Log 2:
OTL Extras logfile created on: 17.3.2013 8:04:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helča & Honza\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,61 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 48,03% Memory free
5,21 Gb Paging File | 3,57 Gb Available in Paging File | 68,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 56,21 Gb Free Space | 57,62% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 159,95 Gb Free Space | 81,89% Space Free | Partition Type: NTFS
Drive E: | 172,79 Gb Total Space | 136,27 Gb Free Space | 78,86% Space Free | Partition Type: NTFS
Drive F: | 677,10 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: NOVEJNOTAS | User Name: Helča & Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-2031247276-2872380062-851812115-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004AE6ED-6885-4AED-BDF3-EBD9D7095CE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{06E25CF7-C24D-41C3-8401-CDED10C9299B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15CCF5BF-54B2-435C-AFC7-400F6A89F90B}" = lport=138 | protocol=17 | dir=in | app=system |
"{1E22DD56-2542-4F35-822A-812BC897E7A9}" = lport=445 | protocol=6 | dir=in | app=system |
"{3EE7364C-8D0D-4C23-859F-BA5F19FFCADB}" = rport=137 | protocol=17 | dir=out | app=system |
"{41D18AA0-9D43-43AF-A241-25D5E813A348}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{432AEFF0-8E28-485B-8DAE-188228189D61}" = lport=137 | protocol=17 | dir=in | app=system |
"{4BBB2729-6287-4B9C-B0E6-B3BAA383EDD2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5EE80560-771A-4F1F-9304-FEA012DEB2B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6414A0FD-FEAB-4E4C-9339-19A9BDD67A44}" = lport=139 | protocol=6 | dir=in | app=system |
"{651E6534-50F9-4184-AE53-4CA9C6B263C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65E2941A-8A78-4DAD-9B6C-50AE4F10D797}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9143A068-38AC-49FA-B75F-4496AD856A7F}" = rport=139 | protocol=6 | dir=out | app=system |
"{A3333AA1-D998-4907-BFB3-FF016FE72358}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5DDE915-6328-45A7-9D71-6BB3F9CDDFAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B743381E-687C-4EBB-A730-ED66D7916BDD}" = rport=138 | protocol=17 | dir=out | app=system |
"{C0E91647-905D-412D-AA77-31CA4A9B008A}" = rport=445 | protocol=6 | dir=out | app=system |
"{CC1AE725-E834-495C-BA2B-A94B198E2B08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7ED5F48-6CDF-46AC-938E-ADD8E1822E6A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F5BEE6CD-6381-41C3-AD0F-FC1B5B41A7BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7593F6F-4B98-4D60-9E6A-83FDBF59A5E1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A982CC2-CE0C-4C1B-BA82-8C5C91B786D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1422E09F-274A-4FE3-A76D-34C9B59801C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14E96A51-5DE3-4DC9-92B9-5B815F9A67C7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2D7068A0-E2C3-459D-8B70-866D65209BFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EEB6898-8214-4CDB-874B-51FF250FE568}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{462C95E8-958F-4AF9-B63F-806B4F45CAAB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{471DBC1A-7E6E-4266-82A9-4723C3932F11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E14A863-92B1-4AAA-9F61-971ABBDA2643}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{52DFAFD3-E30C-4ACA-9C82-04A0DE74D171}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F4946BD-777F-4D81-BFC6-D2422D663E41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{955A05A0-ABE6-4B77-879D-735C11E9A045}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98643247-74FB-4833-83DA-0B3B36238B36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9DF6CFBC-DD1A-4D96-A784-A56A2F3A4A76}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{A35485FB-8C36-4204-9E7D-4B76C79306C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BDB6AA47-5F30-4AF7-BBC8-F92C07470787}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C35C2B21-9C5B-4A37-A783-742DEEDF2F18}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{D9F4AAC2-E1AA-46A0-89B3-7F5006ACA897}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBDCD724-EB21-4299-98E0-819056063B44}" = protocol=6 | dir=out | app=system |
"{F3E1834B-AD5D-4DA1-B66B-0DF8AFB11E01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{26904EED-45D9-43EB-856B-8CAA8AC8AC8B}C:\program files\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files\xbmc\xbmc.exe |
