VIRY.CZ

Zdravím,
dostal jsem do ruky notebook od známého, že mu nejdou otevírat složky -když jsem otevřel jakoukoli složku, systém spadl ...
Najel jsem do nouzového režimu, tam jsem přes flashku nakopíroval RSIT a Combofix, protože mi bylo jasné, že tam nějaký bordel je, a oba postupně spustil. Combofix cosi našel a opravil, pak složky už šly normálně otevřít.
Ale pořád tu zůstal neduh v podobě stahování souborů - ať stáhnu cokoli, píše mi Chrome Při vyhledávání virů došlo k chybě - Explorer také najde chybu, jiné prohlížeče tu nejsou ...
Log z MBAM:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org

Verze: v2013.08.16.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Roman :: ROMAN-NOTE [administrátor]

Ochrana: Povolena

17.8.2013 21:13:09
mbam-log-2013-08-17 (21-13-09).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 417338
Uplynulý čas: 2 hodin, 51 minut, 27 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Antivir tam byl Avast, dal jsem tam Aviru, tím jsem notebook projel, něco našel, ale to také nepomohlo (to bylo ještě před MBAM..)
Díky za pomoc.

Zdravím!
Proč spouštíte ComobFix, utilitu určenou pouze profesionálům bez předchozího pokynu rádce? Hodláte si nabořit systém?
Dejte log ComboFix. Najdete ho v c:\combofix.txt .

Tak z předchozích zkušeností mi Combofix 5 z 5 případů pomohl a systém se nezhroutil, tak jsem nějak ani neváhal o šestém pokusu

ComboFix 13-08-15.02 - Roman 15.08.2013 21:07:07.1.1 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1014.590 [GMT 2:00]
Spuštěný z: D:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\FunWebProducts
C:\Program Files\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\9519~1\A535~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\@
C:\Program Files\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\9519~1\A535~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\GoogleUpdate.exe
C:\Program Files\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\9519~1\A535~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\00000001.@
C:\Users\Roman\AppData\Local\Google\Desktop\Install
C:\Users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\@
C:\Users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\GoogleUpdate.exe
C:\Users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\00000001.@
C:\Users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\80000000.@
C:\Users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\800000cb.@
C:\Windows\pkunzip.pif
C:\Windows\pkzip.pif

Nakažená kopie C:\Windows\system32\Version.dll byla nalezena a vyléčena.
Obnovena kopie z - C:\ComboFix\HarddiskVolumeShadowCopy5_!Windows!System32!version.dll


((((((((((((((((((((((((( Soubory vytvořené od 2013-07-15 do 2013-08-15 )))))))))))))))))))))))))))))))


2013-08-15 19:15:46 . 2013-08-15 19:19:14 -------- d-----w- C:\Users\Roman\AppData\Local\temp
2013-08-15 19:15:46 . 2013-08-15 19:15:46 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-08-02 11:12:13 . 2013-07-02 06:54:40 7143960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{887CC84A-E6BA-4FA0-8A6A-34EF0D3FBE2D}\mpengine.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-06-26 12:15:01 . 2012-10-15 09:15:46 37664 ----a-w- C:\Windows\system32\drivers\avgtpx86.sys
2013-06-12 12:07:41 . 2012-07-24 09:53:29 692104 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-06-12 12:07:41 . 2011-06-10 07:54:21 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 23:43:37 . 2013-07-11 07:52:10 1767936 ----a-w- C:\Windows\system32\wininet.dll
2013-06-11 23:43:00 . 2013-07-11 07:52:16 2877440 ----a-w- C:\Windows\system32\jscript9.dll
2013-06-11 23:42:58 . 2013-07-11 07:52:16 61440 ----a-w- C:\Windows\system32\iesetup.dll
2013-06-11 23:42:58 . 2013-07-11 07:52:14 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2013-06-11 22:51:45 . 2013-07-11 07:52:14 71680 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-07 02:37:52 . 2013-07-11 07:52:18 2706432 ----a-w- C:\Windows\system32\mshtml.tlb
2013-06-05 03:05:09 . 2013-07-10 20:53:15 2347520 ----a-w- C:\Windows\system32\win32k.sys
2013-06-04 04:53:07 . 2013-07-10 20:53:13 509440 ----a-w- C:\Windows\system32\qedit.dll


