Moc prosím o kontrolu logu.

Zpráva

seahock · #1 Příspěvek od **seahock** » 18 bře 2014 19:11

Dobrý den moc prosím o kontrolu logu. V mém ntb posledni dva dny jede teměř stále větrák a procesor podle spravce jede na vysoký výkon kvůli procesu searchfilterhost.exe.
Moc Vám děkuji a přikládám log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Martin (ATTENTION: The logged in user is not administrator) on MARTIN-NOTEBOOK on 18-03-2014 19:12:05
Running from C:\Users\Martin\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [SpybotDeletingA7631] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl"
HKLM\...\Runonce: [SpybotDeletingC4253] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl"
HKLM\...\Runonce: [SpybotDeletingA9471] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll"
HKLM\...\Runonce: [SpybotDeletingC6239] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll"
HKLM\...\Runonce: [SpybotDeletingA2052] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"
HKLM\...\Runonce: [SpybotDeletingC6969] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"
HKLM\...\Runonce: [SpybotDeletingA441] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings"
HKLM\...\Runonce: [SpybotDeletingC9170] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings"
HKLM\...\Runonce: [SpybotDeletingA9898] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm"
HKLM\...\Runonce: [SpybotDeletingC7087] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm"
HKLM\...\Runonce: [SpybotDeletingA4983] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe"
HKLM\...\Runonce: [SpybotDeletingC1323] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe"
HKLM\...\Runonce: [SpybotDeletingA3448] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js"
HKLM\...\Runonce: [SpybotDeletingC8768] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js"
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [360448 2009-07-14] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [panda2_0dn] - reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda2_0dn_XP] - reg.exe delete "HKCU\Software\panda2_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda4_0dn] - reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda4_0dn_XP] - reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-21-4209708383-3097774790-1877461908-1001\...\Run: [] - [X]
HKU\S-1-5-21-4209708383-3097774790-1877461908-1001\...\Run: [SkyDrive] - C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-02-22] (Microsoft Corporation)
AppInit_DLLs: c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll => c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0E634CEB9F31CB01
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.115.1 192.168.114.2 192.168.141.2

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\w621j4us.default-1363031787502
FF DefaultSearchEngine: Wikipedie (cs)
FF SelectedSearchEngine: Wikipedie (cs)
FF Homepage: https://www.google.com/webhp?hl=cs&tab=fw
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-02-16]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

========================== Services (Whitelisted) =================

R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)