"TCP Query User{B8F8B6C0-20DD-466C-BB91-A14695F91E1A}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{57833267-0AFC-43C9-8060-A166635F0B77}C:\program files\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files\xbmc\xbmc.exe |
"UDP Query User{68ED1B4E-B169-4497-8AF7-D6A83DE5EE55}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19E3AF7F-D6A6-49D0-821F-07A001B5E712}" = TOPO Czech 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{51C0A9A7-EAF4-48D6-B4CB-F3C23620AAEA}_is1" = Lumber Jack version 1.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736428B7-39FA-414D-80DB-3C03AB6D6233}" = GPMapa TOPO 2009 box
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{797808CA-1563-4EA0-A280-1371AC2F2310}" = OLYMPUS Viewer 2
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C20F904-9288-4A7A-A0C4-1458AA2B295E}" = TOPO Czech PRO 2011
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91C0B95B-B83A-4828-A775-BBE2DD421029}" = Nero 7 Ultra Edition
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9577B943-AEDD-462A-AF22-5F55BB3BFB1D}" = Bad Piggies
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB398DDB-0E7B-400B-A940-7E61FB91A531}" = Alcor Micro USB Card Reader
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C8734F86-3A91-4C0E-81F2-EAB5C1595057}" = Staň se světošlápkem
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AmUStor" = Alcor Micro USB Card Reader
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Balíček ovladače systému Windows - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"GeoGet_is1" = GeoGet 2.7.5.707
"HaaliMkx" = Haali Media Splitter
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"Kubik SMS DreamCom_is1" = Kubik SMS DreamCom 5.89
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Mozilla Firefox 19.0.2 (x86 cs)" = Mozilla Firefox 19.0.2 (x86 cs)
"Mozilla Thunderbird 17.0 (x86 cs)" = Mozilla Thunderbird 17.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetSoftware" = NetSoftware
"Nokia Suite" = Nokia Suite
"Opera 12.14.1738" = Opera 12.14
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Traktor 2_is1" = Traktor 2
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.11 (32-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2031247276-2872380062-851812115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2602833b666a9e0a" = Simt - 1
"5aa11655d7ba586e" = Simt
"XBMC" = XBMC
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.2.2013 4:30:07 | Computer Name = novejnotas | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Users\Helča & Honza\AppData\Local\Temp\Deployment\A1YY6KB3.WDY\PO9JDB9T.VYR\61V2VP8Q.7TE\OT62DDJY.EQP.manifest
se nezdařilo. Závislé sestavení Microsoft.Xna.Framework.Graphics,processorArchitecture="x86",publicKeyToken="842CF8BE1DE50553",version="4.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 24.2.2013 4:30:07 | Computer Name = novejnotas | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Users\Helča & Honza\AppData\Local\Temp\Deployment\A1YY6KB3.WDY\PO9JDB9T.VYR\A73N07XO.T5O\BCQGW4KT.TQ3.manifest
se nezdařilo. Závislé sestavení Microsoft.Xna.Framework,processorArchitecture="x86",publicKeyToken="842CF8BE1DE50553",version="4.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 24.2.2013 4:30:07 | Computer Name = novejnotas | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Users\Helča & Honza\AppData\Local\Temp\Deployment\A1YY6KB3.WDY\PO9JDB9T.VYR\W2E5JLOB.R0X\7LDOC6L8.JB9.manifest
se nezdařilo. Závislé sestavení Microsoft.Xna.Framework.Game,processorArchitecture="x86",publicKeyToken="842CF8BE1DE50553",version="4.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 24.2.2013 4:30:07 | Computer Name = novejnotas | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Users\Helča & Honza\AppData\Local\Temp\Deployment\A1YY6KB3.WDY\PO9JDB9T.VYR\V7VW4LYO.94H\3XDPGETC.5KK.manifest
se nezdařilo. Závislé sestavení Microsoft.Xna.Framework.Xact,processorArchitecture="x86",publicKeyToken="842CF8BE1DE50553",version="4.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 24.2.2013 7:10:02 | Computer Name = novejnotas | Source = Application Error | ID = 1000
Description = Název chybující aplikace: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Název chybujícího modulu: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Kód výjimky: 0xc0000005 Posun chyby: 0x001ba467 ID chybujícího procesu:
0x1f94 Čas spuštění chybující aplikace: 0x01ce127a00f4a946 Cesta k chybující aplikaci:
E:\Hry\NFSU\speed2.exe Cesta k chybujícímu modulu: E:\Hry\NFSU\speed2.exe ID zprávy:
bbbdf30c-7e72-11e2-8253-e89a8fc5d07b
Error - 26.2.2013 12:10:44 | Computer Name = novejnotas | Source = Application Error | ID = 1000
Description = Název chybující aplikace: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Název chybujícího modulu: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Kód výjimky: 0xc0000005 Posun chyby: 0x001ba467 ID chybujícího procesu:
0xc3c Čas spuštění chybující aplikace: 0x01ce14370871608f Cesta k chybující aplikaci:
E:\Hry\NFSU\speed2.exe Cesta k chybujícímu modulu: E:\Hry\NFSU\speed2.exe ID zprávy:
1283eb8d-802f-11e2-8253-e89a8fc5d07b
Error - 27.2.2013 11:42:43 | Computer Name = novejnotas | Source = Application Error | ID = 1000
Description = Název chybující aplikace: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Název chybujícího modulu: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Kód výjimky: 0xc0000005 Posun chyby: 0x001ba467 ID chybujícího procesu:
0x9d4 Čas spuštění chybující aplikace: 0x01ce14fd30222f39 Cesta k chybující aplikaci:
E:\Hry\NFSU\speed2.exe Cesta k chybujícímu modulu: E:\Hry\NFSU\speed2.exe ID zprávy:
52f8beeb-80f4-11e2-8253-e89a8fc5d07b
Error - 28.2.2013 11:23:19 | Computer Name = novejnotas | Source = Application Error | ID = 1000
Description = Název chybující aplikace: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Název chybujícího modulu: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Kód výjimky: 0xc0000005 Posun chyby: 0x001ba467 ID chybujícího procesu:
0x1be4 Čas spuštění chybující aplikace: 0x01ce15c49f9a742b Cesta k chybující aplikaci:
E:\Hry\NFSU\speed2.exe Cesta k chybujícímu modulu: E:\Hry\NFSU\speed2.exe ID zprávy:
c79a7243-81ba-11e2-8253-e89a8fc5d07b
Error - 28.2.2013 11:25:36 | Computer Name = novejnotas | Source = Application Error | ID = 1000
Description = Název chybující aplikace: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Název chybujícího modulu: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Kód výjimky: 0xc0000005 Posun chyby: 0x00338fcd ID chybujícího procesu:
0x2ab8 Čas spuštění chybující aplikace: 0x01ce15c78f3cde40 Cesta k chybující aplikaci:
E:\Hry\NFSU\speed2.exe Cesta k chybujícímu modulu: E:\Hry\NFSU\speed2.exe ID zprávy:
195211c3-81bb-11e2-8253-e89a8fc5d07b
Error - 13.3.2013 13:26:56 | Computer Name = novejnotas | Source = Application Error | ID = 1000
Description = Název chybující aplikace: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Název chybujícího modulu: speed2.exe, verze: 0.0.0.0, časové razítko:
0x417d8e48 Kód výjimky: 0xc0000005 Posun chyby: 0x001ba467 ID chybujícího procesu:
0x1f20 Čas spuštění chybující aplikace: 0x01ce20009ab57831 Cesta k chybující aplikaci:
E:\Hry\NFSU\speed2.exe Cesta k chybujícímu modulu: E:\Hry\NFSU\speed2.exe ID zprávy:
33fd298c-8c03-11e2-a327-e89a8fc5d07b
[ System Events ]
Error - 14.10.2012 10:15:21 | Computer Name = novejnotas | Source = iaStor | ID = 262153
Description = Zařízení \Device\Ide\iaStor0 neodpovídá v periodě časového limitu.
Error - 16.10.2012 10:25:59 | Computer Name = novejnotas | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Netman bylo dosaženo časového
limitu (30000 ms).
Error - 18.10.2012 4:58:57 | Computer Name = novejnotas | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).
Error - 19.10.2012 2:29:51 | Computer Name = novejnotas | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x80070643): Definition Update for Windows Defender - KB915597
(Definition 1.139.124.0).
Error - 19.10.2012 4:30:16 | Computer Name = novejnotas | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).
Error - 20.10.2012 23:44:23 | Computer Name = novejnotas | Source = DCOM | ID = 10010
Description =
Error - 21.10.2012 1:34:00 | Computer Name = novejnotas | Source = DCOM | ID = 10010
Description =
Error - 21.10.2012 1:34:33 | Computer Name = novejnotas | Source = DCOM | ID = 10010
Description =
Error - 21.10.2012 1:38:08 | Computer Name = novejnotas | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (7:36:38, ?21.?10.?2012) bylo neočekávané.
Error - 27.10.2012 3:01:31 | Computer Name = novejnotas | Source = DCOM | ID = 10010
Description =
< End of report >
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Centrum zabezpečení nelze spustit
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Centrum zabezpečení nelze spustit
nevím jak se dostanu během dne k počítači...