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))


*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-06-26 12:15:01 3055280 ----a-w- C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01:17 122512 ----a-w- C:\Program Files\Alwil Software\Avast5\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 14:06:06 222496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 12:02:04 254696]
"vProt"="C:\Program Files\AVG Secure Search\vprot.exe" [2013-06-26 12:15:01 2236080]
"IndexSearch"="C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 22:37:26 46368]
"PaperPort PTD"="C:\Program Files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 22:42:02 29984]
"PPort12reminder"="C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 11:42:26 328992]
"PDFHook"="C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 18:11:30 636192]
"PDF5 Registry Controller"="C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 17:11:04 62752]
"ControlCenter4"="C:\Program Files\ControlCenter4\BrCcBoot.exe" [2011-04-20 15:53:38 139264]
"BrStsMon00"="C:\Program Files\Browny02\Brother\BrStMonW.exe" [2010-06-10 11:42:44 2621440]

CF je profesionální utilita a nkdo další nemá přístup ke kompletnímu know-how autora. Nemáme rádi jeho svévolné spouštění, neboť to v mnoha případech pak komplikuje řešení problému. Práve z tohoto důvodu podle slov autora nebude nikdy zveřejněn kompletní manuál k této utilitě.

Log není kompletní.

Dobře,
pro příště to budu prvně konzultovat, nicméně jsem s tím problém pak nikdy neměl, ale od toho tento thread není

Log jsem zkopíroval ten, co jsem našel v C:Combofix - jsou tam pak ještě 3 txt soubory, ale to nemá s logem nejspíš nic společného (osid, pent, resident).

Mám udělat test znovu anebo .. ?

Log není, bohužel kompletní. Udělejte nový sken v nouz. režimu. Z logu je ale patrné, že jste měl nákazu ZeroAccess. Tento šmejd je poměrně úporný a dokáže i nakopat systém.

