDT[490] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701446)
S_SSDT[508] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC270139A)
S_SSDT[509] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27013EE)
S_SSDT[524] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC270158A)
S_SSDT[536] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27014A6)
S_SSDT[560] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701C50)
S_SSDT[585] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC2701248)
S_SSDT[588] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\5088511drv.sys @ 0xC27012A0)

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3160812A ATA Device +++++
--- User ---
[MBR] 2e56ef81142f4b6a6eaee66c542dc8b2
[BSP] 6ff7d1e178389bea0dec6b543b0a8e87 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: Marťas [Práva správce]
Mód: Oprava HOSTS -- Datum: 07/29/2012 14:42:03

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SUSP PATH] SRNTService.exe -- C:\Windows\srntservice.exe -> KILLED [TermProc]

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Fajn, nyni ComboFix, uz se nam to zacina objevovat

ComboFix 12-07-29.02 - Marťas 29.07.2012 14:50:25.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2972.1908 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Marťas\AppData\Roaming\Mozilla\Firefox\Profiles\s8dfs4ux.default\searchplugins\my-web-search.xml"
.
file zipped: c:\windows\srntservice.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\srntservice.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RegServ
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 12:57 . 2012-07-29 12:59 -------- d-----w- c:\users\Marťas\AppData\Local\temp
2012-07-29 12:57 . 2012-07-29 12:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 12:30 . 2012-07-29 12:30 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10088737-052A-417B-87BA-1049172930FB}\offreg.dll
2012-07-29 12:27 . 2012-07-29 12:27 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-29 09:26 . 2012-07-29 09:26 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 09:26 . 2012-07-29 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-29 09:26 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 01:38 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10088737-052A-417B-87BA-1049172930FB}\mpengine.dll
2012-07-27 06:10 . 2012-07-27 06:10 -------- d-----w- C:\_OTL
2012-07-27 06:00 . 2012-07-27 06:00 119808 ----a-r- c:\users\Marťas\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-07-27 06:00 . 2012-07-27 06:00 -------- d-----w- c:\users\Marťas\AppData\Local\Apps
2012-07-27 05:56 . 2012-07-27 05:56 -------- d-----w- C:\DriveKey
2012-07-27 05:55 . 2001-09-05 02:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-07-27 05:55 . 2001-09-05 02:18 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-07-27 05:55 . 2001-09-05 02:14 176128 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-07-27 05:55 . 2001-09-05 02:13 32768 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-07-27 05:55 . 2001-09-05 01:24 610436 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2012-07-26 06:19 . 2012-07-26 06:19 512 ----a-w- C:\PhysicalMBR.bin
2012-07-25 09:09 . 2009-08-03 22:31 3948600 ----a-r- c:\windows\system32\ntkrlStaforce.exe
2012-07-22 09:24 . 2012-07-22 09:24 -------- d-----w- c:\users\Marťas\AppData\Local\Adobe
2012-07-11 21:36 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-08 05:01 . 2012-07-08 05:01 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 17:50 . 2012-04-06 04:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 17:50 . 2011-05-19 16:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 06:00 . 2012-07-27 06:00 119808 ----a-r- c:\users\Marťas\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-07-27 06:00 . 2012-07-27 06:00 119808 ----a-r- c:\users\Marťas\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-07-03 16:21 . 2010-05-26 07:08 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-03-25 06:57 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-06-08 06:11 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-05-26 07:08 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-05-26 07:08 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-05-26 07:07 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-06-29 08:30 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-05-26 07:07 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 22:19 . 2012-06-22 17:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 17:30 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 17:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 17:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 17:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 17:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 17:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 17:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 17:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:40 . 2012-07-11 15:28 225280 ----a-w- c:\windows\system32\schannel.dll
2012-05-31 10:25 . 2010-05-25 19:49 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-12 07:58 . 2010-09-01 15:58 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2012-05-01 04:44 . 2012-06-13 04:25 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-18 18:00 . 2011-03-22 18:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-05 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-05 169496]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-25 7547424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-04-05 11:35 141848 ------w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-04-05 11:35 169496 ------w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-06-25 06:07 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 CFcatchme;CFcatchme;c:\users\MARAS~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [x]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dvdfabio;dvdfabio;c:\windows\system32\drivers\dvdfabio.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/10/30 10:08];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vdrive;vdrive;c:\windows\system32\DRIVERS\vdrive.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page =
uDefault_Search_URL =
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Marťas\AppData\Roaming\Mozilla\Firefox\Profiles\s8dfs4ux.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-07-29 15:03:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-29 13:03
ComboFix2.txt 2012-07-29 06:33
ComboFix3.txt 2012-07-28 10:25
.
Před spuštěním: Volných bajtů: 74 518 585 344
Po spuštění: Volných bajtů: 74 449 649 664
.
- - End Of File - - 43989824AF44FDD4F8EF1E8DC3B6DAFC
Nahr nˇ probŘhlo ŁspŘçnŘ

A nasleduje klasicka otazka - co nas pacient

Hurá konečně je to pryč.

díky moc

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Jinak nemate zac, rado se stalo

jestli ještě můžu jednu věc. v tom seznamu na odinstalování mám anno 2070. je to nějaká hra. ale když kliknu odinstalovat tak se spustí instalace. tak bych rád ten instalační soubor někde našel a vyhodil ale vůbec ho nemůžu najít kde je

Udelejte log z RSIT a dejte mi sem oba logy (log.txt i info.txt)...on tam muze byt jen zapomenuty zaznam v registru

Dobrý už jsem ten soubor našel. a ze seznamu jsem to smazal. tak ještě jednou teda mockrát díky

Super, sikula

Jeste jednou, neni opravdu zac, bylo mi potesenim

VIRY.CZ

prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku

Re: prosím o preventivku