==================== Drivers (Whitelisted) ====================

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)
R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [60928 2006-02-16] (ENE Technology Inc.)
R3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsle935874d; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40BCF11E-D4C0-40DA-830C-424C38BCEA13}\MpKsle935874d.sys [39464 2014-03-18] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)
S3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-03-07] (SMART Technologies)
S3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-03-07] (SMART Technologies)
S3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2013-03-07] (SMART Technologies ULC)
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-18 19:12 - 2014-03-18 19:12 - 00013919 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-03-18 19:05 - 2014-03-18 19:11 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2014-03-18 19:04 - 2014-03-18 19:12 - 00000000 ____D () C:\FRST
2014-03-18 19:03 - 2014-03-18 19:04 - 01145856 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2014-03-18 18:58 - 2014-03-18 18:58 - 00781909 _____ () C:\Users\Martin\Desktop\RSIT.exe
2014-03-17 21:24 - 2014-03-17 21:24 - 00012538 _____ () C:\Users\Bukvice\Documents\cc_20140317_212400.reg
2014-03-17 21:01 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-16 10:21 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-16 10:21 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-16 10:21 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-16 10:21 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-16 10:21 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-16 10:21 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-16 10:21 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-16 10:21 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-16 10:21 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-16 10:21 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-16 10:21 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-16 10:10 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-16 10:06 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 10:06 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 10:06 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 10:06 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 10:06 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 10:06 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 10:06 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 10:06 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 10:06 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 10:06 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 10:06 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 10:06 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 10:06 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 10:06 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 10:06 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 10:06 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 10:06 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 10:06 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 10:06 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 10:06 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 10:06 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 10:06 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 10:06 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 10:05 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 10:05 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 10:05 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 10:05 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-02-24 20:27 - 2014-02-27 19:19 - 00000000 ____D () C:\Users\Martin\Documents\Zaměstnání
2014-02-22 21:24 - 2014-02-22 21:24 - 00002202 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-20 18:54 - 2014-02-20 18:54 - 00000188 _____ () C:\Users\Bukvice\Documents\cc_20140220_185413.reg
2014-02-16 22:09 - 2014-02-16 22:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-18 19:12 - 2014-03-18 19:12 - 00013919 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-03-18 19:12 - 2014-03-18 19:04 - 00000000 ____D () C:\FRST
2014-03-18 19:11 - 2014-03-18 19:05 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2014-03-18 19:04 - 2014-03-18 19:03 - 01145856 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2014-03-18 19:03 - 2013-10-06 08:32 - 00000000 ____D () C:\Program Files\trend micro
2014-03-18 18:58 - 2014-03-18 18:58 - 00781909 _____ () C:\Users\Martin\Desktop\RSIT.exe
2014-03-18 18:53 - 2011-06-10 16:53 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\eM Client
2014-03-18 18:40 - 2011-06-14 19:42 - 02062305 ____N () C:\Windows\WindowsUpdate.log
2014-03-18 18:28 - 2013-12-17 16:51 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 18:17 - 2013-05-27 18:20 - 00000000 ___RD () C:\Users\Martin\SkyDrive
2014-03-18 17:59 - 2009-07-14 05:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 17:59 - 2009-07-14 05:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 17:51 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 21:58 - 2012-03-29 17:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-17 21:58 - 2011-05-17 15:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-17 21:24 - 2014-03-17 21:24 - 00012538 _____ () C:\Users\Bukvice\Documents\cc_20140317_212400.reg
2014-03-16 10:25 - 2009-07-14 05:33 - 00332288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-16 10:24 - 2010-08-01 20:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 10:19 - 2013-07-12 21:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-16 10:11 - 2010-08-01 19:13 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-13 17:47 - 2010-08-01 18:33 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-08 12:11 - 2010-01-26 23:37 - 00000000 ____D () C:\Users\Martin\Documents\Knihy
2014-03-08 12:10 - 2013-10-20 19:58 - 00011776 ___SH () C:\Users\Martin\Documents\Thumbs.db
2014-03-02 19:01 - 2010-08-17 18:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-01 05:30 - 2014-03-16 10:06 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:11 - 2014-03-16 10:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:10 - 2014-03-16 10:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:52 - 2014-03-16 10:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-16 10:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-16 10:06 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:43 - 2014-03-16 10:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:43 - 2014-03-16 10:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:40 - 2014-03-16 10:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:38 - 2014-03-16 10:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:38 - 2014-03-16 10:06 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:37 - 2014-03-16 10:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:31 - 2014-03-16 10:06 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:25 - 2014-03-16 10:06 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:16 - 2014-03-16 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:14 - 2014-03-16 10:06 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:03 - 2014-03-16 10:06 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:00 - 2014-03-16 10:06 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:57 - 2014-03-16 10:06 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:32 - 2014-03-16 10:06 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:27 - 2014-03-16 10:06 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:25 - 2014-03-16 10:06 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-27 19:19 - 2014-02-24 20:27 - 00000000 ____D () C:\Users\Martin\Documents\Zaměstnání
2014-02-27 16:54 - 2010-08-01 19:01 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Skype
2014-02-22 21:24 - 2014-02-22 21:24 - 00002202 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-20 18:54 - 2014-02-20 18:54 - 00000188 _____ () C:\Users\Bukvice\Documents\cc_20140220_185413.reg
2014-02-17 18:35 - 2010-08-17 18:49 - 00000000 ____D () C:\Users\Martin\AppData\Local\MediaMonkey
2014-02-17 18:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-17 16:57 - 2012-05-08 20:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 22:10 - 2014-02-16 22:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\NOSEventMessages.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows) (Fixed) (Total:465.66 GB) (Free:27.32 GB) NTFS

