VIRY.CZ

Dobrý den,

mám na notebooku také tento vir, nejde mi ale vytvořit FRST log z nouzového režimu dle návodu na tomto fóru. Vždy se počítač pouze restartuje, pokud zvolím F8 a pak Nouzový režim s příkazovým řádkem.. Díky za pomoc. Milan

Zkuste tento postup:

Na zdravem PC stahnete Farbar Recovery Scan Tool http://www.bleepingcomputer.com/downloa ... scan-tool/

Ulozte na nejaky flash disk, primo na jeho koren

Na poskozenem PC nabootujte Nouzovy rezim s prikazovym radkem MS-DOS

Nyni si zjisteme pismeno flash disku

Zadejte prikaz notepad a odenterujte
Otebre se poznamkovy blok (notepad)
Dejte Soubor --> Otevrit --> najdete tento pocitac a otevrete USB klic je FRST ulozeny
Podivejte se, jake pismeno ma USB klic (F:\, G:\ apod)
Zavrete notepad krizkem

Ted si ziskame log

Pokud mate stazeny FRST pro 64 bit OS, tak se jmenuje FRST64.exe a je nutne jej tak zadat
Zadejte prikaz "pismeno disku":\FRST.exe a odenterujte (napr. F:\FRST.exe)
Spusti se FRST
Spuste prohledavani kliknutim na Scan
Po chvili se vytvori na flash disku log FRST.exe
Ten mi sem vlozte pres zdravy PC.

Tak nevím, jestli jste dobře četl co píši. Když chci nabootovat do Nouzového režimu s příkazovým řádkem, tak to nejde a počítač se vypne...

Pak ovšem nezbude nic jiného, než připojit HDD do jiného PC a spustit tam kompletní sken MBAM: http://www.malwarebytes.org/mbam.php (dejte log a předem nic nemažte), nebo reinstal systému.

Tak se Nouzový režim podařil, tady je FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Administrator (administrator) on MILA_HP on 11-11-2013 19:52:51
Running from D:\
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Microsoft Corporation) C:\windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QLBController] - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [DTRun] - C:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.)
HKLM\...\Run: [NortonOnlineBackupReminder] - C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2013-07-03] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2013-07-03] (Synaptics Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] - C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM\...\RunOnce: [*Restore] - C:\windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKCU\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-10-25] (Hewlett-Packard)
HKU\Guest\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-10-25] (Hewlett-Packard)
HKU\Guest\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-06-17] (Hewlett-Packard Company)
HKU\Hynek\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-06-17] (Hewlett-Packard Company)
HKU\Hynek\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Hynek\...\Policies\system: [LogonHoursAction] 2
HKU\Hynek\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Hynek.Mila_HP\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-10-25] (Hewlett-Packard)
HKU\Hynek.Mila_HP\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-06-17] (Hewlett-Packard Company)
HKU\Hynek.Mila_HP\...\Run: [Clownfish] - [x]
HKU\Hynek.Mila_HP\...\Run: [Google Update] - C:\Users\Hynek.Mila_HP\AppData\Local\Google\Update\GoogleUpdate.exe [ 2012-07-23] (Google Inc.)
HKU\Hynek.Mila_HP\...\Run: [WebCake Desktop] - C:\Users\Hynek.Mila_HP\AppData\Roaming\Movdap\WebCakeDesktop.exe [ 2013-08-29] (WebCake LLC)
HKU\Hynek.Mila_HP\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Hynek.Mila_HP\AppData\Roaming\Seznam.cz\szninstall.exe [ 2013-05-16] ()
HKU\Hynek.Mila_HP\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Hynek.Mila_HP\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [ 2013-04-12] ()
HKU\Hynek.Mila_HP\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [ 2013-10-09] (Valve Corporation)
HKU\Kačenka\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-10-25] (Hewlett-Packard)
HKU\Kačenka\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-06-17] (Hewlett-Packard Company)
HKU\Kačenka\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Kačenka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [ 2013-04-12] ()
HKU\Kačenka\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Kačenka\AppData\Roaming\Seznam.cz\szninstall.exe [ 2013-05-16] ()
HKU\Mila\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-10-25] (Hewlett-Packard)
HKU\Mila\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-06-17] (Hewlett-Packard Company)
HKU\Mila\...\Policies\system: [LogonHoursAction] 2
HKU\Mila\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mila.Mila_HP\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-10-25] (Hewlett-Packard)
HKU\Mila.Mila_HP\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-04-19] (Skype Technologies S.A.)
HKU\Mila.Mila_HP\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2013-03-22] (TomTom)
HKU\Mila.Mila_HP\...\Run: [Google Update] - C:\Users\Mila.Mila_HP\AppData\Local\Google\Update\GoogleUpdate.exe [ 2012-07-23] (Google Inc.)
HKU\Mila.Mila_HP\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Mila.Mila_HP\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [ 2013-04-12] ()
HKU\Mila.Mila_HP\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Mila.Mila_HP\AppData\Roaming\Seznam.cz\szninstall.exe [ 2013-05-16] ()
HKU\user\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-10-25] (Hewlett-Packard)
HKU\user\...\Run: [Skype] - C:\Program Files\Skype\\Phone\Skype.exe [ 2013-04-19] (Skype Technologies S.A.)
HKU\user\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-06-17] (Hewlett-Packard Company)
HKU\Veverka\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-10-25] (Hewlett-Packard)
HKU\Veverka\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-06-17] (Hewlett-Packard Company)
HKU\Veverka\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Veverka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [ 2013-04-12] ()
HKU\Veverka\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Veverka\AppData\Roaming\Seznam.cz\szninstall.exe [ 2013-05-16] ()
HKU\Štěpánek\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-10-25] (Hewlett-Packard)
HKU\Štěpánek\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-06-17] (Hewlett-Packard Company)
HKU\Štěpánek\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Štěpánek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [ 2013-04-12] ()
HKU\Štěpánek\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Štěpánek\AppData\Roaming\Seznam.cz\szninstall.exe [ 2013-05-16] ()
AppInit_DLLs: c:\progra~1\savesh~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll [ 2013-01-24] ()
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchesplace.info/?pi ... Z&unqvl=30
SearchScopes: HKLM - DefaultScope {A1159ED1-4374-4E71-A66C-74943BD7D314} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {A1159ED1-4374-4E71-A66C-74943BD7D314} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchesplace.info/?l= ... Z&unqvl=30
SearchScopes: HKCU - DefaultScope {A1159ED1-4374-4E71-A66C-74943BD7D314} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: SearchNewTab - {71FAFC9F-906C-2BFB-1626-0C839BE9717E} - C:\ProgramData\SearchNewTab\xJV.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{1C8A17AC-18ED-49F9-832E-C3B6A0327739}: [NameServer]81.92.155.4,81.92.158.236

