VIRY.CZ

Ahojte, moc vás prosím o pomoc. Blbne mi notebook. Najíždí poměrně dlouho systém a plocha, a většinou když najede, tak mi vyskočí hláška "Systém Windows musí být restartován, protože služba Spouštěč procesů serveru DCOM byla neočekávaně ukončena. Pak mi nejde zvuk, když kliknu na stav baterie tak tam mám napsáno "Server RPC není k dispozici", a když chci otevřít průzkumníka, počítač, ovládací panely apod. Tak mi to hodí podobnou hlášku. To že systém musí být restartován vypínám přes cmd příkazem shutdown -a. Nechal jsem celý disk projet MBAM - nic nenašel, Avastem - také nic nenašel, a pak jsem si stáhl MWAV - našel asi 6 virů. Jinak ty chyby ve službách se mi občas podaří opravit programem Tweaking.com - Windows Repair (All-in-one), ale jde to tak na dva restarty systému, pak se chyba objeví znovu. Než mi začala skákat tahle hláška, tak tam byla služba Napájení a Plug and Play, ale to jsem si ve službách nastavil, aby to při pádu služby nerestartovalo PC. Jenže u této služby to nejde. Dal bych log z RSIT, jenže ten mi nefunguje, tak přikládám log z DDS. Prosím o rychlejší pomoc pokud to půjde. Mockrát děkuji

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2
Run by wazzir at 18:15:30 on 2013-03-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2975.835 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\wazzir\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files\System Explorer\service\SystemExplorerService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Facebook Update] "c:\users\wazzir\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SystemExplorerAutoStart] "c:\program files\system explorer\SystemExplorer.exe" /TRAY
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
StartupFolder: c:\users\wazzir\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\wazzir\appdata\local\facebook\messenger\2.1.4814.0\FacebookMessenger.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:153
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{8429620B-D013-41B1-93BB-4086B7872A6D} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{8429620B-D013-41B1-93BB-4086B7872A6D}\3484144514D49425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8429620B-D013-41B1-93BB-4086B7872A6D}\7697D6465787 : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{8429620B-D013-41B1-93BB-4086B7872A6D}\B657C647572716 : DHCPNameServer = 192.168.1.1
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\wazzir\appdata\roaming\mozilla\firefox\profiles\l8y45beo.default-1357922519814\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\wazzir\appdata\local\facebook\messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\wazzir\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-02-23 16:44; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\wazzir\appdata\roaming\mozilla\firefox\profiles\l8y45beo.default-1357922519814\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-03-08 20:00; firefox@mega.co.nz; c:\users\wazzir\appdata\roaming\mozilla\firefox\profiles\l8y45beo.default-1357922519814\extensions\firefox@mega.co.nz.xpi
FF - ExtSQL: 2013-03-23 18:46; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2013-03-25 07:26; bartap@philikon.de; c:\users\wazzir\appdata\roaming\mozilla\firefox\profiles\l8y45beo.default-1357922519814\extensions\bartap@philikon.de.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-3-24 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-3-24 199384]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-23 49248]
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2012-9-11 530752]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2012-9-11 24896]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2009-2-3 63096]
R1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [2013-3-24 101656]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-24 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-23 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-23 368176]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2011-1-26 24680]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2012-6-23 87968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-23 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-23 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-23 45248]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-3-24 136912]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-1-18 17920]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek usb 2.0 card reader\RIconMan.exe [2012-12-4 1828496]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-11 682344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-11 398184]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-23 21104]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-12-4 190976]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-12-4 585872]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2011-9-8 1117800]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-8-31 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-6-27 30312]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-23 164736]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-10-18 504360]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-10-18 33832]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-6-23 227896]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2012-12-31 13440]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-1-1 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-1-1 10200]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-27 14848]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-6-27 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-6-27 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-6-27 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-6-27 114280]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-27 49664]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416]
S4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
S4 IAStorDataMgrSvc;Úložná technologie Intel® Rapid;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-9-21 7168]
.
=============== Created Last 30 ================
.
2013-03-27 15:49:42 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{80c2905e-923b-4374-b610-d34aaf08a238}\mpengine.dll
2013-03-25 17:08:33 -------- d-----w- c:\windows\system32\catroot2
2013-03-25 16:49:25 1536 ----a-w- c:\windows\system32\wbem\WMIObjectsMigration.bin
2013-03-25 16:45:02 -------- d-----w- C:\RegBackup
2013-03-25 16:35:45 -------- d-----w- c:\program files\Tweaking.com
2013-03-25 16:34:55 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-03-25 15:03:29 22288 ----a-w- c:\windows\system32\temp.004
2013-03-25 15:03:27 492304 ----a-w- c:\windows\system32\temp.001
2013-03-25 15:03:27 16896 ----a-w- c:\windows\system32\temp.003
2013-03-25 15:03:27 1347344 ----a-w- c:\windows\system32\MSVBVM50.DLL
2013-03-25 15:03:27 118544 ----a-w- c:\windows\system32\temp.000
2013-03-25 15:03:27 114960 ----a-w- c:\windows\system32\temp.002
2013-03-25 15:03:27 109056 ----a-w- c:\windows\system32\UNINSTAL.EXE
2013-03-25 15:03:27 -------- d-----w- c:\windows\system32\BACKUP
2013-03-25 15:03:09 935632 ----a-w- c:\windows\system32\Vb40016.dll
2013-03-25 15:03:09 722192 ----a-w- c:\windows\system32\Vb40032.dll
2013-03-25 15:02:58 935632 ----a-w- c:\windows\system\Vb40016.dll
2013-03-25 15:02:58 722192 ----a-w- c:\windows\system\Vb40032.dll
2013-03-24 15:55:04 -------- d-----w- c:\users\wazzir\appdata\roaming\Unity
2013-03-24 14:22:08 -------- d-----w- c:\users\wazzir\appdata\local\Unity
2013-03-24 12:13:42 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-03-24 12:13:41 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-03-24 12:13:40 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-24 12:13:29 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-03-23 20:50:37 -------- d-----w- c:\programdata\SystemExplorer
2013-03-23 20:50:33 -------- d-----w- c:\program files\System Explorer
2013-03-23 20:24:53 -------- d-----w- c:\users\wazzir\appdata\local\GHISLER
2013-03-23 20:24:38 305152 ----a-w- c:\windows\IsUninst.exe
2013-03-23 17:47:15 -------- d-----w- c:\users\wazzir\appdata\local\Google
2013-03-23 17:47:05 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-23 17:47:01 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-23 17:46:59 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-23 17:46:58 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-23 17:46:56 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-23 17:46:44 41664 ----a-w- c:\windows\avastSS.scr
2013-03-23 17:46:29 -------- d-----w- c:\program files\AVAST Software
2013-03-23 17:43:47 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-03-23 17:43:41 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-03-23 17:43:40 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-03-23 17:43:39 572928 ----a-w- c:\windows\system32\msvcp90.dll
2013-03-23 17:43:38 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-03-23 17:43:37 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-03-23 17:43:31 -------- d-----w- c:\program files\common files\MicroWorld
2013-03-23 17:43:18 -------- d-----w- c:\programdata\MicroWorld
2013-03-23 15:14:54 -------- d-----w- c:\program files\ESET
2013-03-23 13:46:58 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2013-03-23 13:35:34 -------- d-----w- c:\program files\Microsoft Virtual PC
2013-03-21 16:40:27 468056 ----a-w- C:\procdump.exe
2013-03-21 16:34:33 2820744 ----a-w- C:\SysInspector.exe
2013-03-21 16:34:19 -------- d-----w- c:\program files\Belarc
2013-03-19 12:12:27 72781824 ----a-w- C:\ess_nt32_csy.msi
2013-03-16 18:07:51 -------- d-----w- c:\programdata\SoftSafe
2013-03-16 18:06:01 -------- d-----w- c:\programdata\InstallMate
2013-03-15 02:03:38 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-13 05:15:40 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 05:15:39 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-08 05:48:39 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-06 15:21:26 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-04 13:11:36 -------- d-----w- C:\ESET
2013-03-01 20:09:19 -------- d-----w- c:\programdata\AVAST Software
2013-02-28 08:33:20 512 ----a-w- C:\PhysicalMBR.bin
2013-02-27 22:02:36 53966 ----a-w- c:\windows\system32\epfwdata.bin
2013-02-26 11:45:22 -------- d-----w- c:\programdata\[Manufacturer]
2013-02-26 11:44:19 -------- d-----w- c:\users\wazzir\appdata\roaming\4GF.CZ
2013-02-26 10:22:24 -------- d-----w- c:\program files\trend micro
2013-02-26 08:15:44 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2013-03-23 12:41:59 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-23 12:41:36 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-23 12:41:36 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-20 18:09:59 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-13 18:30:33 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 15:21:17 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 15:21:17 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-23 21:49:23 44544 ----a-w- c:\windows\system32\Gif89.dll
2013-02-13 00:26:34 42880 ----a-w- c:\windows\system32\xfcodec.dll
2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30:34 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22:22 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54:01 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37:57 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-11 16:11:56 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-01-11 16:10:05 22328 ----a-w- c:\users\wazzir\appdata\roaming\PnkBstrK.sys
2013-01-11 16:09:27 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2013-01-10 08:25:20 46056 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2013-01-05 05:00:15 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 04:50:52 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00:29 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05:20 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04:43 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-29 20:59:38 24184 ----a-w- c:\windows\system32\speedfan.sys
.
============= FINISH: 18:17:28,81 ===============

Zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Tady to je

ComboFix 13-03-27.01 - wazzir 27.03.2013 23:29:04.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2975.880 [GMT 1:00]
Spuštěný z: c:\users\wazzir\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system\Vb40032.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-27 do 2013-03-27 )))))))))))))))))))))))))))))))
.
.
2013-03-27 15:49 . 2013-03-19 04:50 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80C2905E-923B-4374-B610-D34AAF08A238}\mpengine.dll
2013-03-25 17:08 . 2013-03-25 17:17 -------- d-----w- c:\windows\system32\catroot2
2013-03-25 16:49 . 2013-03-26 20:52 1536 ----a-w- c:\windows\system32\wbem\WMIObjectsMigration.bin
2013-03-25 16:45 . 2013-03-25 16:45 -------- d-----w- C:\RegBackup
2013-03-25 16:35 . 2013-03-25 16:41 -------- d-----w- c:\program files\Tweaking.com
2013-03-25 16:34 . 2013-03-25 16:34 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-03-25 15:03 . 1996-10-31 11:47 22288 ----a-w- c:\windows\system32\temp.004
2013-03-25 15:03 . 2013-03-25 15:03 -------- d-----w- c:\windows\system32\BACKUP
2013-03-25 15:03 . 1997-07-19 14:55 1347344 ----a-w- c:\windows\system32\MSVBVM50.DLL
2013-03-25 15:03 . 1997-07-07 10:33 109056 ----a-w- c:\windows\system32\UNINSTAL.EXE
2013-03-25 15:03 . 1997-05-19 07:08 492304 ----a-w- c:\windows\system32\temp.001
2013-03-25 15:03 . 1997-05-19 07:08 16896 ----a-w- c:\windows\system32\temp.003
2013-03-25 15:03 . 1997-05-19 07:08 114960 ----a-w- c:\windows\system32\temp.002
2013-03-25 15:03 . 1997-05-19 07:08 118544 ----a-w- c:\windows\system32\temp.000
2013-03-25 15:03 . 1996-01-12 02:00 935632 ----a-w- c:\windows\system32\Vb40016.dll
2013-03-25 15:03 . 1996-01-12 02:00 722192 ----a-w- c:\windows\system32\Vb40032.dll
2013-03-25 15:02 . 1996-01-12 02:00 935632 ----a-w- c:\windows\system\Vb40016.dll
2013-03-24 15:55 . 2013-03-24 15:55 -------- d-----w- c:\users\wazzir\AppData\Roaming\Unity
2013-03-24 14:22 . 2013-03-24 14:22 -------- d-----w- c:\users\wazzir\AppData\Local\Unity
2013-03-24 12:13 . 2013-03-06 23:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-03-24 12:13 . 2013-03-06 23:33 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-03-24 12:13 . 2013-03-06 23:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-24 12:13 . 2013-03-06 23:11 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-03-23 20:50 . 2013-03-23 20:53 -------- d-----w- c:\programdata\SystemExplorer
2013-03-23 20:50 . 2013-03-23 20:50 -------- d-----w- c:\program files\System Explorer
2013-03-23 20:24 . 2013-03-23 20:24 -------- d-----w- c:\users\wazzir\AppData\Local\GHISLER
2013-03-23 20:24 . 1998-07-30 12:51 305152 ----a-w- c:\windows\IsUninst.exe
2013-03-23 17:47 . 2013-03-23 17:51 -------- d-----w- c:\users\wazzir\AppData\Local\Google
2013-03-23 17:47 . 2013-03-23 17:48 -------- d-----w- c:\program files\Google
2013-03-23 17:47 . 2013-03-06 23:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-23 17:47 . 2013-03-06 23:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-23 17:47 . 2013-03-06 23:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-23 17:47 . 2013-03-06 23:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-23 17:47 . 2013-03-06 23:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-23 17:46 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-23 17:46 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-23 17:46 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-23 17:46 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-23 17:46 . 2013-03-23 17:46 -------- d-----w- c:\program files\AVAST Software
2013-03-23 17:43 . 2013-03-23 17:43 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-03-23 17:43 . 2013-03-23 17:43 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-03-23 17:43 . 2013-03-23 17:43 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-03-23 17:43 . 2013-03-23 17:43 572928 ----a-w- c:\windows\system32\msvcp90.dll
2013-03-23 17:43 . 2013-03-23 17:43 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-03-23 17:43 . 2013-03-23 17:43 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-03-23 17:43 . 2013-03-23 17:43 -------- d-----w- c:\program files\Common Files\MicroWorld
2013-03-23 17:43 . 2013-03-23 17:43 -------- d-----w- c:\programdata\MicroWorld
2013-03-23 17:32 . 2013-03-23 17:39 -------- d-----w- c:\users\wazzir\AppData\Roaming\Download Manager
2013-03-23 15:14 . 2013-03-23 15:14 -------- d-----w- c:\program files\ESET
2013-03-23 13:46 . 2013-03-23 13:46 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2013-03-23 13:35 . 2013-03-23 13:35 -------- d-----w- c:\program files\Microsoft Virtual PC
2013-03-21 16:40 . 2013-01-22 22:12 468056 ----a-w- C:\procdump.exe
2013-03-21 16:34 . 2013-03-04 13:13 2820744 ----a-w- C:\SysInspector.exe
2013-03-21 16:34 . 2013-03-21 16:34 -------- d-----w- c:\program files\Belarc
2013-03-19 12:12 . 2012-11-05 22:56 72781824 ----a-w- C:\ess_nt32_csy.msi
2013-03-16 18:07 . 2013-03-16 18:07 -------- d-----w- c:\programdata\SoftSafe
2013-03-16 18:06 . 2013-03-16 18:07 -------- d-----w- c:\programdata\InstallMate
2013-03-15 02:03 . 2013-03-15 02:03 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-13 05:15 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 05:15 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-08 05:48 . 2013-03-13 18:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-06 15:21 . 2013-03-06 15:21 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 15:21 . 2013-03-06 15:21 -------- d-----w- c:\program files\Java