Available physical RAM: 999.91 MB
Total physical RAM: 2038.18 MB
Percentage of memory in use: 50%

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:76FBC8DE

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martin\Desktop" je 2 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================
[/b]

#2 Příspěvek od **Rudy** » 18 bře 2014 19:24

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [SpybotDeletingA7631] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl"
HKLM\...\Runonce: [SpybotDeletingC4253] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl"
HKLM\...\Runonce: [SpybotDeletingA9471] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll"
HKLM\...\Runonce: [SpybotDeletingC6239] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll"
HKLM\...\Runonce: [SpybotDeletingA2052] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"
HKLM\...\Runonce: [SpybotDeletingC6969] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"
HKLM\...\Runonce: [SpybotDeletingA441] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings"
HKLM\...\Runonce: [SpybotDeletingC9170] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings"
HKLM\...\Runonce: [SpybotDeletingA9898] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm"
HKLM\...\Runonce: [SpybotDeletingC7087] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm"
HKLM\...\Runonce: [SpybotDeletingA4983] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe"
HKLM\...\Runonce: [SpybotDeletingC1323] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe"
HKLM\...\Runonce: [SpybotDeletingA3448] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js"
HKLM\...\Runonce: [SpybotDeletingC8768] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js"
HKU\.DEFAULT\...\RunOnce: [panda2_0dn] - reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda2_0dn_XP] - reg.exe delete "HKCU\Software\panda2_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda4_0dn] - reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda4_0dn_XP] - reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-21-4209708383-3097774790-1877461908-1001\...\Run: [] - [X]
AppInit_DLLs: c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll => c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll File Not Found
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
C:\Program Files\Windows Live\Companion\companioncore.dll
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
C:\Users\Guest\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\TEMP:76FBC8DE
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

seahock · #3 Příspěvek od **seahock** » 18 bře 2014 19:34

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Martin at 2014-03-18 19:34:49 Run:1
Running from C:\Users\Martin\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [SpybotDeletingA7631] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl"
HKLM\...\Runonce: [SpybotDeletingC4253] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl"
HKLM\...\Runonce: [SpybotDeletingA9471] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll"
HKLM\...\Runonce: [SpybotDeletingC6239] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll"
HKLM\...\Runonce: [SpybotDeletingA2052] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"
HKLM\...\Runonce: [SpybotDeletingC6969] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"
HKLM\...\Runonce: [SpybotDeletingA441] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings"
HKLM\...\Runonce: [SpybotDeletingC9170] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings"
HKLM\...\Runonce: [SpybotDeletingA9898] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm"
HKLM\...\Runonce: [SpybotDeletingC7087] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm"
HKLM\...\Runonce: [SpybotDeletingA4983] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe"
HKLM\...\Runonce: [SpybotDeletingC1323] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe"
HKLM\...\Runonce: [SpybotDeletingA3448] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js"
HKLM\...\Runonce: [SpybotDeletingC8768] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js"
HKU\.DEFAULT\...\RunOnce: [panda2_0dn] - reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda2_0dn_XP] - reg.exe delete "HKCU\Software\panda2_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda4_0dn] - reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda4_0dn_XP] - reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-21-4209708383-3097774790-1877461908-1001\...\Run: [] - [X]
AppInit_DLLs: c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll => c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll File Not Found
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
C:\Program Files\Windows Live\Companion\companioncore.dll
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
C:\Users\Guest\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\TEMP:76FBC8DE
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA7631 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC4253 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA9471 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC6239 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA2052 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC6969 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA441 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC9170 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA9898 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC7087 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA4983 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC1323 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA3448 => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC8768 => Unable to delete value
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn => Unable to delete value
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn_XP => Unable to delete value
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn => Unable to delete value
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn_XP => Unable to delete value
HKU\S-1-5-21-4209708383-3097774790-1877461908-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
"c:\\progra~2\\browse~1\\261249~1.132\\{c16c1~1\\browse~1.dll" => Error removing Value Data.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} => Error deleting key
HKCR\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} => Error deleting key
Could not move "C:\Program Files\Windows Live\Companion\companioncore.dll" => Scheduled to move on reboot.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
C:\Users\Guest\AppData\Local\Temp => Moved successfully.
C:\ProgramData\TEMP => ":76FBC8DE" ADS removed successfully.