Chrome:
=======
CHR Extension: (Docs) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Web Cake) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0
CHR Extension: () - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0
CHR Extension: (Gmail) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files\Movdap\WebCakeLayers.crx

========================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-11-02] (LSI Corporation)
S3 Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3528968 2010-04-15] (Motorola, Inc.)
S3 Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [824584 2010-04-15] (Motorola, Inc.)
S2 Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [512776 2010-04-22] (Motorola, Inc.)
S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-07-16] (DigitalPersona, Inc.)
S2 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
S2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [102968 2009-12-16] (Hewlett-Packard)
S2 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
S2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
S2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company)
S2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-01] (McAfee, Inc.)
S2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard)
S2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
S2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2013-08-26] (LogMeIn, Inc.)
S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2013-07-03] (IDT, Inc.)
S2 uArcCapture; C:\windows\system32\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
S2 vcsFPService; C:\windows\system32\vcsFPService.exe [1639728 2009-12-14] (Validity Sensors, Inc.)
S2 WebCakeUpdater; C:\Program Files\Movdap\WBDesktop.Updater.1.0.0.16.exe [51992 2013-08-29] (cake bake)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [29824 2009-12-04] (ArcSoft, Inc.)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [31616 2010-04-23] (Motorola, Inc.)
S3 BTMCOM; C:\Windows\System32\Drivers\btmcom.sys [41344 2010-04-09] (Motorola, Inc.)
S3 BTMMODEM; C:\Windows\System32\DRIVERS\btmcom.sys [41344 2010-04-09] (Motorola, Inc.)
S3 BTMUSB; C:\Windows\System32\Drivers\btmusb.sys [375296 2010-04-15] (Motorola, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [40088 2010-02-01] (McAfee, Inc.)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [73344 2009-12-22] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [110520 2010-02-01] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51800 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [13256 2010-02-01] (McAfee, Inc.)
S1 vmm; C:\windows\system32\Drivers\vmm.sys [232816 2007-02-18] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\MILA~1.MIL\AppData\Local\Temp\catchme.sys [x]
S3 CFcatchme; \??\C:\Users\MILA~1.MIL\AppData\Local\Temp\CFcatchme.sys [x]
S1 lzmqruib; \??\C:\windows\system32\drivers\lzmqruib.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-11 19:52 - 2013-11-11 19:52 - 00000000 ____D C:\FRST
2013-11-11 18:34 - 2013-11-11 18:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn
2013-11-07 11:23 - 2013-11-07 11:23 - 00000000 ____D C:\Users\Veverka\AppData\Local\Apple
2013-11-02 19:33 - 2013-11-02 19:33 - 00000000 ____D C:\Users\Kačenka\AppData\Local\LogMeIn
2013-11-02 19:26 - 2013-11-02 19:26 - 00000000 ____D C:\HP_RECOVERY_mountHPSF
2013-11-02 19:24 - 2013-11-02 19:24 - 00000000 ____D C:\Users\Veverka\AppData\Local\LogMeIn
2013-11-02 19:16 - 2013-11-11 18:47 - 95025368 ____T C:\ProgramData\orwla9.bxx
2013-11-02 19:16 - 2013-11-11 17:46 - 00000000 _____ C:\ProgramData\orwla9.fvv
2013-11-02 19:16 - 2013-11-02 19:16 - 00151552 _____ (Корпорация Майкрософт) C:\ProgramData\9alwro.dss
2013-11-01 09:23 - 2013-11-01 09:23 - 00000000 ____D C:\Program Files\Common Files\Portrait Displays
2013-11-01 09:22 - 2013-11-01 09:22 - 00000000 ____D C:\Users\Mila.Mila_HP\AppData\Roaming\Hewlett-Packard Company
2013-10-27 13:05 - 2013-10-27 13:05 - 00001355 _____ C:\Users\Hynek.Mila_HP\Desktop\ROBLOX Player.lnk
2013-10-26 19:44 - 2013-10-27 13:05 - 00001174 _____ C:\Users\Hynek.Mila_HP\Desktop\ROBLOX Studio 2013.lnk
2013-10-26 19:44 - 2013-10-27 13:05 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2013-10-26 19:43 - 2013-10-27 13:37 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Local\Roblox
2013-10-26 19:42 - 2013-10-26 19:43 - 00542576 _____ (ROBLOX Corporation) C:\Users\Hynek.Mila_HP\Desktop\RobloxPlayerLauncher.exe
2013-10-26 14:17 - 2013-10-27 14:16 - 00000000 ____D C:\Program Files\Steam
2013-10-26 14:17 - 2013-10-26 16:06 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-10-26 14:14 - 2013-10-26 14:15 - 01669632 _____ C:\Users\Hynek.Mila_HP\Desktop\SteamInstall.msi
2013-10-26 13:41 - 2013-10-26 13:41 - 00000000 ____D C:\Users\Hynek.Mila_HP\Desktop\Clownfish
2013-10-26 13:40 - 2013-10-26 13:40 - 00537827 _____ C:\Users\Hynek.Mila_HP\Desktop\clownfish_portable_340.zip
2013-10-26 13:24 - 2013-10-26 13:31 - 00000000 ____D C:\Users\Hynek.Mila_HP\Desktop\Dubstep
2013-10-26 13:20 - 2013-10-26 13:22 - 36794880 _____ C:\Users\Hynek.Mila_HP\Desktop\Reapers EP - Winside.rar
2013-10-26 13:05 - 2013-10-26 13:05 - 00000000 ____D C:\Users\Hynek.Mila_HP\Desktop\BetterWorld
2013-10-26 13:04 - 2013-10-26 13:04 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Eden mods helper
2013-10-26 11:34 - 2013-10-26 11:34 - 00675988 _____ C:\Users\Hynek.Mila_HP\Desktop\MinecraftNew.exe
2013-10-26 11:33 - 2013-10-26 11:42 - 77236500 _____ C:\Users\Hynek.Mila_HP\Desktop\Eden-BP-1.5.2.exe
2013-10-26 11:14 - 2013-10-26 11:14 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Local\LogMeIn
2013-10-23 20:16 - 2013-10-23 20:16 - 00000925 _____ C:\Users\Mila.Mila_HP\Desktop\Microsoft Office 2007 – zástupce.lnk
2013-10-23 20:16 - 2013-10-23 20:16 - 00000243 _____ C:\Users\Mila.Mila_HP\Desktop\Email (2).url
2013-10-23 19:26 - 2013-10-27 20:26 - 00000316 _____ C:\windows\Tasks\HPCeeScheduleForMila.job
2013-10-20 23:16 - 2013-10-20 23:16 - 00000000 ___HD C:\windows\AxInstSV
2013-10-18 13:24 - 2013-10-18 13:24 - 00371568 _____ C:\windows\Minidump\101813-29577-01.dmp