2013-03-04 13:11 . 2013-03-20 05:23 -------- d-----w- C:\ESET
2013-03-01 20:21 . 2013-03-06 23:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-01 20:09 . 2013-03-23 17:46 -------- d-----w- c:\programdata\AVAST Software
2013-02-28 08:33 . 2013-02-28 08:33 512 ----a-w- C:\PhysicalMBR.bin
2013-02-27 22:02 . 2013-03-22 14:11 53966 ----a-w- c:\windows\system32\epfwdata.bin
2013-02-26 11:45 . 2013-02-26 11:45 -------- d-----w- c:\programdata\[Manufacturer]
2013-02-26 11:44 . 2013-02-26 11:44 -------- d-----w- c:\users\wazzir\AppData\Roaming\4GF.CZ
2013-02-26 10:22 . 2013-03-25 18:13 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 20:52 . 2012-10-01 10:45 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-03-23 12:41 . 2012-08-31 11:40 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-23 12:41 . 2012-09-12 16:25 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-23 12:41 . 2012-08-31 11:39 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-20 18:09 . 2012-08-31 11:39 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-13 18:30 . 2013-02-10 14:49 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 15:21 . 2012-06-23 12:32 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 15:21 . 2012-06-23 12:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-23 21:49 . 2013-02-23 21:49 44544 ----a-w- c:\windows\system32\Gif89.dll
2013-02-13 00:26 . 2013-02-13 00:26 42880 ----a-w- c:\windows\system32\xfcodec.dll
2013-02-12 04:48 . 2013-03-14 13:09 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 13:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2012-06-23 11:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-11 16:11 . 2012-10-29 14:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-01-11 16:10 . 2012-06-23 11:19 22328 ----a-w- c:\users\wazzir\AppData\Roaming\PnkBstrK.sys
2013-01-11 16:09 . 2012-09-22 15:28 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2013-01-10 08:25 . 2013-01-10 08:25 46056 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2013-01-05 05:00 . 2013-02-13 17:28 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 17:27 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 17:27 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 17:28 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 17:27 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 17:27 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-29 20:59 . 2012-12-29 20:59 24184 ----a-w- c:\windows\system32\speedfan.sys
2013-03-08 13:58 . 2013-03-08 13:57 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\wazzir\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-02-25 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2012-12-02 2846168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-08-21 5995152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
c:\users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\wazzir\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iReboot 1.1.1.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^wazzir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^debug.log]
backup=c:\windows\pss\debug.log.Startup
backupExtension=.Startup
path=c:\users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\debug.log
.
[HKLM\~\startupfolder\C:^Users^wazzir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-10-13 18:15 171288 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
2010-01-18 13:03 572416 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 12:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2012-08-24 00:29 56128 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-10-13 18:15 138008 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-12-10 13:55 323584 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-10-13 18:15 172824 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2010-02-25 13:19 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
2009-11-09 01:14 605944 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-14 02:36 2299176 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
.
R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 aswVmm;aswVmm; [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [x]
R4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R4 IAStorDataMgrSvc;Úložná technologie Intel® Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-23 17:48 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-08 18:30]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-23 17:47]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-23 17:47]
.
2013-03-22 c:\windows\Tasks\HPCeeScheduleForwazzir.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-23 16:44; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-03-08 20:00; firefox@mega.co.nz; c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\firefox@mega.co.nz.xpi
FF - ExtSQL: 2013-03-23 18:46; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-03-25 07:26; bartap@philikon.de; c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\bartap@philikon.de.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{5802D092-1784-4908-8CDB-99B6842D353D}"=hex:51,66,7a,6c,4c,1d,38,12,fc,d3,11,
5c,b6,59,66,0c,f3,cd,da,f6,81,73,71,29
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4d,f7,d4,96,b5,e2,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-03-27 23:43:44
ComboFix-quarantined-files.txt 2013-03-27 22:43
.
Před spuštěním: Volných bajtů: 14 943 768 576
Po spuštění: Volných bajtů: 14 966 415 360
.
- - End Of File - - 4A74DF1C617685275B12F9609F3D78DC