#4 Příspěvek od **Rudy** » 18 bře 2014 19:41

Ještě zkuste toto:

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:commands
[Purity]
[Emptytemp]
[Emptyflash]
[Resethosts]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm skenu restartujte PC. Dejte nový log RSIT.

seahock · #5 Příspěvek od **seahock** » 18 bře 2014 20:09

Provedl jsem doporučené.
Log zde:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Martin (ATTENTION: The logged in user is not administrator) on MARTIN-NOTEBOOK on 18-03-2014 20:13:04
Running from C:\Users\Martin\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [SpybotDeletingA7631] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl"
HKLM\...\Runonce: [SpybotDeletingC4253] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl"
HKLM\...\Runonce: [SpybotDeletingA9471] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll"
HKLM\...\Runonce: [SpybotDeletingC6239] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll"
HKLM\...\Runonce: [SpybotDeletingA2052] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"
HKLM\...\Runonce: [SpybotDeletingC6969] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"
HKLM\...\Runonce: [SpybotDeletingA441] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings"
HKLM\...\Runonce: [SpybotDeletingC9170] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings"
HKLM\...\Runonce: [SpybotDeletingA9898] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm"
HKLM\...\Runonce: [SpybotDeletingC7087] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm"
HKLM\...\Runonce: [SpybotDeletingA4983] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe"
HKLM\...\Runonce: [SpybotDeletingC1323] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe"
HKLM\...\Runonce: [SpybotDeletingA3448] - command.com /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js"
HKLM\...\Runonce: [SpybotDeletingC8768] - cmd.exe /c del "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js"
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [360448 2009-07-14] (Microsoft Corporation)
HKLM\...\RunOnce: [OTM] - "C:\Users\Martin\Desktop\OTM.exe" [522240 2014-03-18] (OldTimer Tools)
HKU\.DEFAULT\...\RunOnce: [panda2_0dn] - reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda2_0dn_XP] - reg.exe delete "HKCU\Software\panda2_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda4_0dn] - reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\.DEFAULT\...\RunOnce: [panda4_0dn_XP] - reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-21-4209708383-3097774790-1877461908-1001\...\Run: [SkyDrive] - C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-02-22] (Microsoft Corporation)
AppInit_DLLs: c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll => c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0E634CEB9F31CB01
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.115.1 192.168.114.2 192.168.141.2

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\w621j4us.default-1363031787502
FF DefaultSearchEngine: Wikipedie (cs)
FF SelectedSearchEngine: Wikipedie (cs)
FF Homepage: https://www.google.com/webhp?hl=cs&tab=fw
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-02-16]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

========================== Services (Whitelisted) =================

R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)