==================== One Month Modified Files and Folders =======

2013-11-11 19:52 - 2013-11-11 19:52 - 00000000 ____D C:\FRST
2013-11-11 19:52 - 2011-08-17 03:46 - 00000000 ____D C:\Users\Mila.Mila_HP
2013-11-11 19:52 - 2010-06-06 05:29 - 01577410 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-11 19:48 - 2010-06-06 05:41 - 00000000 ____D C:\ProgramData\HPQLOG
2013-11-11 19:47 - 2012-07-23 09:57 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 19:47 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-11 19:47 - 2009-07-14 05:39 - 00076280 _____ C:\windows\setupact.log
2013-11-11 19:46 - 2013-09-28 11:59 - 00000000 ____D C:\Users\Veverka\AppData\Roaming\Seznam.cz
2013-11-11 19:46 - 2013-08-11 20:33 - 00000000 ____D C:\Users\Mila.Mila_HP\AppData\Roaming\Seznam.cz
2013-11-11 19:46 - 2013-08-04 12:11 - 00000000 ____D C:\Users\Štěpánek
2013-11-11 19:46 - 2013-07-01 12:03 - 00000000 ___RD C:\Users\Veverka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-11 19:46 - 2013-07-01 12:03 - 00000000 ___RD C:\Users\Veverka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-11 19:46 - 2013-07-01 12:03 - 00000000 ____D C:\Users\Veverka\AppData\Local\LogMeIn Hamachi
2013-11-11 19:46 - 2013-07-01 12:03 - 00000000 ____D C:\Users\Veverka
2013-11-11 19:46 - 2013-03-05 17:33 - 00000000 ____D C:\Users\Kačenka
2013-11-11 19:46 - 2012-11-25 11:28 - 00000000 ____D C:\Users\Administrator
2013-11-11 19:46 - 2011-08-21 12:04 - 00000000 ____D C:\Users\Hynek.Mila_HP
2013-11-11 19:46 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\wfp
2013-11-11 19:46 - 2009-07-14 03:37 - 00000000 ____D C:\windows\AppCompat
2013-11-11 19:45 - 2013-03-05 17:34 - 00000000 ____D C:\Users\Kačenka\AppData\Local\LogMeIn Hamachi
2013-11-11 19:45 - 2012-02-04 17:47 - 00000000 ____D C:\Users\Mila.Mila_HP\AppData\Local\LogMeIn Hamachi
2013-11-11 19:45 - 2011-07-15 14:04 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-11 19:45 - 2009-07-14 03:37 - 00000000 ____D C:\windows\registration
2013-11-11 19:44 - 2013-07-01 18:17 - 00000000 ____D C:\Users\Veverka\AppData\Local\Microsoft Games
2013-11-11 19:44 - 2011-08-23 08:50 - 00000000 ____D C:\Users\Mila.Mila_HP\AppData\Roaming\Skype
2013-11-11 18:47 - 2013-11-02 19:16 - 95025368 ____T C:\ProgramData\orwla9.bxx
2013-11-11 18:34 - 2013-11-11 18:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn
2013-11-11 17:46 - 2013-11-02 19:16 - 00000000 _____ C:\ProgramData\orwla9.fvv
2013-11-07 11:23 - 2013-11-07 11:23 - 00000000 ____D C:\Users\Veverka\AppData\Local\Apple
2013-11-02 19:33 - 2013-11-02 19:33 - 00000000 ____D C:\Users\Kačenka\AppData\Local\LogMeIn
2013-11-02 19:27 - 2013-07-01 12:05 - 00109688 _____ C:\Users\Veverka\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-02 19:26 - 2013-11-02 19:26 - 00000000 ____D C:\HP_RECOVERY_mountHPSF
2013-11-02 19:24 - 2013-11-02 19:24 - 00000000 ____D C:\Users\Veverka\AppData\Local\LogMeIn
2013-11-02 19:16 - 2013-11-02 19:16 - 00151552 _____ (Корпорация Майкрософт) C:\ProgramData\9alwro.dss
2013-11-01 09:23 - 2013-11-01 09:23 - 00000000 ____D C:\Program Files\Common Files\Portrait Displays
2013-11-01 09:22 - 2013-11-01 09:22 - 00000000 ____D C:\Users\Mila.Mila_HP\AppData\Roaming\Hewlett-Packard Company
2013-10-29 19:29 - 2012-04-25 18:58 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-29 19:29 - 2011-07-15 22:55 - 01998593 _____ C:\windows\WindowsUpdate.log
2013-10-29 19:28 - 2012-08-06 13:04 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1003Core.job
2013-10-29 19:21 - 2012-08-06 11:51 - 00000978 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1004UA.job
2013-10-29 19:19 - 2012-08-06 13:04 - 00000974 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1003UA.job
2013-10-29 19:19 - 2012-07-23 09:57 - 00000938 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 19:18 - 2012-08-06 11:51 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1004Core.job
2013-10-27 20:26 - 2013-10-23 19:26 - 00000316 _____ C:\windows\Tasks\HPCeeScheduleForMila.job