Re: Centrum zabezpečení nelze spustit
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL jako spravceDo spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
:services
AdobeARMservice
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem
gusvc
NBService
NMIndexingService
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\KMSEmulator.exe
:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2031247276-2872380062-851812115-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2031247276-2872380062-851812115-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O4 - HKU\S-1-5-21-2031247276-2872380062-851812115-1000..\Run: [] File not found
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB (Reg Error: Key error.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\3aabb5b41372db579bd4dcfb96cbcf64\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3aabb5b41372db579bd4dcfb96cbcf64\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\*.tmp files -> C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\baa7a2b2031ecf51847caab66c423bd7\*.tmp files -> C:\Windows\SoftwareDistribution\Download\baa7a2b2031ecf51847caab66c423bd7\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\bbbea1bb6991920a67a2b51742f369df\*.tmp files -> C:\Windows\SoftwareDistribution\Download\bbbea1bb6991920a67a2b51742f369df\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\c678b9cadd2c6fb1a9ce29ffb593b8c1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c678b9cadd2c6fb1a9ce29ffb593b8c1\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\*.tmp -> ]
[1 C:\Windows\Temp\avast_ash\Mozilla Thunderbird\*.tmp files -> C:\Windows\Temp\avast_ash\Mozilla Thunderbird\*.tmp -> ]
[2012.02.28 20:09:42 | 000,000,135 | ---- | M] () -- \Windows\AutoKMS.ini
[2013.03.16 17:54:40 | 000,000,562 | ---- | M] () -- \Windows\AutoKMS.log
[2012.02.28 20:09:43 | 000,002,456 | ---- | M] () -- \Windows\System32\Tasks\AutoKMS
[2013.03.17 07:39:04 | 000,000,216 | ---- | M] () -- \Windows\Tasks\AutoKMS.job
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"TkBellExe"=-
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
""=-
"NokiaSuite.exe"=-
Po restartu se objevi novy log, ten sem dejte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Centrum zabezpečení nelze spustit
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Helča & Honza
->Temp folder emptied: 10425521 bytes
->Temporary Internet Files folder emptied: 7567000 bytes
->Java cache emptied: 780918 bytes
->FireFox cache emptied: 227305461 bytes
->Opera cache emptied: 66528444 bytes
->Flash cache emptied: 2009 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25955923 bytes
RecycleBin emptied: 459163875 bytes
Total Files Cleaned = 761,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Helča & Honza
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\AutoKMS.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File\Folder C:\Windows\KMSEmulator.exe not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2031247276-2872380062-851812115-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2031247276-2872380062-851812115-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_USERS\S-1-5-21-2031247276-2872380062-851812115-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportovat do aplikace Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Od&eslat do aplikace OneNote\ deleted successfully.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP311.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP45B6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6048.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBC9A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE4EA.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE629.tmp folder deleted successfully.
C:\Windows\Installer\MSI4DF8.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\3aabb5b41372db579bd4dcfb96cbcf64\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\3aabb5b41372db579bd4dcfb96cbcf64\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\3aabb5b41372db579bd4dcfb96cbcf64\BITC11B.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\BITC93F.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\baa7a2b2031ecf51847caab66c423bd7\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\baa7a2b2031ecf51847caab66c423bd7\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\baa7a2b2031ecf51847caab66c423bd7\BIT7103.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\bbbea1bb6991920a67a2b51742f369df\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\bbbea1bb6991920a67a2b51742f369df\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\c678b9cadd2c6fb1a9ce29ffb593b8c1\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\c678b9cadd2c6fb1a9ce29ffb593b8c1\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\BIT6E37.tmp deleted successfully.
File move failed. \Windows\AutoKMS.ini scheduled to be moved on reboot.
File move failed. \Windows\AutoKMS.log scheduled to be moved on reboot.
File move failed. \Windows\System32\Tasks\AutoKMS scheduled to be moved on reboot.
File \Windows\Tasks\AutoKMS.job not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaSuite.exe deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 03172013_170916
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!
C:\Windows\temp\dsiwmis.log moved successfully.
C:\Windows\temp\LMutilps.log moved successfully.
File move failed. \Windows\AutoKMS.ini scheduled to be moved on reboot.
File move failed. \Windows\AutoKMS.log scheduled to be moved on reboot.
File move failed. \Windows\System32\Tasks\AutoKMS scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Helča & Honza
->Temp folder emptied: 10425521 bytes
->Temporary Internet Files folder emptied: 7567000 bytes
->Java cache emptied: 780918 bytes
->FireFox cache emptied: 227305461 bytes
->Opera cache emptied: 66528444 bytes
->Flash cache emptied: 2009 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25955923 bytes
RecycleBin emptied: 459163875 bytes
Total Files Cleaned = 761,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Helča & Honza
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\AutoKMS.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File\Folder C:\Windows\KMSEmulator.exe not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2031247276-2872380062-851812115-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2031247276-2872380062-851812115-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_USERS\S-1-5-21-2031247276-2872380062-851812115-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportovat do aplikace Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Od&eslat do aplikace OneNote\ deleted successfully.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP311.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP45B6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6048.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBC9A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE4EA.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE629.tmp folder deleted successfully.
C:\Windows\Installer\MSI4DF8.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\3aabb5b41372db579bd4dcfb96cbcf64\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\3aabb5b41372db579bd4dcfb96cbcf64\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\3aabb5b41372db579bd4dcfb96cbcf64\BITC11B.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\BITC93F.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\baa7a2b2031ecf51847caab66c423bd7\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\baa7a2b2031ecf51847caab66c423bd7\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\baa7a2b2031ecf51847caab66c423bd7\BIT7103.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\bbbea1bb6991920a67a2b51742f369df\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\bbbea1bb6991920a67a2b51742f369df\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\c678b9cadd2c6fb1a9ce29ffb593b8c1\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\c678b9cadd2c6fb1a9ce29ffb593b8c1\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\BIT6E37.tmp deleted successfully.
File move failed. \Windows\AutoKMS.ini scheduled to be moved on reboot.
File move failed. \Windows\AutoKMS.log scheduled to be moved on reboot.
File move failed. \Windows\System32\Tasks\AutoKMS scheduled to be moved on reboot.
File \Windows\Tasks\AutoKMS.job not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaSuite.exe deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 03172013_170916
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!