ComboFix 13-08-15.02 - Roman 18.08.2013 12:02:54.2.1 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1014.619 [GMT 2:00]
Spuštěný z: D:\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\9519~1\A535~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\@
c:\program files\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\9519~1\A535~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\GoogleUpdate.exe
c:\program files\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\9519~1\A535~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\00000001.@
c:\users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\@
c:\users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\GoogleUpdate.exe
c:\users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\00000001.@
c:\users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\80000000.@
c:\users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\800000cb.@
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\Version.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!System32!version.dll
.
--------
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-18 do 2013-08-18 )))))))))))))))))))))))))))))))
.
.
2013-08-18 10:11 . 2013-08-18 10:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-18 01:15 . 2013-08-18 01:14 67168 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\users\Roman\AppData\Roaming\Malwarebytes
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\programdata\Malwarebytes
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-16 14:51 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\users\Roman\AppData\Local\Programs
2013-08-16 07:12 . 2013-07-26 02:49 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-16 07:12 . 2013-07-26 03:12 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-08-16 07:12 . 2013-07-26 03:13 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-08-16 07:12 . 2013-07-26 03:12 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-08-15 20:15 . 2013-08-15 20:15 -------- d-----w- c:\users\Roman\AppData\Roaming\Avira
2013-08-15 20:07 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 20:06 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 20:06 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 20:06 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 20:06 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 20:06 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 20:05 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 20:05 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 20:05 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 20:05 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 20:05 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 20:04 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 19:58 . 2013-08-15 19:54 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-15 19:58 . 2013-08-15 19:54 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-15 19:58 . 2013-08-15 19:54 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-15 19:57 . 2013-08-15 19:59 -------- d-----w- c:\programdata\Avira
2013-08-15 19:57 . 2013-08-15 19:57 -------- d-----w- c:\program files\Avira
2013-08-15 19:15 . 2013-08-18 10:11 -------- d-----w- c:\users\Roman\AppData\Local\temp
2013-08-02 11:12 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{887CC84A-E6BA-4FA0-8A6A-34EF0D3FBE2D}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 12:07 . 2012-07-24 09:53 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 12:07 . 2011-06-10 07:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-05 03:05 . 2013-07-10 20:53 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-10 20:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-05-22 10:32 . 2013-05-22 10:32 25299 ----a-w- c:\windows\system32\BRLM03A.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVTray"="" [BU]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-08-15 345144]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
.
c:\users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Reminder-cor40212.lnk - c:\program files\Corel\Graphics9\Register\Remind32.exe [2011-12-29 67584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Free WebSite Tools.lnk
backup=c:\windows\pss\Free WebSite Tools.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Reminder-cor40212.lnk]
path=c:\users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-10 07:57 37960 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 18:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 11:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 18:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 18:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 354304 ----a-w- c:\windows\System32\StikyNot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-07-29 10:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-05-05 09:01 1466368 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-08-15 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-08-15 84024]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2008-06-13 81920]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 EC168BDA;TVGo DVB-T02PRO;c:\windows\system32\DRIVERS\EC168BDA.sys [x]
R3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [2004-12-12 17636]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2008-06-13 2723840]
R3 LFXACT;Companion Suite Pro LL F@X activities;c:\windows\system32\Drivers\LFXACT.sys [2007-01-08 20672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2009-10-08 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2009-10-08 63872]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1343400]
R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\Drivers\XMLDIUSB.sys [2007-01-08 31879]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-08-15 589368]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-05-07 218624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 10:53 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 12:07]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 18:23]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 18:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 188.95.56.2 188.95.56.3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-DetectTray - c:\program files\Genius\TVGo DVB-T02PRO\DetectTray.exe
MSConfigStartUp-IndexSearch - c:\program files\ScanSoft\PaperPort\IndexSearch.exe
MSConfigStartUp-MFPrintServer_Pro_LL - c:\program files\Companion Suite Pro LL\MFPrintServer.exe
MSConfigStartUp-MFServices_Pro_LL - c:\program files\Companion Suite Pro LL\MFServices.exe
MSConfigStartUp-PaperPort PTD - c:\program files\ScanSoft\PaperPort\pptd40nt.exe
MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1688)
c:\program files\Microsoft Office\Office10\msohev.dll
.
Celkový čas: 2013-08-18 12:14:47
ComboFix-quarantined-files.txt 2013-08-18 10:14
.
Před spuštěním: Volných bajtů: 29 255 049 216
Po spuštění: Volných bajtů: 29 050 277 888
.
- - End Of File - - 0CCE8CDB3270B54087D493113BAE51F2
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 13-08-15.02 - Roman 18.08.2013 12:02:54.2.1 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1014.619 [GMT 2:00]