2013-10-27 14:16 - 2013-10-26 14:17 - 00000000 ____D C:\Program Files\Steam
2013-10-27 13:42 - 2012-05-01 16:18 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Roaming\.techniclauncher
2013-10-27 13:37 - 2013-10-26 19:43 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Local\Roblox
2013-10-27 13:09 - 2013-08-06 19:37 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Roaming\Seznam.cz
2013-10-27 13:07 - 2013-01-13 12:08 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Local\LogMeIn Hamachi
2013-10-27 13:06 - 2013-08-29 08:21 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Roaming\Movdap
2013-10-27 13:05 - 2013-10-27 13:05 - 00001355 _____ C:\Users\Hynek.Mila_HP\Desktop\ROBLOX Player.lnk
2013-10-27 13:05 - 2013-10-26 19:44 - 00001174 _____ C:\Users\Hynek.Mila_HP\Desktop\ROBLOX Studio 2013.lnk
2013-10-27 13:05 - 2013-10-26 19:44 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2013-10-26 19:43 - 2013-10-26 19:42 - 00542576 _____ (ROBLOX Corporation) C:\Users\Hynek.Mila_HP\Desktop\RobloxPlayerLauncher.exe
2013-10-26 19:35 - 2011-12-16 17:39 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Roaming\Skype
2013-10-26 18:59 - 2011-09-10 08:41 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Local\Microsoft Games
2013-10-26 16:06 - 2013-10-26 14:17 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-10-26 14:15 - 2013-10-26 14:14 - 01669632 _____ C:\Users\Hynek.Mila_HP\Desktop\SteamInstall.msi
2013-10-26 13:41 - 2013-10-26 13:41 - 00000000 ____D C:\Users\Hynek.Mila_HP\Desktop\Clownfish
2013-10-26 13:40 - 2013-10-26 13:40 - 00537827 _____ C:\Users\Hynek.Mila_HP\Desktop\clownfish_portable_340.zip
2013-10-26 13:37 - 2012-04-09 12:20 - 00000000 ____D C:\Users\Hynek.Mila_HP\Documents\Skype Voice Records
2013-10-26 13:31 - 2013-10-26 13:24 - 00000000 ____D C:\Users\Hynek.Mila_HP\Desktop\Dubstep
2013-10-26 13:22 - 2013-10-26 13:20 - 36794880 _____ C:\Users\Hynek.Mila_HP\Desktop\Reapers EP - Winside.rar
2013-10-26 13:09 - 2012-07-24 10:10 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Roaming\.minecraft
2013-10-26 13:05 - 2013-10-26 13:05 - 00000000 ____D C:\Users\Hynek.Mila_HP\Desktop\BetterWorld
2013-10-26 13:04 - 2013-10-26 13:04 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Eden mods helper
2013-10-26 12:32 - 2013-04-26 19:26 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Roaming\.technic
2013-10-26 12:32 - 2013-04-26 19:25 - 02110334 _____ C:\Users\Hynek.Mila_HP\Desktop\TechnicLauncher.jar
2013-10-26 11:52 - 2009-07-14 05:34 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-26 11:52 - 2009-07-14 05:34 - 00019760 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-26 11:42 - 2013-10-26 11:33 - 77236500 _____ C:\Users\Hynek.Mila_HP\Desktop\Eden-BP-1.5.2.exe
2013-10-26 11:34 - 2013-10-26 11:34 - 00675988 _____ C:\Users\Hynek.Mila_HP\Desktop\MinecraftNew.exe
2013-10-26 11:23 - 2012-11-17 12:21 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Roaming\Mozilla
2013-10-26 11:14 - 2013-10-26 11:14 - 00000000 ____D C:\Users\Hynek.Mila_HP\AppData\Local\LogMeIn
2013-10-25 07:17 - 2011-08-24 12:55 - 00000000 ____D C:\Users\Mila.Mila_HP\AppData\Roaming\Mozilla
2013-10-23 20:16 - 2013-10-23 20:16 - 00000925 _____ C:\Users\Mila.Mila_HP\Desktop\Microsoft Office 2007 – zástupce.lnk
2013-10-23 20:16 - 2013-10-23 20:16 - 00000243 _____ C:\Users\Mila.Mila_HP\Desktop\Email (2).url
2013-10-23 19:25 - 2012-05-04 17:46 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-23 19:25 - 2012-04-24 21:00 - 00000052 _____ C:\windows\system32\DOErrors.log
2013-10-20 23:16 - 2013-10-20 23:16 - 00000000 ___HD C:\windows\AxInstSV
2013-10-19 08:56 - 2013-10-10 16:24 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-19 07:37 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-10-19 07:10 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-10-18 13:24 - 2013-10-18 13:24 - 00371568 _____ C:\windows\Minidump\101813-29577-01.dmp
2013-10-18 13:24 - 2012-06-23 15:35 - 00000000 ____D C:\windows\Minidump
2013-10-18 13:24 - 2012-06-23 15:34 - 400797939 _____ C:\windows\MEMORY.DMP