C:\Windows\temp\dsiwmis.log moved successfully.
C:\Windows\temp\LMutilps.log moved successfully.
File move failed. \Windows\AutoKMS.ini scheduled to be moved on reboot.
File move failed. \Windows\AutoKMS.log scheduled to be moved on reboot.
File move failed. \Windows\System32\Tasks\AutoKMS scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Re: Centrum zabezpečení nelze spustit
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Centrum zabezpečení nelze spustit
ComboFix 13-03-17.01 - Helča & Honza 17.03.2013 20:18:30.1.2 - x86
Spuštěný z: c:\users\HelŔa & Honza\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\5572387.pad
c:\windows\iun6002.exe
.
Nakažená kopie c:\windows\system32\Version.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-17 do 2013-03-17 )))))))))))))))))))))))))))))))
.
.
2013-03-17 19:26 . 2013-03-17 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-17 19:25 . 2013-03-17 19:25 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FBE5C0-F395-49A7-90B4-756EE8604DCE}\offreg.dll
2013-03-17 16:09 . 2013-03-17 16:09 -------- d-----w- C:\_OTL
2013-03-16 21:14 . 2013-03-17 07:07 512 ----a-w- C:\PhysicalMBR.bin
2013-03-16 18:42 . 2013-03-16 18:42 -------- d-----w- c:\users\Helča & Honza\AppData\Roaming\Malwarebytes
2013-03-16 18:42 . 2013-03-16 18:42 -------- d-----w- c:\programdata\Malwarebytes
2013-03-16 18:41 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-16 18:41 . 2013-03-16 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-16 18:41 . 2013-03-16 18:41 -------- d-----w- c:\users\Helča & Honza\AppData\Local\Programs
2013-03-16 16:59 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-16 16:52 . 2013-03-16 16:52 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-16 16:52 . 2013-03-16 16:52 -------- d-----w- c:\program files\Java
2013-03-16 16:36 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-16 16:36 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-15 13:21 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FBE5C0-F395-49A7-90B4-756EE8604DCE}\mpengine.dll
2013-03-13 20:29 . 2013-03-16 17:01 -------- d-----w- c:\program files\trend micro
2013-03-13 20:29 . 2013-03-13 20:30 -------- d-----w- C:\rsit
2013-03-10 08:03 . 2013-03-10 08:04 -------- d-----w- c:\program files\Garmin
2013-03-03 13:38 . 1994-12-05 23:00 12800 ----a-w- c:\windows\system\WING32.DLL
2013-02-24 08:33 . 2013-03-17 06:41 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-02-21 21:34 . 2013-03-03 07:39 -------- d-----w- c:\users\Helča & Honza\AppData\Roaming\XBMC
2013-02-21 21:33 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-02-21 21:33 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-02-21 21:32 . 2013-02-21 21:32 -------- d-----w- c:\program files\XBMC
2013-02-16 07:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 16:52 . 2012-10-19 16:23 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-16 16:52 . 2012-10-19 16:23 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 17:44 . 2012-04-29 09:07 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:44 . 2012-02-15 19:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 08:07 . 2012-07-01 06:35 45056 ----a-w- c:\users\HELA
2013-03-06 23:33 . 2012-02-15 17:06 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-02-15 17:06 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-02-15 17:06 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-02-25 05:06 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-02-15 17:06 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2012-02-15 17:06 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-02-15 16:58 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-02-15 16:58 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-17 00:28 . 2012-02-15 16:40 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-13 15:35 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 15:35 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 15:35 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 15:35 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 15:35 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 15:35 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-08 16:00 . 2013-03-08 16:00 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Samsung Drive Manager"="c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe" [2012-08-17 5796440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 176920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 178456]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2011-01-26 264792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2012-12-04 189952]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2011-11-29 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Drive Manager Real-Time.lnk - c:\program files\Clarus\Samsung Drive Manager\ABRTMon.exe [2013-1-22 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 aswVmm;aswVmm; [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Helča & Honza\AppData\Roaming\Mozilla\Firefox\Profiles\zhrs6mc7.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Launch Manager\LMworker.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\System32\rundll32.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Clarus\Samsung Drive Manager\SZDrvMon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DAEMON Tools Lite\DTShellHlp.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2013-03-17 20:32:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-17 19:32
.
Před spuštěním: Volných bajtů: 60 116 795 392
Po spuštění: Volných bajtů: 59 777 126 400
.
- - End Of File - - 9A6FD373F8A74A0BCA677ADE9096524A
Spuštěný z: c:\users\HelŔa & Honza\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\5572387.pad
c:\windows\iun6002.exe
.
Nakažená kopie c:\windows\system32\Version.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-17 do 2013-03-17 )))))))))))))))))))))))))))))))
.
.