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\system32\temp.004
c:\windows\system32\temp.001
c:\windows\system32\temp.003
c:\windows\system32\temp.002
c:\windows\system32\temp.000
c:\users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\users\wazzir\AppData\Local\Facebook\Update

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Firefox::
FF - ProfilePath - c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-23 16:44; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-03-08 20:00; firefox@mega.co.nz; c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\firefox@mega.co.nz.xpi
FF - ExtSQL: 2013-03-25 07:26; bartap@philikon.de; c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\bartap@philikon.de.xpi

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Žádná změna.. CF udělal co měl, vyrestartoval notebook, najel a už mi to hodilo hlášku "Systém Windows musí být restartován, protože služba Spouštěč procesů serveru DCOM byla neočekávaně ukončena".. Tak jsem vypl restart a chtěl jsem zapnout mozillu - neůspěšně.. Vyhodilo mi to hlášku "Pokus použít neplatnou operaci na klíč registru, který je označen pro odstranění. Chcete tuto položku odebrat?", když jsem to zkusil znovu, tak mi tam naskočilo zase "Vzdálené volání procedury se nezdařilo se nebylo provedeno" a takhle se to střídalo, a nebylo to jen u mozilly, vyskakovalo mi to u všech programů, které jsem chtěl spustit. Tak jsem notebook vyrestartoval, opět hláška se službou, nejde mi zvu, místo stavu baterie mi to píše "Server RPC není k dispozici" ...
Tu je ten log