Files to move or delete:
====================
C:\ProgramData\9alwro.dss

Some content of TEMP:
====================
C:\Users\Hynek.Mila_HP\AppData\Local\temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Hynek.Mila_HP\AppData\Local\temp\Mountain_Lion_Skin_Pack_1.0-X86.exe
C:\Users\Hynek.Mila_HP\AppData\Local\temp\Setup-D2502DD2B71B5.exe
C:\Users\Hynek.Mila_HP\AppData\Local\temp\SkypeSetup.exe
C:\Users\Mila.Mila_HP\AppData\Local\temp\Extract.exe
C:\Users\Mila.Mila_HP\AppData\Local\temp\SkypeSetup.exe
C:\Users\Mila.Mila_HP\AppData\Local\temp\SP49415.exe
C:\Users\Mila.Mila_HP\AppData\Local\temp\SP51115.exe
C:\Users\Mila.Mila_HP\AppData\Local\temp\SP54600.exe
C:\Users\Mila.Mila_HP\AppData\Local\temp\~tmf4707502267313107155.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-04 14:50

==================== End Of Log ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\Hynek.Mila_HP\...\Run: [Clownfish] - [x]
AppInit_DLLs: c:\progra~1\savesh~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll [ 2013-01-24] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchesplace.info/?pi ... Z&unqvl=30
SearchScopes: HKLM - DefaultScope {A1159ED1-4374-4E71-A66C-74943BD7D314} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {A1159ED1-4374-4E71-A66C-74943BD7D314} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchesplace.info/?l= ... Z&unqvl=30
SearchScopes: HKCU - DefaultScope {A1159ED1-4374-4E71-A66C-74943BD7D314} URL =
BHO: SearchNewTab - {71FAFC9F-906C-2BFB-1626-0C839BE9717E} - C:\ProgramData\SearchNewTab\xJV.dll ()
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
CHR HKLM\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files\Movdap\WebCakeLayers.crx
S1 lzmqruib; \??\C:\windows\system32\drivers\lzmqruib.sys [x]
C:\windows\system32\drivers\lzmqruib.sys
C:\ProgramData\orwla9.bxx
C:\ProgramData\orwla9.fvv
(Корпорация Майкрософт) C:\ProgramData\9alwro.dss
C:\Users\Mila.Mila_HP\AppData\Local\temp
End

Uložte do stejného adresáře, jako FRST. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Jaký název má mít ten soubor z Notepadu ? Vše opět v nouzovém režimu ?

Pardon, opoměl jsem: fixlist.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2013 01
Ran by Administrator at 2013-11-11 20:27:32 Run:1
Running from D:\
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
Start
HKU\Hynek.Mila_HP\...\Run: [Clownfish] - [x]
AppInit_DLLs: c:\progra~1\savesh~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll [ 2013-01-24] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchesplace.info/?pi ... Z&unqvl=30
SearchScopes: HKLM - DefaultScope {A1159ED1-4374-4E71-A66C-74943BD7D314} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {A1159ED1-4374-4E71-A66C-74943BD7D314} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchesplace.info/?l= ... Z&unqvl=30
SearchScopes: HKCU - DefaultScope {A1159ED1-4374-4E71-A66C-74943BD7D314} URL =
BHO: SearchNewTab - {71FAFC9F-906C-2BFB-1626-0C839BE9717E} - C:\ProgramData\SearchNewTab\xJV.dll ()
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
CHR HKLM\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files\Movdap\WebCakeLayers.crx
S1 lzmqruib; \??\C:\windows\system32\drivers\lzmqruib.sys [x]
C:\windows\system32\drivers\lzmqruib.sys
C:\ProgramData\orwla9.bxx
C:\ProgramData\orwla9.fvv
(Корпорация Майкрософт) C:\ProgramData\9alwro.dss
C:\Users\Mila.Mila_HP\AppData\Local\temp
End
*****************

HKU\Hynek.Mila_HP\Software\Microsoft\Windows\CurrentVersion\Run\\Clownfish => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A1159ED1-4374-4E71-A66C-74943BD7D314} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A1159ED1-4374-4E71-A66C-74943BD7D314} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71FAFC9F-906C-2BFB-1626-0C839BE9717E} => Key deleted successfully.
HKCR\CLSID\{71FAFC9F-906C-2BFB-1626-0C839BE9717E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} => Key deleted successfully.
HKCR\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Value deleted successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh => Key deleted successfully.
C:\Program Files\Movdap\WebCakeLayers.crx => Moved successfully.
lzmqruib => Service deleted successfully.
"C:\windows\system32\drivers\lzmqruib.sys" => File/Directory not found.
C:\ProgramData\orwla9.bxx => Moved successfully.
C:\ProgramData\orwla9.fvv => Moved successfully.
C:\ProgramData\9alwro.dss => No running process found
C:\Users\Mila.Mila_HP\AppData\Local\temp => Moved successfully.