==================== Drivers (Whitelisted) ====================

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)
R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [60928 2006-02-16] (ENE Technology Inc.)
R3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)
S3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-03-07] (SMART Technologies)
S3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-03-07] (SMART Technologies)
S3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2013-03-07] (SMART Technologies ULC)
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-18 20:12 - 2014-03-18 20:13 - 00013407 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-03-18 20:07 - 2014-03-18 20:07 - 00000000 ____D () C:\_OTM
2014-03-18 19:36 - 2014-03-18 20:10 - 00000112 _____ () C:\Windows\setupact.log
2014-03-18 19:36 - 2014-03-18 19:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-18 19:17 - 2014-03-18 19:17 - 00006513 _____ () C:\Users\Martin\Desktop\Addition.zip
2014-03-18 19:05 - 2014-03-18 19:11 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2014-03-18 19:04 - 2014-03-18 20:13 - 00000000 ____D () C:\FRST
2014-03-18 19:03 - 2014-03-18 19:04 - 01145856 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2014-03-18 18:58 - 2014-03-18 18:58 - 00781909 _____ () C:\Users\Martin\Desktop\RSIT.exe
2014-03-17 21:24 - 2014-03-17 21:24 - 00012538 _____ () C:\Users\Bukvice\Documents\cc_20140317_212400.reg
2014-03-17 21:01 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-16 10:21 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-16 10:21 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-16 10:21 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-16 10:21 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-16 10:21 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-16 10:21 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-16 10:21 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-16 10:21 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-16 10:21 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-16 10:21 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-16 10:21 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-16 10:10 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-16 10:06 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 10:06 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 10:06 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 10:06 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 10:06 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 10:06 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 10:06 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 10:06 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 10:06 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 10:06 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 10:06 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 10:06 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 10:06 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 10:06 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 10:06 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 10:06 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 10:06 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 10:06 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 10:06 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 10:06 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 10:06 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 10:06 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 10:06 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 10:05 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 10:05 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 10:05 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 10:05 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-02-24 20:27 - 2014-02-27 19:19 - 00000000 ____D () C:\Users\Martin\Documents\Zaměstnání
2014-02-22 21:24 - 2014-02-22 21:24 - 00002202 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-20 18:54 - 2014-02-20 18:54 - 00000188 _____ () C:\Users\Bukvice\Documents\cc_20140220_185413.reg
2014-02-16 22:09 - 2014-02-16 22:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-18 20:13 - 2014-03-18 20:12 - 00013407 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-03-18 20:13 - 2014-03-18 19:04 - 00000000 ____D () C:\FRST
2014-03-18 20:11 - 2013-05-27 18:20 - 00000000 ___RD () C:\Users\Martin\SkyDrive
2014-03-18 20:10 - 2014-03-18 19:36 - 00000112 _____ () C:\Windows\setupact.log
2014-03-18 20:10 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 20:09 - 2011-06-14 19:42 - 02067715 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 20:07 - 2014-03-18 20:07 - 00000000 ____D () C:\_OTM
2014-03-18 19:43 - 2009-07-14 05:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 19:43 - 2009-07-14 05:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 19:36 - 2014-03-18 19:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-18 19:28 - 2013-12-17 16:51 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 19:17 - 2014-03-18 19:17 - 00006513 _____ () C:\Users\Martin\Desktop\Addition.zip
2014-03-18 19:11 - 2014-03-18 19:05 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2014-03-18 19:04 - 2014-03-18 19:03 - 01145856 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2014-03-18 19:03 - 2013-10-06 08:32 - 00000000 ____D () C:\Program Files\trend micro
2014-03-18 18:58 - 2014-03-18 18:58 - 00781909 _____ () C:\Users\Martin\Desktop\RSIT.exe
2014-03-18 18:53 - 2011-06-10 16:53 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\eM Client
2014-03-17 21:58 - 2012-03-29 17:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-17 21:58 - 2011-05-17 15:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-17 21:24 - 2014-03-17 21:24 - 00012538 _____ () C:\Users\Bukvice\Documents\cc_20140317_212400.reg
2014-03-16 10:25 - 2009-07-14 05:33 - 00332288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-16 10:24 - 2010-08-01 20:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 10:19 - 2013-07-12 21:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-16 10:11 - 2010-08-01 19:13 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-13 17:47 - 2010-08-01 18:33 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-08 12:11 - 2010-01-26 23:37 - 00000000 ____D () C:\Users\Martin\Documents\Knihy
2014-03-08 12:10 - 2013-10-20 19:58 - 00011776 ___SH () C:\Users\Martin\Documents\Thumbs.db
2014-03-02 19:01 - 2010-08-17 18:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-01 05:30 - 2014-03-16 10:06 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:11 - 2014-03-16 10:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:10 - 2014-03-16 10:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:52 - 2014-03-16 10:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-16 10:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-16 10:06 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:43 - 2014-03-16 10:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:43 - 2014-03-16 10:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:40 - 2014-03-16 10:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:38 - 2014-03-16 10:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:38 - 2014-03-16 10:06 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:37 - 2014-03-16 10:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:31 - 2014-03-16 10:06 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:25 - 2014-03-16 10:06 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:16 - 2014-03-16 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:14 - 2014-03-16 10:06 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:03 - 2014-03-16 10:06 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:00 - 2014-03-16 10:06 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:57 - 2014-03-16 10:06 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:32 - 2014-03-16 10:06 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:27 - 2014-03-16 10:06 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:25 - 2014-03-16 10:06 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-27 19:19 - 2014-02-24 20:27 - 00000000 ____D () C:\Users\Martin\Documents\Zaměstnání
2014-02-27 16:54 - 2010-08-01 19:01 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Skype
2014-02-22 21:24 - 2014-02-22 21:24 - 00002202 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-20 18:54 - 2014-02-20 18:54 - 00000188 _____ () C:\Users\Bukvice\Documents\cc_20140220_185413.reg
2014-02-17 18:35 - 2010-08-17 18:49 - 00000000 ____D () C:\Users\Martin\AppData\Local\MediaMonkey
2014-02-17 18:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-17 16:57 - 2012-05-08 20:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 22:10 - 2014-02-16 22:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows) (Fixed) (Total:465.66 GB) (Free:27.42 GB) NTFS