Spuštěný z: D:\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\9519~1\A535~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\@
c:\program files\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\9519~1\A535~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\GoogleUpdate.exe
c:\program files\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\9519~1\A535~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\00000001.@
c:\users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\@
c:\users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\GoogleUpdate.exe
c:\users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\00000001.@
c:\users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\80000000.@
c:\users\Roman\AppData\Local\Google\Desktop\Install\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\2E2F~1\28F0~1\E628~1\{05593f06-0b99-e9b4-31c0-d8f7208e1cb1}\U\800000cb.@
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\Version.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!System32!version.dll
.
--------
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-18 do 2013-08-18 )))))))))))))))))))))))))))))))
.
.
2013-08-18 10:11 . 2013-08-18 10:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-18 01:15 . 2013-08-18 01:14 67168 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\users\Roman\AppData\Roaming\Malwarebytes
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\programdata\Malwarebytes
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-16 14:51 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\users\Roman\AppData\Local\Programs
2013-08-16 07:12 . 2013-07-26 02:49 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-16 07:12 . 2013-07-26 03:12 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-08-16 07:12 . 2013-07-26 03:13 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-08-16 07:12 . 2013-07-26 03:12 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-08-15 20:15 . 2013-08-15 20:15 -------- d-----w- c:\users\Roman\AppData\Roaming\Avira
2013-08-15 20:07 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 20:06 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 20:06 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 20:06 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 20:06 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 20:06 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 20:05 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 20:05 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 20:05 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 20:05 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 20:05 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 20:04 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 19:58 . 2013-08-15 19:54 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-15 19:58 . 2013-08-15 19:54 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-15 19:58 . 2013-08-15 19:54 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-15 19:57 . 2013-08-15 19:59 -------- d-----w- c:\programdata\Avira
2013-08-15 19:57 . 2013-08-15 19:57 -------- d-----w- c:\program files\Avira
2013-08-15 19:15 . 2013-08-18 10:11 -------- d-----w- c:\users\Roman\AppData\Local\temp
2013-08-02 11:12 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{887CC84A-E6BA-4FA0-8A6A-34EF0D3FBE2D}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 12:07 . 2012-07-24 09:53 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 12:07 . 2011-06-10 07:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-05 03:05 . 2013-07-10 20:53 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-10 20:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-05-22 10:32 . 2013-05-22 10:32 25299 ----a-w- c:\windows\system32\BRLM03A.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVTray"="" [BU]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-08-15 345144]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
.
c:\users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Reminder-cor40212.lnk - c:\program files\Corel\Graphics9\Register\Remind32.exe [2011-12-29 67584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Free WebSite Tools.lnk
backup=c:\windows\pss\Free WebSite Tools.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Reminder-cor40212.lnk]
path=c:\users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-10 07:57 37960 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 18:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 11:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 18:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 18:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 354304 ----a-w- c:\windows\System32\StikyNot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-07-29 10:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-05-05 09:01 1466368 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-08-15 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-08-15 84024]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2008-06-13 81920]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 EC168BDA;TVGo DVB-T02PRO;c:\windows\system32\DRIVERS\EC168BDA.sys [x]
R3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [2004-12-12 17636]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2008-06-13 2723840]
R3 LFXACT;Companion Suite Pro LL F@X activities;c:\windows\system32\Drivers\LFXACT.sys [2007-01-08 20672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2009-10-08 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2009-10-08 63872]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1343400]
R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\Drivers\XMLDIUSB.sys [2007-01-08 31879]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-08-15 589368]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-05-07 218624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 10:53 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 12:07]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 18:23]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 18:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 188.95.56.2 188.95.56.3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-DetectTray - c:\program files\Genius\TVGo DVB-T02PRO\DetectTray.exe
MSConfigStartUp-IndexSearch - c:\program files\ScanSoft\PaperPort\IndexSearch.exe
MSConfigStartUp-MFPrintServer_Pro_LL - c:\program files\Companion Suite Pro LL\MFPrintServer.exe
MSConfigStartUp-MFServices_Pro_LL - c:\program files\Companion Suite Pro LL\MFServices.exe
MSConfigStartUp-PaperPort PTD - c:\program files\ScanSoft\PaperPort\pptd40nt.exe
MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1688)
c:\program files\Microsoft Office\Office10\msohev.dll
.
Celkový čas: 2013-08-18 12:14:47
ComboFix-quarantined-files.txt 2013-08-18 10:14
.
Před spuštěním: Volných bajtů: 29 255 049 216
Po spuštění: Volných bajtů: 29 050 277 888
.
- - End Of File - - 0CCE8CDB3270B54087D493113BAE51F2
A36C5E4F47E84449FF07ED3517B43A31