2013-03-17 19:26 . 2013-03-17 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-17 19:25 . 2013-03-17 19:25 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FBE5C0-F395-49A7-90B4-756EE8604DCE}\offreg.dll
2013-03-17 16:09 . 2013-03-17 16:09 -------- d-----w- C:\_OTL
2013-03-16 21:14 . 2013-03-17 07:07 512 ----a-w- C:\PhysicalMBR.bin
2013-03-16 18:42 . 2013-03-16 18:42 -------- d-----w- c:\users\Helča & Honza\AppData\Roaming\Malwarebytes
2013-03-16 18:42 . 2013-03-16 18:42 -------- d-----w- c:\programdata\Malwarebytes
2013-03-16 18:41 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-16 18:41 . 2013-03-16 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-16 18:41 . 2013-03-16 18:41 -------- d-----w- c:\users\Helča & Honza\AppData\Local\Programs
2013-03-16 16:59 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-16 16:52 . 2013-03-16 16:52 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-16 16:52 . 2013-03-16 16:52 -------- d-----w- c:\program files\Java
2013-03-16 16:36 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-16 16:36 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-15 13:21 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FBE5C0-F395-49A7-90B4-756EE8604DCE}\mpengine.dll
2013-03-13 20:29 . 2013-03-16 17:01 -------- d-----w- c:\program files\trend micro
2013-03-13 20:29 . 2013-03-13 20:30 -------- d-----w- C:\rsit
2013-03-10 08:03 . 2013-03-10 08:04 -------- d-----w- c:\program files\Garmin
2013-03-03 13:38 . 1994-12-05 23:00 12800 ----a-w- c:\windows\system\WING32.DLL
2013-02-24 08:33 . 2013-03-17 06:41 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-02-21 21:34 . 2013-03-03 07:39 -------- d-----w- c:\users\Helča & Honza\AppData\Roaming\XBMC
2013-02-21 21:33 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-02-21 21:33 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-02-21 21:32 . 2013-02-21 21:32 -------- d-----w- c:\program files\XBMC
2013-02-16 07:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 16:52 . 2012-10-19 16:23 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-16 16:52 . 2012-10-19 16:23 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 17:44 . 2012-04-29 09:07 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:44 . 2012-02-15 19:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 08:07 . 2012-07-01 06:35 45056 ----a-w- c:\users\HELA
2013-03-06 23:33 . 2012-02-15 17:06 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-02-15 17:06 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-02-15 17:06 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-02-25 05:06 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-02-15 17:06 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2012-02-15 17:06 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-02-15 16:58 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-02-15 16:58 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-17 00:28 . 2012-02-15 16:40 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-13 15:35 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 15:35 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 15:35 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 15:35 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 15:35 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 15:35 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-08 16:00 . 2013-03-08 16:00 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Samsung Drive Manager"="c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe" [2012-08-17 5796440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 176920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 178456]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2011-01-26 264792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2012-12-04 189952]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2011-11-29 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Drive Manager Real-Time.lnk - c:\program files\Clarus\Samsung Drive Manager\ABRTMon.exe [2013-1-22 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 aswVmm;aswVmm; [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Helča & Honza\AppData\Roaming\Mozilla\Firefox\Profiles\zhrs6mc7.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Launch Manager\LMworker.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\System32\rundll32.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Clarus\Samsung Drive Manager\SZDrvMon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DAEMON Tools Lite\DTShellHlp.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2013-03-17 20:32:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-17 19:32
.
Před spuštěním: Volných bajtů: 60 116 795 392
Po spuštění: Volných bajtů: 59 777 126 400
.
- - End Of File - - 9A6FD373F8A74A0BCA677ADE9096524A
Re: Centrum zabezpečení nelze spustit
Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
KillAll::
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Centrum zabezpečení nelze spustit
ComboFix 13-03-17.01 - Helča & Honza 18.03.2013 18:49:28.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2670.1652 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-18 do 2013-03-18 )))))))))))))))))))))))))))))))
.
.