Available physical RAM: 1254.72 MB
Total physical RAM: 2038.18 MB
Percentage of memory in use: 38%

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martin\Desktop" je 2 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#6 Příspěvek od **Rudy** » 18 bře 2014 20:48

Nastala nějaká změna?

seahock · #7 Příspěvek od **seahock** » 20 bře 2014 21:17

Omlouvám se že jsem se neozval dříve. Bohužel jsem nemohl.
Změna bohužel nenastala

. Procesor jede téměř na 100% výkonu. A chladič stále jede. Je nějaká možnost jak mi poradit dále. Moc děkuji.

#8 Příspěvek od **Rudy** » 20 bře 2014 21:58

Otevřte správce úloh a zjistěte, který proces nejvíce zatěžuje systém.

seahock · #9 Příspěvek od **seahock** » 20 bře 2014 22:02

SearchFilterHost.exe (30 - 40%)

#10 Příspěvek od **Rudy** » 20 bře 2014 22:05

Dejte log Combofix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

seahock · #11 Příspěvek od **seahock** » 20 bře 2014 22:30

Log z Combofix:

ComboFix 14-03-19.01 - Bukvice 20.03.2014 22:20:41.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2038.1068 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\windows
c:\programdata\windows\dumd.dat
c:\programdata\windows\xdor.dat
c:\users\Bukvice\AppData\Local\MSGBOX.EXE
c:\users\Martin\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
c:\windows\IsUn0410.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-20 do 2014-03-20 )))))))))))))))))))))))))))))))
.
.
2014-03-20 21:14 . 2014-03-20 21:14 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D61F7822-064E-4A93-A61B-B28F2ABC7E37}\MpKsle79fa631.sys
2014-03-20 20:31 . 2014-03-20 20:31 -------- d-----w- c:\users\Bukvice\AppData\Local\Apps
2014-03-20 20:16 . 2014-02-20 17:26 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A6E3472-AFC0-4DD6-85F2-A33568EB7883}\gapaengine.dll
2014-03-20 20:15 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D61F7822-064E-4A93-A61B-B28F2ABC7E37}\mpengine.dll
2014-03-19 16:55 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-18 19:07 . 2014-03-18 19:07 -------- d-----w- C:\_OTM
2014-03-18 18:04 . 2014-03-18 19:13 -------- d-----w- C:\FRST
2014-03-17 20:01 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-03-16 09:21 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-16 09:21 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-16 09:21 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-03-16 09:21 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-16 09:21 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-03-16 09:21 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-03-16 09:21 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-03-16 09:21 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-03-16 09:21 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-03-16 09:21 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-03-16 09:21 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-03-16 09:20 . 2014-02-20 17:26 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8412F576-E988-4108-A292-B1CD9900E452}\gapaengine.dll
2014-03-16 09:10 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-16 09:05 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-16 09:05 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-16 09:05 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-16 09:05 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-17 20:58 . 2012-03-29 16:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-17 20:58 . 2011-05-17 14:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 17:26 . 2013-06-14 17:41 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-19 07:32 . 2010-08-01 17:58 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-24 23:09 . 2014-02-13 21:28 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 08:56 . 2014-02-13 21:46 454656 ----a-w- c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC4253"="del" [X]
"SpybotDeletingC6239"="del" [X]
"SpybotDeletingC6969"="del" [X]
"SpybotDeletingC9170"="del" [X]