ComboFix 13-03-27.01 - wazzir 28.03.2013 18:22:58.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2975.1944 [GMT 1:00]
Spuštěný z: c:\users\wazzir\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\wazzir\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk"
"c:\windows\system32\temp.000"
"c:\windows\system32\temp.001"
"c:\windows\system32\temp.002"
"c:\windows\system32\temp.003"
"c:\windows\system32\temp.004"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\wazzir\AppData\Local\Facebook\Update
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\wazzir\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\wazzir\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-28 do 2013-03-28 )))))))))))))))))))))))))))))))
.
.
2013-03-28 17:36 . 2013-03-28 17:39 -------- d-----w- c:\users\wazzir\AppData\Local\temp
2013-03-28 17:36 . 2013-03-28 17:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-28 17:36 . 2013-03-28 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-28 10:55 . 2013-03-28 10:55 164880 ---ha-w- c:\users\wazzir\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2013-03-27 15:49 . 2013-03-19 04:50 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80C2905E-923B-4374-B610-D34AAF08A238}\mpengine.dll
2013-03-25 17:08 . 2013-03-25 17:17 -------- d-----w- c:\windows\system32\catroot2
2013-03-25 16:49 . 2013-03-26 20:52 1536 ----a-w- c:\windows\system32\wbem\WMIObjectsMigration.bin
2013-03-25 16:45 . 2013-03-25 16:45 -------- d-----w- C:\RegBackup
2013-03-25 16:35 . 2013-03-25 16:41 -------- d-----w- c:\program files\Tweaking.com
2013-03-25 16:34 . 2013-03-25 16:34 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-03-25 15:03 . 1996-10-31 11:47 22288 ----a-w- c:\windows\system32\temp.004
2013-03-25 15:03 . 2013-03-25 15:03 -------- d-----w- c:\windows\system32\BACKUP
2013-03-25 15:03 . 1997-07-19 14:55 1347344 ----a-w- c:\windows\system32\MSVBVM50.DLL
2013-03-25 15:03 . 1997-07-07 10:33 109056 ----a-w- c:\windows\system32\UNINSTAL.EXE
2013-03-25 15:03 . 1997-05-19 07:08 492304 ----a-w- c:\windows\system32\temp.001
2013-03-25 15:03 . 1997-05-19 07:08 16896 ----a-w- c:\windows\system32\temp.003
2013-03-25 15:03 . 1997-05-19 07:08 114960 ----a-w- c:\windows\system32\temp.002
2013-03-25 15:03 . 1997-05-19 07:08 118544 ----a-w- c:\windows\system32\temp.000
2013-03-25 15:03 . 1996-01-12 02:00 935632 ----a-w- c:\windows\system32\Vb40016.dll
2013-03-25 15:03 . 1996-01-12 02:00 722192 ----a-w- c:\windows\system32\Vb40032.dll
2013-03-25 15:02 . 1996-01-12 02:00 935632 ----a-w- c:\windows\system\Vb40016.dll
2013-03-24 15:55 . 2013-03-24 15:55 -------- d-----w- c:\users\wazzir\AppData\Roaming\Unity
2013-03-24 14:22 . 2013-03-24 14:22 -------- d-----w- c:\users\wazzir\AppData\Local\Unity
2013-03-24 12:13 . 2013-03-06 23:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-03-24 12:13 . 2013-03-06 23:33 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-03-24 12:13 . 2013-03-06 23:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-24 12:13 . 2013-03-06 23:11 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-03-23 20:50 . 2013-03-23 20:53 -------- d-----w- c:\programdata\SystemExplorer
2013-03-23 20:50 . 2013-03-23 20:50 -------- d-----w- c:\program files\System Explorer
2013-03-23 20:24 . 2013-03-23 20:24 -------- d-----w- c:\users\wazzir\AppData\Local\GHISLER
2013-03-23 20:24 . 1998-07-30 12:51 305152 ----a-w- c:\windows\IsUninst.exe
2013-03-23 17:47 . 2013-03-23 17:51 -------- d-----w- c:\users\wazzir\AppData\Local\Google
2013-03-23 17:47 . 2013-03-23 17:48 -------- d-----w- c:\program files\Google
2013-03-23 17:47 . 2013-03-06 23:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-23 17:47 . 2013-03-06 23:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-23 17:47 . 2013-03-06 23:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-23 17:47 . 2013-03-06 23:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-23 17:47 . 2013-03-06 23:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-23 17:46 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-23 17:46 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-23 17:46 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-23 17:46 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-23 17:46 . 2013-03-23 17:46 -------- d-----w- c:\program files\AVAST Software
2013-03-23 17:43 . 2013-03-23 17:43 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-03-23 17:43 . 2013-03-23 17:43 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-03-23 17:43 . 2013-03-23 17:43 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-03-23 17:43 . 2013-03-23 17:43 572928 ----a-w- c:\windows\system32\msvcp90.dll
2013-03-23 17:43 . 2013-03-23 17:43 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-03-23 17:43 . 2013-03-23 17:43 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-03-23 17:43 . 2013-03-23 17:43 -------- d-----w- c:\program files\Common Files\MicroWorld
2013-03-23 17:43 . 2013-03-23 17:43 -------- d-----w- c:\programdata\MicroWorld
2013-03-23 17:32 . 2013-03-23 17:39 -------- d-----w- c:\users\wazzir\AppData\Roaming\Download Manager
2013-03-23 13:46 . 2013-03-23 13:46 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2013-03-23 13:35 . 2013-03-23 13:35 -------- d-----w- c:\program files\Microsoft Virtual PC
2013-03-21 16:40 . 2013-01-22 22:12 468056 ----a-w- C:\procdump.exe
2013-03-21 16:34 . 2013-03-04 13:13 2820744 ----a-w- C:\SysInspector.exe
2013-03-21 16:34 . 2013-03-21 16:34 -------- d-----w- c:\program files\Belarc
2013-03-19 12:12 . 2012-11-05 22:56 72781824 ----a-w- C:\ess_nt32_csy.msi