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Tak soubory už jdou stáhnout v pořádku, děkuji mnohokrát!!

Pro jistotu ještě přiložím log z CF, který mi to hodilo, ale mělo by to být ok ..

ComboFix 13-08-15.02 - Roman 18.08.2013 12:56:02.3.1 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1014.251 [GMT 2:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Roman\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
Nakažená kopie c:\windows\system32\user32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\combofix\HarddiskVolumeShadowCopy7_!Windows!System32!user32.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-18 do 2013-08-18 )))))))))))))))))))))))))))))))
.
.
2013-08-18 11:05 . 2013-08-18 11:08 -------- d-----w- c:\users\Roman\AppData\Local\temp
2013-08-18 11:05 . 2013-08-18 11:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-18 01:15 . 2013-08-18 01:14 67168 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\users\Roman\AppData\Roaming\Malwarebytes
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\programdata\Malwarebytes
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-16 14:51 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-16 14:51 . 2013-08-16 14:51 -------- d-----w- c:\users\Roman\AppData\Local\Programs
2013-08-16 07:12 . 2013-07-26 02:49 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-16 07:12 . 2013-07-26 03:12 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-08-16 07:12 . 2013-07-26 03:13 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-08-16 07:12 . 2013-07-26 03:12 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-08-15 20:15 . 2013-08-15 20:15 -------- d-----w- c:\users\Roman\AppData\Roaming\Avira
2013-08-15 20:07 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 20:06 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 20:06 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 20:06 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 20:06 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 20:06 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 20:05 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 20:05 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 20:05 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 20:05 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 20:05 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 20:04 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 19:58 . 2013-08-15 19:54 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-15 19:58 . 2013-08-15 19:54 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-15 19:58 . 2013-08-15 19:54 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-15 19:57 . 2013-08-15 19:59 -------- d-----w- c:\programdata\Avira
2013-08-15 19:57 . 2013-08-15 19:57 -------- d-----w- c:\program files\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-18 11:04 . 2013-08-02 12:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{887CC84A-E6BA-4FA0-8A6A-34EF0D3FBE2D}\offreg.dll
2013-07-02 06:54 . 2013-08-02 11:12 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{887CC84A-E6BA-4FA0-8A6A-34EF0D3FBE2D}\mpengine.dll
2013-06-12 12:07 . 2012-07-24 09:53 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 12:07 . 2011-06-10 07:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-05 03:05 . 2013-07-10 20:53 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-10 20:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-05-22 10:32 . 2013-05-22 10:32 25299 ----a-w- c:\windows\system32\BRLM03A.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVTray"="" [BU]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-08-15 345144]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
.
c:\users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Reminder-cor40212.lnk - c:\program files\Corel\Graphics9\Register\Remind32.exe [2011-12-29 67584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Free WebSite Tools.lnk
backup=c:\windows\pss\Free WebSite Tools.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Reminder-cor40212.lnk]
path=c:\users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-10 07:57 37960 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 18:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 11:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 18:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 18:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 354304 ----a-w- c:\windows\System32\StikyNot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-07-29 10:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-05-05 09:01 1466368 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
R3 EC168BDA;TVGo DVB-T02PRO;c:\windows\system32\DRIVERS\EC168BDA.sys [x]
R3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [2004-12-12 17636]
R3 LFXACT;Companion Suite Pro LL F@X activities;c:\windows\system32\Drivers\LFXACT.sys [2007-01-08 20672]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2009-10-08 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2009-10-08 63872]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1343400]
R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\Drivers\XMLDIUSB.sys [2007-01-08 31879]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-08-15 589368]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-08-15 37352]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-08-15 84024]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2008-06-13 81920]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2008-06-13 2723840]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-05-07 218624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 10:53 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 12:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 188.95.56.2 188.95.56.3
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\conhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Celkový čas: 2013-08-18 13:20:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-18 11:20
ComboFix2.txt 2013-08-18 10:14
.
Před spuštěním: Volných bajtů: 29 145 485 312
Po spuštění: Volných bajtů: 28 917 972 992
.
- - End Of File - - DB545096C061CAD741A9A60CCA7265D1
A36C5E4F47E84449FF07ED3517B43A31

Ano, již je log OK. Nemáte zač!