"SpybotDeletingC7087"="del" [X]
"SpybotDeletingC1323"="del" [X]
"SpybotDeletingC8768"="del" [X]
"MSPCLOCK"="streamci" [X]
"MSPQM"="streamci" [X]
"MSKSSRV"="streamci" [X]
"MSTEE.CxTransform"="streamci" [X]
"MSTEE.Splitter"="streamci" [X]
"WDM_DRMKAUD"="streamci" [X]
"SpybotDeletingA7631"="command.com" [2009-07-13 50648]
"SpybotDeletingA9471"="command.com" [2009-07-13 50648]
"SpybotDeletingA2052"="command.com" [2009-07-13 50648]
"SpybotDeletingA441"="command.com" [2009-07-13 50648]
"SpybotDeletingA9898"="command.com" [2009-07-13 50648]
"SpybotDeletingA4983"="command.com" [2009-07-13 50648]
"SpybotDeletingA3448"="command.com" [2009-07-13 50648]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 360448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn" [X]
"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Miranda IM.lnk - c:\program files\Miranda IM\miranda32.exe [2014-1-15 829524]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2012-06-27 681056]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2013-03-07 8192]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2013-03-07 7680]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2013-03-07 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1343400]
R3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKsle79fa631;MpKsle79fa631;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D61F7822-064E-4A93-A61B-B28F2ABC7E37}\MpKsle79fa631.sys [2014-03-20 39464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 47104]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 15544]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLE79FA631
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17 17:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.115.1 192.168.114.2 192.168.141.2
FF - ProfilePath - c:\users\Bukvice\AppData\Roaming\Mozilla\Firefox\Profiles\880clanz.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}]
@DACL=(02 0000)
@="SkyDriveClient Class"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
@DACL=(02 0000)
@="SyncingOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}]
@DACL=(02 0000)
@="SyncEngineCOMServer Class"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
@DACL=(02 0000)
@="ErrorOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_21"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_21"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_21"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_45"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_45"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_45"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_51"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_51"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_51"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}]
@DACL=(02 0000)
@="SkyDriveEx"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
@DACL=(02 0000)
@="UpToDateOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]
@DACL=(02 0000)
@="SyncFileInformationProvider Class"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-03-20 22:31:48
ComboFix-quarantined-files.txt 2014-03-20 21:31
.
Před spuštěním: Volných bajtů: 29 240 000 512
Po spuštění: Volných bajtů: 28 962 635 776
.
- - End Of File - - 95CBC2D92336BA4819843257D5B93995
A36C5E4F47E84449FF07ED3517B43A31

#12 Příspěvek od **Rudy** » 20 bře 2014 22:42

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"=-
"panda2_0dn_XP"=-
"panda4_0dn"=-
"panda4_0dn_XP"=-

RegLock::
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBC}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBB}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBC}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
[HKEY_USERS\S-1-5-21-4209708383-3097774790-1877461908-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu Combofix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

seahock · #13 Příspěvek od **seahock** » 22 bře 2014 19:23

Provedl jsem co mi bylo řečeno, ještě přikládám nový log z Combofix.