2013-03-16 18:07 . 2013-03-16 18:07 -------- d-----w- c:\programdata\SoftSafe
2013-03-16 18:06 . 2013-03-16 18:07 -------- d-----w- c:\programdata\InstallMate
2013-03-15 02:03 . 2013-03-15 02:03 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-13 05:15 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 05:15 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-08 05:48 . 2013-03-13 18:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-06 15:21 . 2013-03-06 15:21 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 15:21 . 2013-03-06 15:21 -------- d-----w- c:\program files\Java
2013-03-04 13:11 . 2013-03-20 05:23 -------- d-----w- C:\ESET
2013-03-01 20:21 . 2013-03-06 23:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-01 20:09 . 2013-03-23 17:46 -------- d-----w- c:\programdata\AVAST Software
2013-02-28 08:33 . 2013-02-28 08:33 512 ----a-w- C:\PhysicalMBR.bin
2013-02-27 22:02 . 2013-03-22 14:11 53966 ----a-w- c:\windows\system32\epfwdata.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-28 08:33 . 2012-10-01 10:45 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-03-23 12:41 . 2012-08-31 11:40 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-23 12:41 . 2012-09-12 16:25 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-23 12:41 . 2012-08-31 11:39 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-20 18:09 . 2012-08-31 11:39 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-13 18:30 . 2013-02-10 14:49 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 15:21 . 2012-06-23 12:32 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 15:21 . 2012-06-23 12:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-23 21:49 . 2013-02-23 21:49 44544 ----a-w- c:\windows\system32\Gif89.dll
2013-02-13 00:26 . 2013-02-13 00:26 42880 ----a-w- c:\windows\system32\xfcodec.dll
2013-02-12 04:48 . 2013-03-14 13:09 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 13:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2012-06-23 11:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-11 16:11 . 2012-10-29 14:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-01-11 16:10 . 2012-06-23 11:19 22328 ----a-w- c:\users\wazzir\AppData\Roaming\PnkBstrK.sys
2013-01-11 16:09 . 2012-09-22 15:28 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2013-01-10 08:25 . 2013-01-10 08:25 46056 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2013-01-05 05:00 . 2013-02-13 17:28 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 17:27 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 17:27 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 17:28 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 17:27 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 17:27 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-29 20:59 . 2012-12-29 20:59 24184 ----a-w- c:\windows\system32\speedfan.sys
2013-03-08 13:58 . 2013-03-08 13:57 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2012-12-02 2846168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-08-21 5995152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
c:\users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\wazzir\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iReboot 1.1.1.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^wazzir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^debug.log]
backup=c:\windows\pss\debug.log.Startup
backupExtension=.Startup
path=c:\users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\debug.log
.
[HKLM\~\startupfolder\C:^Users^wazzir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-10-13 18:15 171288 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
2010-01-18 13:03 572416 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 12:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2012-08-24 00:29 56128 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-10-13 18:15 138008 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-12-10 13:55 323584 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-10-13 18:15 172824 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2010-02-25 13:19 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
2009-11-09 01:14 605944 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-14 02:36 2299176 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 aswVmm;aswVmm; [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [x]
R4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R4 IAStorDataMgrSvc;Úložná technologie Intel® Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-23 17:48 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-08 18:30]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-23 17:47]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-23 17:47]
.
2013-03-22 c:\windows\Tasks\HPCeeScheduleForwazzir.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
FF - ExtSQL: 2013-02-23 16:44; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-03-08 20:00; firefox@mega.co.nz; c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\firefox@mega.co.nz.xpi
FF - ExtSQL: 2013-03-23 18:46; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-03-25 07:26; bartap@philikon.de; c:\users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\bartap@philikon.de.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2013-03-28 18:46:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-28 17:46
ComboFix2.txt 2013-03-27 22:46
.
Před spuštěním: Volných bajtů: 15 784 939 520
Po spuštění: Volných bajtů: 16 004 640 768
.
- - End Of File - - 930AE212931457F639DE8163D1E25B75