==== End of Fixlog ====

Nyní zkuste nastartovat do normálního, příp. nouz. režimu.

Systém naběhl normálně, jak poznám, že je vše ok ?

Ještě se kouneme, zda něco nezůstalo skryto. Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

ComboFix 13-11-11.01 - Mila 11.11.2013 21:39:42.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2927.1571 [GMT 1:00]
Spuštěný z: c:\users\Mila.Mila_HP\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SaveShare
c:\program files\SaveShare\sprotector.dll
c:\program files\SaveShare\uninstall.exe
c:\programdata\9alwro.dss
c:\programdata\sAveNshare
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\8Fq.dll
c:\programdata\SearchNewTab\data\SearchNewTab.dat
c:\programdata\SearchNewTab\settings.ini
c:\programdata\SearchNewTab\xJV.dll
c:\programdata\SearchNewTab\xJV.tlb
C:\Thumbs.db
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-11 do 2013-11-11 )))))))))))))))))))))))))))))))
.
.
2013-11-11 19:04 . 2013-11-11 19:04 -------- d-----w- c:\users\Mila.Mila_HP\AppData\Roaming\Malwarebytes
2013-11-11 19:04 . 2013-11-11 19:04 -------- d-----w- c:\programdata\Malwarebytes
2013-11-11 19:04 . 2013-11-11 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-11 19:04 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-11 19:01 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F839E079-D1B2-4DBA-B5CC-F3BBE7E6CC0F}\mpengine.dll
2013-11-11 18:52 . 2013-11-11 18:52 -------- d-----w- C:\FRST
2013-11-11 17:34 . 2013-11-11 17:34 -------- d-----w- c:\users\Administrator\AppData\Local\LogMeIn
2013-11-07 10:23 . 2013-11-07 10:23 -------- d-----w- c:\users\Veverka\AppData\Local\Apple
2013-11-02 18:33 . 2013-11-02 18:33 -------- d-----w- c:\users\Kačenka\AppData\Local\LogMeIn
2013-11-02 18:26 . 2013-11-02 18:26 -------- d-----w- C:\HP_RECOVERY_mountHPSF
2013-11-02 18:24 . 2013-11-02 18:24 -------- d-----w- c:\users\Veverka\AppData\Local\LogMeIn
2013-11-01 08:23 . 2013-11-01 08:23 -------- d-----w- c:\program files\Common Files\Portrait Displays
2013-11-01 08:22 . 2013-11-01 08:22 -------- d-----w- c:\users\Mila.Mila_HP\AppData\Roaming\Hewlett-Packard Company
2013-10-26 18:43 . 2013-10-27 12:37 -------- d-----w- c:\users\Hynek.Mila_HP\AppData\Local\Roblox
2013-10-26 13:17 . 2013-10-26 15:06 -------- d-----w- c:\program files\Common Files\Steam
2013-10-26 13:17 . 2013-10-27 13:16 -------- d-----w- c:\program files\Steam
2013-10-26 10:50 . 2013-10-26 10:50 -------- d-----w- c:\users\Hynek.Mila_HP\AppData\Local\ElevatedDiagnostics
2013-10-26 10:14 . 2013-10-26 10:14 -------- d-----w- c:\users\Hynek.Mila_HP\AppData\Local\LogMeIn
2013-10-20 22:16 . 2013-10-20 22:16 -------- d--h--w- c:\windows\AxInstSV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 09:20 . 2011-10-08 06:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 23:28 . 2013-10-10 09:25 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 23:27 . 2013-10-10 09:25 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 23:27 . 2013-10-10 09:25 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 23:27 . 2013-10-10 09:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-21 03:30 . 2013-10-10 09:25 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 02:39 . 2013-10-10 09:25 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 00:48 . 2013-10-09 14:51 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07 . 2013-10-09 14:51 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-09 14:51 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-04 01:15 . 2013-10-09 14:51 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14 . 2013-10-09 14:51 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14 . 2013-10-09 14:51 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14 . 2013-10-09 14:51 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14 . 2013-10-09 14:51 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14 . 2013-10-09 14:51 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14 . 2013-10-09 14:51 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-03 12:35 . 2011-08-23 08:07 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:51 . 2013-10-09 14:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 14:51 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 14:51 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50 . 2013-10-09 14:51 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48 . 2013-10-09 14:51 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04 . 2013-10-09 14:51 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57 . 2013-10-09 14:51 434688 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-25 1668664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2013-03-22 248208]
"cz.seznam.software.szndesktop"="c:\users\Mila.Mila_HP\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"cz.seznam.software.autoupdate"="c:\users\Mila.Mila_HP\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-04-22 18859272]
"DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-18 518656]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2013-07-03 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-07-03 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-07-03 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-07-03 170520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-07-03 1791272]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-01 2345296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 21:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKLM\~\startupfolder\C:^Users^Mila.Mila_HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^regmonstd.lnk]
path=c:\users\Mila.Mila_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
backup=c:\windows\pss\regmonstd.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
2009-12-12 00:57 11265536 ----a-w- c:\program files\Hewlett-Packard\File Sanitizer\coreshredder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPPowerAssistant]
2009-12-16 21:48 1690680 ----a-w- c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 19:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-10-01 13:51 2345296 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-10-23 18:52 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2013-07-03 15:10 1791272 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2010-04-23 31616]
R3 BTMMODEM;Bluetooth Modem Device;c:\windows\system32\DRIVERS\btmcom.sys [2010-04-09 41344]
R3 CFcatchme;CFcatchme;c:\users\MILA~1.MIL\AppData\Local\Temp\CFcatchme.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-18 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-26 187736]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-10-26 94040]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2013-07-03 81920]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-04-22 512776]
S2 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-17 362040]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-10-01 1612112]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-01 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-08-26 375056]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 WebCakeUpdater;WebCakeUpdater;c:\program files\Movdap\WBDesktop.Updater.1.0.0.16.exe [2013-08-29 51992]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-04-15 3528968]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-04-15 824584]
S3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-04-09 41344]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-04-15 375296]
S3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2013-07-03 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-07-03 246272]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-11-04 909664]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2009-12-22 21:37 73344]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 104280]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 115544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 13:32 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 09:20]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-23 08:57]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-23 08:57]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1003Core.job
- c:\users\Mila.Mila_HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:02]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1003UA.job
- c:\users\Mila.Mila_HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:02]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1004Core.job
- c:\users\Hynek.Mila_HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:02]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1004UA.job
- c:\users\Hynek.Mila_HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:02]
.
2013-11-11 c:\windows\Tasks\HPCeeScheduleForMila.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{1C8A17AC-18ED-49F9-832E-C3B6A0327739}: NameServer = 81.92.155.4,81.92.158.236
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-TomTomHOME - c:\users\Mila.Mila_HP\Desktop\TomTom HOME 2\TomTomHOMERunner.exe
AddRemove-bi_uninstaller - c:\users\Hynek.Mila_HP\Local Settings\Application Data\Bundled software uninstaller\BetterInstaller.exe
AddRemove-SP_8e303e95 - c:\program files\SaveShare\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\DPFPApi.DLL
.
Celkový čas: 2013-11-11 21:52:41
ComboFix-quarantined-files.txt 2013-11-11 20:52
ComboFix2.txt 2013-07-02 21:00
ComboFix3.txt 2013-07-02 20:07
.
Před spuštěním: Volných bajtů: 202 370 957 312
Po spuštění: Volných bajtů: 202 645 626 880
.
- - End Of File - - 0A27FC7CF9456373D74D51F7C841F710
A36C5E4F47E84449FF07ED3517B43A31