2013-03-18 17:59 . 2013-03-18 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-17 19:25 . 2013-03-18 13:24 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FBE5C0-F395-49A7-90B4-756EE8604DCE}\offreg.dll
2013-03-17 16:09 . 2013-03-17 16:09 -------- d-----w- C:\_OTL
2013-03-16 21:14 . 2013-03-17 07:07 512 ----a-w- C:\PhysicalMBR.bin
2013-03-16 18:42 . 2013-03-16 18:42 -------- d-----w- c:\users\Helča & Honza\AppData\Roaming\Malwarebytes
2013-03-16 18:42 . 2013-03-16 18:42 -------- d-----w- c:\programdata\Malwarebytes
2013-03-16 18:41 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-16 18:41 . 2013-03-16 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-16 18:41 . 2013-03-16 18:41 -------- d-----w- c:\users\Helča & Honza\AppData\Local\Programs
2013-03-16 16:59 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-16 16:52 . 2013-03-16 16:52 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-16 16:52 . 2013-03-16 16:52 -------- d-----w- c:\program files\Java
2013-03-16 16:36 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-16 16:36 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-15 13:21 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FBE5C0-F395-49A7-90B4-756EE8604DCE}\mpengine.dll
2013-03-13 20:29 . 2013-03-16 17:01 -------- d-----w- c:\program files\trend micro
2013-03-13 20:29 . 2013-03-13 20:30 -------- d-----w- C:\rsit
2013-03-10 08:03 . 2013-03-10 08:04 -------- d-----w- c:\program files\Garmin
2013-03-03 13:38 . 1994-12-05 23:00 12800 ----a-w- c:\windows\system\WING32.DLL
2013-02-24 08:33 . 2013-03-17 06:41 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-02-21 21:34 . 2013-03-03 07:39 -------- d-----w- c:\users\Helča & Honza\AppData\Roaming\XBMC
2013-02-21 21:33 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-02-21 21:33 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-02-21 21:32 . 2013-02-21 21:32 -------- d-----w- c:\program files\XBMC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 16:52 . 2012-10-19 16:23 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-16 16:52 . 2012-10-19 16:23 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 17:44 . 2012-04-29 09:07 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:44 . 2012-02-15 19:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 08:07 . 2012-07-01 06:35 45056 ----a-w- c:\users\HELA
2013-03-06 23:33 . 2012-02-15 17:06 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-02-15 17:06 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-02-15 17:06 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-02-25 05:06 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-02-15 17:06 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2012-02-15 17:06 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-02-15 16:58 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-02-15 16:58 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-17 00:28 . 2012-02-15 16:40 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-13 15:35 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 15:35 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 15:35 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 15:35 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 15:35 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 15:35 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-08 16:00 . 2013-03-08 16:00 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Samsung Drive Manager"="c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe" [2012-08-17 5796440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 176920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 178456]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2011-01-26 264792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2012-12-04 189952]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2011-11-29 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Drive Manager Real-Time.lnk - c:\program files\Clarus\Samsung Drive Manager\ABRTMon.exe [2013-1-22 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 aswVmm;aswVmm; [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [x]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Helča & Honza\AppData\Roaming\Mozilla\Firefox\Profiles\zhrs6mc7.default\
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Launch Manager\LMworker.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DAEMON Tools Lite\DTShellHlp.exe
c:\program files\Clarus\Samsung Drive Manager\SZDrvMon.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2013-03-18 19:05:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-18 18:05
ComboFix2.txt 2013-03-17 19:32
.
Před spuštěním: Volných bajtů: 59 563 294 720
Po spuštění: Volných bajtů: 59 855 052 800
.
- - End Of File - - 90238CEB26DE6D137EF8466B7E740439
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2670.1652 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-18 do 2013-03-18 )))))))))))))))))))))))))))))))
.
.
2013-03-18 17:59 . 2013-03-18 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-17 19:25 . 2013-03-18 13:24 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FBE5C0-F395-49A7-90B4-756EE8604DCE}\offreg.dll
2013-03-17 16:09 . 2013-03-17 16:09 -------- d-----w- C:\_OTL
2013-03-16 21:14 . 2013-03-17 07:07 512 ----a-w- C:\PhysicalMBR.bin
2013-03-16 18:42 . 2013-03-16 18:42 -------- d-----w- c:\users\Helča & Honza\AppData\Roaming\Malwarebytes
2013-03-16 18:42 . 2013-03-16 18:42 -------- d-----w- c:\programdata\Malwarebytes
2013-03-16 18:41 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-16 18:41 . 2013-03-16 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-16 18:41 . 2013-03-16 18:41 -------- d-----w- c:\users\Helča & Honza\AppData\Local\Programs
2013-03-16 16:59 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-16 16:52 . 2013-03-16 16:52 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-16 16:52 . 2013-03-16 16:52 -------- d-----w- c:\program files\Java
2013-03-16 16:36 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-16 16:36 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-15 13:21 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FBE5C0-F395-49A7-90B4-756EE8604DCE}\mpengine.dll
2013-03-13 20:29 . 2013-03-16 17:01 -------- d-----w- c:\program files\trend micro
2013-03-13 20:29 . 2013-03-13 20:30 -------- d-----w- C:\rsit
2013-03-10 08:03 . 2013-03-10 08:04 -------- d-----w- c:\program files\Garmin
2013-03-03 13:38 . 1994-12-05 23:00 12800 ----a-w- c:\windows\system\WING32.DLL
2013-02-24 08:33 . 2013-03-17 06:41 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-02-21 21:34 . 2013-03-03 07:39 -------- d-----w- c:\users\Helča & Honza\AppData\Roaming\XBMC
2013-02-21 21:33 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-02-21 21:33 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-02-21 21:32 . 2013-02-21 21:32 -------- d-----w- c:\program files\XBMC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 16:52 . 2012-10-19 16:23 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-16 16:52 . 2012-10-19 16:23 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 17:44 . 2012-04-29 09:07 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:44 . 2012-02-15 19:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 08:07 . 2012-07-01 06:35 45056 ----a-w- c:\users\HELA
2013-03-06 23:33 . 2012-02-15 17:06 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-02-15 17:06 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-02-15 17:06 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-02-25 05:06 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-02-15 17:06 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2012-02-15 17:06 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-02-15 16:58 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-02-15 16:58 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-17 00:28 . 2012-02-15 16:40 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-13 15:35 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 15:35 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 15:35 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 15:35 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 15:35 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 15:35 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-08 16:00 . 2013-03-08 16:00 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Samsung Drive Manager"="c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe" [2012-08-17 5796440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 176920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 178456]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2011-01-26 264792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2012-12-04 189952]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2011-11-29 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Drive Manager Real-Time.lnk - c:\program files\Clarus\Samsung Drive Manager\ABRTMon.exe [2013-1-22 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 aswVmm;aswVmm; [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [x]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Helča & Honza\AppData\Roaming\Mozilla\Firefox\Profiles\zhrs6mc7.default\
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Launch Manager\LMworker.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DAEMON Tools Lite\DTShellHlp.exe
c:\program files\Clarus\Samsung Drive Manager\SZDrvMon.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2013-03-18 19:05:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-18 18:05
ComboFix2.txt 2013-03-17 19:32
.