Zkuste ještě jeden restart, zda se systém chytí. Začínám to vidět na chybu systému. Nebo hardwaru. Stáhněte, nainstalujte a spusťte CrystalDiskInfo: http://www.stahuj.centrum.cz/utility_a_ ... ldiskinfo/ a přes Úpravy>kopírovat sem dejte log.

Spustil jsem znovu Win Repair a nechal opravit služby.. systém najel a i celkem rychle a bez chyb Za chvilku hodím log

// Tady to je
----------------------------------------------------------------------------
CrystalDiskInfo 5.4.1 Shizuku Edition (C) 2008-2013 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Ultimate Edition SP1 [6.1 Build 7601] (x86)
Date : 2013/03/28 21:27:11

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH9M-E/M SATA AHCI Controller [ATA]
- ATA TOSHIBA MK3256GS SCSI Disk Device
- hp CDDVDW TS-L633N SCSI CdRom Device
+ AYSVH845 IDE Controller [SCSI]
- ZKPMZM P23GX6R SCSI CdRom Device
- ZKPMZM P23GX6R SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) TOSHIBA MK3256GSY : 320,0 GB [0/X/X, pd1]

----------------------------------------------------------------------------
(1) TOSHIBA MK3256GSY
----------------------------------------------------------------------------
Model : TOSHIBA MK3256GSY
Firmware : LH013C
Serial Number : 5026F1J1S
Disk Size : 320,0 GB (8,4/137,4/320,0)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 5793 hod.
Power On Count : 2037 krát
Temparature : 38 C (100 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _50 000000000000 Počet chyb čtení
02 100 100 _50 000000000000 Průchodnost disku
03 100 100 __2 000000000680 Čas na roztočení ploten
04 100 100 __0 00000000081C Počet spuštění/zastavení
05 100 100 _10 000000000000 Počet přemapovaných sektorů
07 100 100 _50 000000000000 Počet chybných hledání
08 100 100 _50 000000000000 Čas potřebný na vyhledání
09 _86 _86 __0 0000000016A1 Hodin v činnosti
0A 141 100 _30 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 0000000007F5 Počet cyklů zapnutí zařízení
B7 100 100 __1 000000000000 Neznámý
B8 100 100 _97 000000000000 Ukončovacích chyb
B9 100 100 __1 00000000FFFF Neznámý
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000000 Časový limit příkazu
BD 100 100 __1 000000000000 Vysoká rychlost zápisu
BE _62 _42 _45 000027240026 Teplota toku vzduchu
BF 100 100 __0 0000000004E8 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 0000003E003E Počet vypnutí disku
C1 _95 _95 __0 00000000C90A Počet cyklů načítání/vymazání
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2035 3032 3646 314A 3153
020: 0000 8000 0004 4C48 3031 3343 2020 544F 5348 4942
030: 4120 4D4B 3332 3536 4753 5920 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0007 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0D06 0000 004C 0048
080: 01F8 0000 706B 7C09 6123 7069 BC09 6123 203F 0026
090: 0026 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: EAB0 2542 0000 0000 0000 0000 4000 0000 5000 0392
110: 86A0 01FA 0000 0000 0000 0000 0000 0000 0000 4014
120: 4014 0000 0000 0000 0000 0000 0000 0000 0021 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0033 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0080 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 80A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0F 00 64 64 00 00 00 00 00 00 00 02 07
010: 00 64 64 00 00 00 00 00 00 00 03 03 00 64 64 80
020: 06 00 00 00 00 00 04 32 00 64 64 1C 08 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 00 00 00 07 0F
040: 00 64 64 00 00 00 00 00 00 00 08 05 00 64 64 00
050: 00 00 00 00 00 00 09 32 00 56 56 A1 16 00 00 00
060: 00 00 0A 13 00 8D 64 00 00 00 00 00 00 00 0C 32
070: 00 64 64 F5 07 00 00 00 00 00 B7 22 00 64 64 00
080: 00 00 00 00 00 00 B8 33 00 64 64 00 00 00 00 00
090: 00 00 B9 32 00 64 64 FF FF 00 00 00 00 00 BB 32
0A0: 00 64 64 00 00 00 00 00 00 00 BC 32 00 64 64 00
0B0: 00 00 00 00 00 00 BD 3A 00 64 64 00 00 00 00 00
0C0: 00 00 BE 22 00 3E 2A 26 00 24 27 00 00 00 BF 32
0D0: 00 64 64 E8 04 00 00 00 00 00 C0 32 00 64 64 3E
0E0: 00 3E 00 00 00 00 C1 32 00 5F 5F 0A C9 00 00 00
0F0: 00 00 C4 32 00 64 64 00 00 00 00 00 00 00 C5 12
100: 00 64 64 00 00 00 00 00 00 00 C7 3E 00 C8 C8 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 16 78 00 00 51
170: 03 00 01 00 02 4B 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 32 00 00 00 00 00 00 00 00 00 00 02 32
010: 00 00 00 00 00 00 00 00 00 00 03 02 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 32
040: 00 00 00 00 00 00 00 00 00 00 08 32 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 1E 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 B7 01 00 00 00 00
080: 00 00 00 00 00 00 B8 61 00 00 00 00 00 00 00 00
090: 00 00 B9 01 00 00 00 00 00 00 00 00 00 00 BB 00
0A0: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
0B0: 00 00 00 00 00 00 BD 01 00 00 00 00 00 00 00 00
0C0: 00 00 BE 2D 00 00 00 00 00 00 00 00 00 00 BF 00
0D0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0E0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0F0: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
100: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 86

OK. Disk je v pořádku. Takže byl poškozen pouze systém. Log bych rád viděl.

Log z čeho? Z toho Windows Repair? Já myslel z toho CrystalDisc. To na tu opravu snad jen nahodí služby ze zálohy, dá jim původní nastavení a znovu je zaregistruje. Jestli ho najdu, tak to sem dám

// V logu je jen tohle:

Starting Repairs...
Start (28.3.2013 19:32:24)

Restore Important Windows Services
Start (28.3.2013 19:32:24)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28.3.2013 19:32:35)

Set Windows Services To Default Startup
Start (28.3.2013 19:32:35)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28.3.2013 19:32:50)

Cleaning up empty logs...

All Selected Repairs Done.
Done (28.3.2013 19:32:50)
Total Repair Time: 00:00:26


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account


Pak jsou tam soubory s informacemi o opravách.
Restore Important Windows Services:

This will restore the services that are location under the files folder and regfiles.

Some of these services are

bfe
bits
iphlpsvc
mpssvc
sharedaccess
spooler
swprv
vds
vss
wbengine
windefend
wscsvc
wuauserv

More services will be added to this repair in the future.

a

Set Windows Services To Default Startup:

This will set the Windows services to their default startup state. Special thanks to http://www.bl******er.com/ for having all the default information handy.

This will set the services startup by the "sc config" command and not by the registry.

To edit or view, all services and their startup are in the services_startup.txt in the files folder.

Log z CrystalDisk Info.