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1003UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1004Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1004UA.job

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

hotovo..

ComboFix 13-11-11.01 - Mila 11.11.2013 22:54:42.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2927.1346 [GMT 1:00]
Spuštěný z: c:\users\Mila.Mila_HP\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Mila.Mila_HP\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1003Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1003UA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1004Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1004UA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-11 do 2013-11-11 )))))))))))))))))))))))))))))))
.
.
2013-11-11 22:05 . 2013-11-11 22:05 -------- d-----w- c:\program files\LogMeIn Hamachi
2013-11-11 22:03 . 2013-11-11 22:03 -------- d-----w- c:\users\Veverka\AppData\Local\temp
2013-11-11 22:03 . 2013-11-11 22:03 -------- d-----w- c:\users\user\AppData\Local\temp
2013-11-11 22:03 . 2013-11-11 22:03 -------- d-----w- c:\users\Štěpánek\AppData\Local\temp
2013-11-11 22:03 . 2013-11-11 22:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-11 22:03 . 2013-11-11 22:03 -------- d-----w- c:\users\Mila\AppData\Local\temp
2013-11-11 22:03 . 2013-11-11 22:03 -------- d-----w- c:\users\Kačenka\AppData\Local\temp
2013-11-11 22:03 . 2013-11-11 22:03 -------- d-----w- c:\users\Hynek\AppData\Local\temp
2013-11-11 22:03 . 2013-11-11 22:03 -------- d-----w- c:\users\Hynek.Mila_HP\AppData\Local\temp
2013-11-11 22:03 . 2013-11-11 22:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-11-11 22:03 . 2013-11-11 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-11 22:03 . 2013-11-11 22:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-11-11 20:39 . 2013-11-11 20:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F839E079-D1B2-4DBA-B5CC-F3BBE7E6CC0F}\offreg.dll
2013-11-11 20:25 . 2013-11-11 22:06 -------- d-----w- c:\users\Mila.Mila_HP\AppData\Local\Temp
2013-11-11 19:04 . 2013-11-11 19:04 -------- d-----w- c:\users\Mila.Mila_HP\AppData\Roaming\Malwarebytes
2013-11-11 19:04 . 2013-11-11 19:04 -------- d-----w- c:\programdata\Malwarebytes
2013-11-11 19:04 . 2013-11-11 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-11 19:04 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-11 19:01 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F839E079-D1B2-4DBA-B5CC-F3BBE7E6CC0F}\mpengine.dll
2013-11-11 18:52 . 2013-11-11 18:52 -------- d-----w- C:\FRST
2013-11-11 17:34 . 2013-11-11 17:34 -------- d-----w- c:\users\Administrator\AppData\Local\LogMeIn
2013-11-07 10:23 . 2013-11-07 10:23 -------- d-----w- c:\users\Veverka\AppData\Local\Apple
2013-11-02 18:33 . 2013-11-02 18:33 -------- d-----w- c:\users\Kačenka\AppData\Local\LogMeIn
2013-11-02 18:26 . 2013-11-02 18:26 -------- d-----w- C:\HP_RECOVERY_mountHPSF
2013-11-02 18:24 . 2013-11-02 18:24 -------- d-----w- c:\users\Veverka\AppData\Local\LogMeIn
2013-11-01 08:23 . 2013-11-01 08:23 -------- d-----w- c:\program files\Common Files\Portrait Displays
2013-11-01 08:22 . 2013-11-01 08:22 -------- d-----w- c:\users\Mila.Mila_HP\AppData\Roaming\Hewlett-Packard Company
2013-10-26 18:43 . 2013-10-27 12:37 -------- d-----w- c:\users\Hynek.Mila_HP\AppData\Local\Roblox
2013-10-26 13:17 . 2013-10-26 15:06 -------- d-----w- c:\program files\Common Files\Steam
2013-10-26 13:17 . 2013-10-27 13:16 -------- d-----w- c:\program files\Steam
2013-10-26 10:50 . 2013-10-26 10:50 -------- d-----w- c:\users\Hynek.Mila_HP\AppData\Local\ElevatedDiagnostics
2013-10-26 10:14 . 2013-10-26 10:14 -------- d-----w- c:\users\Hynek.Mila_HP\AppData\Local\LogMeIn
2013-10-20 22:16 . 2013-10-20 22:16 -------- d--h--w- c:\windows\AxInstSV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 09:20 . 2011-10-08 06:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 23:28 . 2013-10-10 09:25 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 23:27 . 2013-10-10 09:25 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 23:27 . 2013-10-10 09:25 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 23:27 . 2013-10-10 09:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-21 03:30 . 2013-10-10 09:25 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 02:39 . 2013-10-10 09:25 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 00:48 . 2013-10-09 14:51 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07 . 2013-10-09 14:51 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-09 14:51 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-04 01:15 . 2013-10-09 14:51 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14 . 2013-10-09 14:51 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14 . 2013-10-09 14:51 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14 . 2013-10-09 14:51 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14 . 2013-10-09 14:51 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14 . 2013-10-09 14:51 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14 . 2013-10-09 14:51 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-03 12:35 . 2011-08-23 08:07 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:51 . 2013-10-09 14:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 14:51 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 14:51 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50 . 2013-10-09 14:51 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48 . 2013-10-09 14:51 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04 . 2013-10-09 14:51 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57 . 2013-10-09 14:51 434688 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-25 1668664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2013-03-22 248208]