ComboFix 14-03-19.01 - Bukvice 22.03.2014 19:16:35.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2038.1060 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-22 do 2014-03-22 )))))))))))))))))))))))))))))))
.
.
2014-03-22 18:24 . 2014-03-22 18:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-03-22 18:24 . 2014-03-22 18:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-20 21:31 . 2014-03-22 18:24 -------- d-----w- c:\users\Martin\AppData\Local\temp
2014-03-20 21:31 . 2014-03-22 18:21 -------- d-----w- c:\users\Bukvice\AppData\Local\temp
2014-03-20 20:31 . 2014-03-20 20:31 -------- d-----w- c:\users\Bukvice\AppData\Local\Apps
2014-03-20 20:16 . 2014-02-20 17:26 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A6E3472-AFC0-4DD6-85F2-A33568EB7883}\gapaengine.dll
2014-03-20 20:15 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D61F7822-064E-4A93-A61B-B28F2ABC7E37}\mpengine.dll
2014-03-19 16:55 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-18 19:07 . 2014-03-18 19:07 -------- d-----w- C:\_OTM
2014-03-18 18:04 . 2014-03-18 19:13 -------- d-----w- C:\FRST
2014-03-17 20:01 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-03-16 09:21 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-16 09:21 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-16 09:21 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-03-16 09:21 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-16 09:21 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-03-16 09:21 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-03-16 09:21 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-03-16 09:21 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-03-16 09:21 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-03-16 09:21 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-03-16 09:21 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-03-16 09:10 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-16 09:05 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-16 09:05 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-16 09:05 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-16 09:05 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-17 20:58 . 2012-03-29 16:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-17 20:58 . 2011-05-17 14:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 17:26 . 2013-06-14 17:41 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-19 07:32 . 2010-08-01 17:58 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-24 23:09 . 2014-02-13 21:28 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC4253"="del" [X]
"SpybotDeletingC6239"="del" [X]
"SpybotDeletingC6969"="del" [X]
"SpybotDeletingC9170"="del" [X]
"SpybotDeletingC7087"="del" [X]
"SpybotDeletingC1323"="del" [X]
"SpybotDeletingC8768"="del" [X]
"MSPCLOCK"="streamci" [X]
"MSPQM"="streamci" [X]
"MSKSSRV"="streamci" [X]
"MSTEE.CxTransform"="streamci" [X]
"MSTEE.Splitter"="streamci" [X]
"WDM_DRMKAUD"="streamci" [X]
"SpybotDeletingA7631"="command.com" [2009-07-13 50648]
"SpybotDeletingA9471"="command.com" [2009-07-13 50648]
"SpybotDeletingA2052"="command.com" [2009-07-13 50648]
"SpybotDeletingA441"="command.com" [2009-07-13 50648]
"SpybotDeletingA9898"="command.com" [2009-07-13 50648]
"SpybotDeletingA4983"="command.com" [2009-07-13 50648]
"SpybotDeletingA3448"="command.com" [2009-07-13 50648]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 360448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Miranda IM.lnk - c:\program files\Miranda IM\miranda32.exe [2014-1-15 829524]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsle79fa631;MpKsle79fa631;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D61F7822-064E-4A93-A61B-B28F2ABC7E37}\MpKsle79fa631.sys [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2012-06-27 681056]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2013-03-07 8192]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2013-03-07 7680]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2013-03-07 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1343400]
R3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 47104]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 15544]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17 17:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 81.2.209.93 10.32.80.2 192.168.1.254
FF - ProfilePath - c:\users\Bukvice\AppData\Roaming\Mozilla\Firefox\Profiles\9i5bsy48.default-1395351243517\
.
.
Celkový čas: 2014-03-22 19:27:12
ComboFix-quarantined-files.txt 2014-03-22 18:27
ComboFix2.txt 2014-03-20 21:31
.
Před spuštěním: Volných bajtů: 30 286 286 848
Po spuštění: Volných bajtů: 30 134 784 000
.
- - End Of File - - B60ED6FBBDF187E5C00246227EC65334
A36C5E4F47E84449FF07ED3517B43A31

#14 Příspěvek od **Rudy** » 22 bře 2014 20:02

Vše smazáno. Nastala nějaká změna?

VIRY.CZ

Moc prosím o kontrolu logu.

Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.

Re: Moc prosím o kontrolu logu.