Aha, no ten jsem sem už dával. Tady je tedy znovu

----------------------------------------------------------------------------
CrystalDiskInfo 5.4.1 (C) 2008-2013 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Ultimate Edition SP1 [6.1 Build 7601] (x86)
Date : 2013/03/29 19:46:19

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH9M-E/M SATA AHCI Controller [ATA]
- ATA TOSHIBA MK3256GS SCSI Disk Device
- hp CDDVDW TS-L633N SCSI CdRom Device
+ ADQZGG45 IDE Controller [SCSI]
- ZKPMZM P23GX6R SCSI CdRom Device
- ZKPMZM P23GX6R SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) TOSHIBA MK3256GSY : 320,0 GB [0/X/X, pd1]

----------------------------------------------------------------------------
(1) TOSHIBA MK3256GSY
----------------------------------------------------------------------------
Model : TOSHIBA MK3256GSY
Firmware : LH013C
Serial Number : 5026F1J1S
Disk Size : 320,0 GB (8,4/137,4/320,0)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 5807 hod.
Power On Count : 2038 krát
Temparature : 39 C (102 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _50 000000000000 Počet chyb čtení
02 100 100 _50 000000000000 Průchodnost disku
03 100 100 __2 000000000870 Čas na roztočení ploten
04 100 100 __0 00000000081D Počet spuštění/zastavení
05 100 100 _10 000000000000 Počet přemapovaných sektorů
07 100 100 _50 000000000000 Počet chybných hledání
08 100 100 _50 000000000000 Čas potřebný na vyhledání
09 _86 _86 __0 0000000016AF Hodin v činnosti
0A 141 100 _30 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 0000000007F6 Počet cyklů zapnutí zařízení
B7 100 100 __1 000000000000 Neznámý
B8 100 100 _97 000000000000 Ukončovacích chyb
B9 100 100 __1 00000000FFFF Neznámý
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000000 Časový limit příkazu
BD 100 100 __1 000000000000 Vysoká rychlost zápisu
BE _61 _42 _45 000028100027 Teplota toku vzduchu
BF 100 100 __0 0000000004E9 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 0000003E003E Počet vypnutí disku
C1 _95 _95 __0 00000000C90E Počet cyklů načítání/vymazání
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2035 3032 3646 314A 3153
020: 0000 8000 0004 4C48 3031 3343 2020 544F 5348 4942
030: 4120 4D4B 3332 3536 4753 5920 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0007 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0D06 0000 004C 0048
080: 01F8 0000 706B 7C09 6123 7069 BC09 6123 203F 0026
090: 0026 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: EAB0 2542 0000 0000 0000 0000 4000 0000 5000 0392
110: 86A0 01FA 0000 0000 0000 0000 0000 0000 0000 4014
120: 4014 0000 0000 0000 0000 0000 0000 0000 0021 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0033 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0080 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 80A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0F 00 64 64 00 00 00 00 00 00 00 02 07
010: 00 64 64 00 00 00 00 00 00 00 03 03 00 64 64 70
020: 08 00 00 00 00 00 04 32 00 64 64 1D 08 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 00 00 00 07 0F
040: 00 64 64 00 00 00 00 00 00 00 08 05 00 64 64 00
050: 00 00 00 00 00 00 09 32 00 56 56 AF 16 00 00 00
060: 00 00 0A 13 00 8D 64 00 00 00 00 00 00 00 0C 32
070: 00 64 64 F6 07 00 00 00 00 00 B7 22 00 64 64 00
080: 00 00 00 00 00 00 B8 33 00 64 64 00 00 00 00 00
090: 00 00 B9 32 00 64 64 FF FF 00 00 00 00 00 BB 32
0A0: 00 64 64 00 00 00 00 00 00 00 BC 32 00 64 64 00
0B0: 00 00 00 00 00 00 BD 3A 00 64 64 00 00 00 00 00
0C0: 00 00 BE 22 00 3D 2A 27 00 10 28 00 00 00 BF 32
0D0: 00 64 64 E9 04 00 00 00 00 00 C0 32 00 64 64 3E
0E0: 00 3E 00 00 00 00 C1 32 00 5F 5F 0E C9 00 00 00
0F0: 00 00 C4 32 00 64 64 00 00 00 00 00 00 00 C5 12
100: 00 64 64 00 00 00 00 00 00 00 C7 3E 00 C8 C8 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 16 78 00 00 51
170: 03 00 01 00 02 4B 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 32 00 00 00 00 00 00 00 00 00 00 02 32
010: 00 00 00 00 00 00 00 00 00 00 03 02 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 32
040: 00 00 00 00 00 00 00 00 00 00 08 32 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 1E 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 B7 01 00 00 00 00
080: 00 00 00 00 00 00 B8 61 00 00 00 00 00 00 00 00
090: 00 00 B9 01 00 00 00 00 00 00 00 00 00 00 BB 00
0A0: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
0B0: 00 00 00 00 00 00 BD 01 00 00 00 00 00 00 00 00
0C0: 00 00 BE 2D 00 00 00 00 00 00 00 00 00 00 BF 00
0D0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0E0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0F0: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
100: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 86

Disk je OK.

To už jste psal, ale potřeboval bych nějak opravit ty chyby :/ Jenže nevím jak

Abyvchom měli jistotu, udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

Status: Deleted (events: 3)
30.3.2013 0:07:08 Deleted malware HackTool.Win32.BruteForce.it C:\Program Files\GamePark\GameparkUpdate.exe Medium
30.3.2013 1:23:43 Deleted malware HackTool.Win32.BruteForce.it D:\Data\programy\GameParkSetup11024.exe Medium
30.3.2013 1:23:43 Deleted malware HackTool.Win32.BruteForce.it D:\Data\programy\GameParkSetup11024.exe//data0001 Medium