"cz.seznam.software.szndesktop"="c:\users\Mila.Mila_HP\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"cz.seznam.software.autoupdate"="c:\users\Mila.Mila_HP\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-04-22 18859272]
"DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-18 518656]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2013-07-03 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-07-03 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-07-03 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-07-03 170520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-07-03 1791272]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-31 2349392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 21:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKLM\~\startupfolder\C:^Users^Mila.Mila_HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^regmonstd.lnk]
path=c:\users\Mila.Mila_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
backup=c:\windows\pss\regmonstd.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
2009-12-12 00:57 11265536 ----a-w- c:\program files\Hewlett-Packard\File Sanitizer\coreshredder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPPowerAssistant]
2009-12-16 21:48 1690680 ----a-w- c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 19:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-10-31 12:53 2349392 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-10-23 18:52 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2013-07-03 15:10 1791272 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2010-04-23 31616]
R3 BTMMODEM;Bluetooth Modem Device;c:\windows\system32\DRIVERS\btmcom.sys [2010-04-09 41344]
R3 CFcatchme;CFcatchme;c:\users\MILA~1.MIL\AppData\Local\Temp\CFcatchme.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-18 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-26 187736]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-10-26 94040]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2013-07-03 81920]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-04-22 512776]
S2 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-17 362040]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-10-31 1616208]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-01 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 375056]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 WebCakeUpdater;WebCakeUpdater;c:\program files\Movdap\WBDesktop.Updater.1.0.0.16.exe [2013-08-29 51992]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-04-15 3528968]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-04-15 824584]
S3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-04-09 41344]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-04-15 375296]
S3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2013-07-03 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-07-03 246272]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-11-04 909664]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2009-12-22 21:37 73344]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 104280]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 115544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 13:32 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 09:20]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-23 08:57]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-23 08:57]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1003Core.job
- c:\users\Mila.Mila_HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:02]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1003UA.job
- c:\users\Mila.Mila_HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:02]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1004Core.job
- c:\users\Hynek.Mila_HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:02]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976819227-3545367544-2869399780-1004UA.job
- c:\users\Hynek.Mila_HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:02]
.
2013-11-11 c:\windows\Tasks\HPCeeScheduleForMila.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: Interfaces\{1C8A17AC-18ED-49F9-832E-C3B6A0327739}: NameServer = 81.92.155.4,81.92.158.236
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(568)
c:\windows\system32\DPFPApi.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\users\Mila.Mila_HP\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
c:\program files\Motorola\Bluetooth\btplayerctrl.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2013-11-11 23:12:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-11 22:12
ComboFix2.txt 2013-11-11 20:52
ComboFix3.txt 2013-07-02 21:00
ComboFix4.txt 2013-07-02 20:07
.
Před spuštěním: Volných bajtů: 202 745 868 288
Po spuštění: Volných bajtů: 202 455 011 328
.
- - End Of File - - 12B289A93CB77163DE2C75EFF90675B3
A36C5E4F47E84449FF07ED3517B43A31

VIRY.CZ

Vir Police ČR

Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR

Re: Vir Police ČR