Před spuštěním: Volných bajtů: 59 563 294 720
Po spuštění: Volných bajtů: 59 855 052 800
.
- - End Of File - - 90238CEB26DE6D137EF8466B7E740439
Re: Centrum zabezpečení nelze spustit
Vsechny tyto programy - vcetne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce) Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat. vyosek píše:
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.
Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustteKliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
Defragmentujte disk(y)Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.
Pak dejte novy log z RSIT a napiste, jak je na tom pc.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Centrum zabezpečení nelze spustit
Přejmenoval jsem Combofix na uninstall, jede to pořád do kolečka a háže chybu:
Nelze otevřít soubor pro zápis c:\32788R22FWJFW\gsar.3xe
stiskněte přerušit, ignorovat, nebo znovu...
(když stisknu ignorovat tak mi to jede celé dokola až znovu k této chybě...)
nic dalšího jsem zatím nedělal
Nelze otevřít soubor pro zápis c:\32788R22FWJFW\gsar.3xe
stiskněte přerušit, ignorovat, nebo znovu...
(když stisknu ignorovat tak mi to jede celé dokola až znovu k této chybě...)
nic dalšího jsem zatím nedělal
Re: Centrum zabezpečení nelze spustit
Tak jiny zpusob odinstalace.
Zmacknete klavesovou kombinaci Win + R a do toho radku co se objevi napiste combofix /uninstall (za tim x musi byt mezera) a zmacknete Enter
Kdyby ani to neslo, tak to zkuste v nouzovem rezimu.
No a kdyby ani tam, tak to preskocte a pokracujte dalsimi kroky.
Zmacknete klavesovou kombinaci Win + R a do toho radku co se objevi napiste combofix /uninstall (za tim x musi byt mezera) a zmacknete Enter
Kdyby ani to neslo, tak to zkuste v nouzovem rezimu.
No a kdyby ani tam, tak to preskocte a pokracujte dalsimi kroky.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Centrum zabezpečení nelze spustit
Tak se nepovedlo ani v nouzovém režimu...
mám ho smazat normálně?
ještě mi tu zbylo na c: start.cmd
a na ploše adwcleaner a mbam - smazat?
Defragmentace probíhá - bude to na dlouho
jinak zabezpečení už funguje a vše se zdá bt tak jak má...
tudíž díky a moje poklona...
mám ho smazat normálně?
ještě mi tu zbylo na c: start.cmd
a na ploše adwcleaner a mbam - smazat?
Defragmentace probíhá - bude to na dlouho
jinak zabezpečení už funguje a vše se zdá bt tak jak má...
tudíž díky a moje poklona...
Re: Centrum zabezpečení nelze spustit
MBAM odinstalujte.
ADWCleaner spustte a kliknete na napis Uninstal, nebo tak nejak
Mel by po sobe uklidit sam.
ComboFix tedy smazte.
Ten soubor na C byl vytvoren kdy?
Az dobehne defragmentace, dejte sem aktualni log z RSIT a docistime pripadne zbytky
ADWCleaner spustte a kliknete na napis Uninstal, nebo tak nejak
Mel by po sobe uklidit sam.ComboFix tedy smazte.
Ten soubor na C byl vytvoren kdy?
Az dobehne defragmentace, dejte sem aktualni log z RSIT a docistime pripadne zbytky
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Centrum zabezpečení nelze spustit
OK.
ten soubor start byl vytvořen 19.3.2013 16:18 - myslím, že při tom pokusu odinstalovat ComboFix - jo a velikost je 1kb
ten soubor start byl vytvořen 19.3.2013 16:18 - myslím, že při tom pokusu odinstalovat ComboFix - jo a velikost je 1kb
Re: Centrum zabezpečení nelze spustit
Dobra. Vemem to pak najednou, az uvidim log
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?