přehřívání, CPU 90%

Zpráva

tamtam · #1 Příspěvek od **tamtam** » 04 dub 2014 19:26

Dobrý den, prosím o pomoc s odhalením šmejda. Počítač se přehřívá, vytáčí se procesor na 90 procent.. Zajímavé je, že po spuštění správce úloh to přestane.
prohnala jsem to recovery CD kaspersky, a následně CCleaner, bohužel to nepomohlo.

vkládám log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by xxXxx (administrator) on XXXXX-PC on 04-04-2014 20:20:26
Running from C:\Users\xxXxx\Desktop
Microsoft Windows 7 Professional (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Windows\system32\dfrg\svc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Windows\system32\dfrg\mst.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Windows\system32\dfrg\cpu\cpu.exe
(forum.viry.cz) C:\Users\xxXxx\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AmIcoSinglun] - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568 2010-09-07] (Alcor Micro Corp.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\MountPoints2: {132e1e5c-978a-11e1-aced-d8d3851ff0ba} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\MountPoints2: {132e1e65-978a-11e1-aced-d8d3851ff0ba} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\MountPoints2: {139018bb-9a19-11e1-a8b7-806e6f6e6963} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\MountPoints2: {922eb88b-92a5-11e1-b31a-70f3952619da} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\MountPoints2: {aa2ef416-31dd-11e3-b9a5-70f3952619da} - E:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKCU - {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = http://www.basicscan.com/?prt=BscscnPB& ... earchTerms}
SearchScopes: HKCU - {C2E29A17-DCE1-49E2-A795-98705252B3B0} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default
FF user.js: detected! => C:\Users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\user.js
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://www.basicscan.com/?tmp=nemo_results_rem ... &keywords=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-31]
FF Extension: Red Cats (blue flavor) - C:\Users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi [2012-05-01]
FF Extension: BasicScan - C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} [2014-04-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-04-02]
FF HKLM\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-02-23]
FF HKCU\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-02-23]
FF HKCU\...\Firefox\Extensions: [SpecialSavings@SpecialSavings.com] - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com
FF Extension: SpecialSavings - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013-02-23]

========================== Services (Whitelisted) =================

S2 .EsetTrialReset; C:\Windows\system32\regedt32.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.)
R2 updater; C:\Users\xxXxx\AppData\Roaming\Updater\updater.dll [1564672 2014-03-28] ()
R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1799472 2010-02-23] (Validity Sensors, Inc.)
R2 winnetdns; C:\Windows\system32\dfrg\svc.exe [53760 2014-03-26] ()

==================== Drivers (Whitelisted) ====================

S3 adusbmdm6501; C:\Windows\System32\DRIVERS\adusbmdm65.sys [65408 2005-05-02] (AnyDATA Corporation)
S3 adusbser; C:\Windows\System32\DRIVERS\adusbser.sys [97920 2006-12-20] (QUALCOMM Incorporated)
S3 adusbser6501; C:\Windows\System32\DRIVERS\adusbser65.sys [65408 2005-05-02] (AnyDATA Corporation)
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [31232 2010-09-07] (Alcor Micro, Corp.)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-10-10] (Disc Soft Ltd)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [100736 2009-07-23] (Huawei Technologies Co., Ltd.)
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [8758272 2010-06-21] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [715248 2013-10-10] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-04 20:20 - 2014-04-04 20:20 - 00010587 _____ () C:\Users\xxXxx\Desktop\FRST.txt
2014-04-04 20:20 - 2014-04-04 20:20 - 00000000 ____D () C:\FRST
2014-04-04 20:18 - 2014-04-04 20:18 - 00112640 _____ (forum.viry.cz) C:\Users\xxXxx\Desktop\FRSTLauncher.exe
2014-04-04 20:17 - 2014-04-04 20:17 - 01145856 _____ (Farbar) C:\Users\xxXxx\Desktop\FRST.exe
2014-04-04 16:37 - 2014-04-04 18:05 - 00000336 _____ () C:\Windows\setupact.log
2014-04-04 16:37 - 2014-04-04 16:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 16:36 - 2014-04-04 16:36 - 00001054 _____ () C:\Windows\PFRO.log
2014-04-04 12:10 - 2014-04-04 12:10 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-04 12:10 - 2014-04-04 12:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-04 12:04 - 2014-04-04 19:52 - 00000000 ____D () C:\Program Files\trend micro
2014-04-04 12:04 - 2014-04-04 12:04 - 00000000 ____D () C:\rsit
2014-04-03 21:23 - 2014-04-03 20:35 - 349113578 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E19.HDTV.x264-LOL.avi
2014-04-03 19:32 - 2014-04-03 19:32 - 00060326 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E18.HDTV.x264-LOL.srt
2014-04-03 19:32 - 2014-04-03 19:32 - 00058960 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E19.HDTV.x264-LOL.srt
2014-04-03 19:31 - 2014-04-03 20:01 - 255983716 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E18.HDTV.x264-LOL.mp4
2014-04-02 09:39 - 2014-04-02 09:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-31 05:14 - 2014-03-31 05:14 - 00010496 _____ () C:\Users\xxXxx\Documents\Sešit1.xlsx
2014-03-31 02:27 - 2014-03-31 02:27 - 00000000 ____D () C:\Users\xxXxx\AppData\Roaming\Updater
2014-03-31 02:26 - 2014-03-31 02:27 - 00000000 ____D () C:\Windows\system32\dfrg
2014-03-26 00:56 - 2014-04-04 18:26 - 00000000 ____D () C:\Users\xxXxx\Desktop\teze
2014-03-25 14:10 - 2014-03-25 08:41 - 00026463 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.the.end.of.the.aisle.web-dl.x264.aac-p2p.cz.srt
2014-03-25 14:10 - 2014-03-25 08:36 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.hdtv.xvid-afg.cz.srt
2014-03-25 14:10 - 2014-03-25 08:36 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.hdtv.x264-killers.cz.srt
2014-03-25 14:10 - 2014-03-25 08:36 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e20.720p.hdtv.x264-remarkable.cz.srt
2014-03-25 13:23 - 2014-03-25 13:45 - 156189239 _____ () C:\Users\xxXxx\Downloads\How.I.Met.Your.Mother.S09E22.The.End.of.the.Aisle.WEB-DL.x264.AAC-P2P.mp4
2014-03-25 13:22 - 2014-03-25 13:22 - 00047323 _____ () C:\Users\xxXxx\Downloads\titulky_himym_9x22_jingspiral.zip
2014-03-24 16:16 - 2014-03-24 16:16 - 00072497 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E17.HDTV.x264-LOL.srt
2014-03-24 16:13 - 2014-03-24 16:50 - 217180956 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E17.HDTV.x264-LOL.mp4
2014-03-24 16:10 - 2014-03-24 16:10 - 00014684 _____ () C:\Users\xxXxx\Downloads\673E76E08E68AE81B104639A785ACF89BDF32E19.torrent
2014-03-19 19:19 - 2014-03-20 13:30 - 00000000 ____D () C:\Users\xxXxx\Desktop\včely

==================== One Month Modified Files and Folders =======

2014-04-04 20:20 - 2014-04-04 20:20 - 00010587 _____ () C:\Users\xxXxx\Desktop\FRST.txt
2014-04-04 20:20 - 2014-04-04 20:20 - 00000000 ____D () C:\FRST
2014-04-04 20:18 - 2014-04-04 20:18 - 00112640 _____ (forum.viry.cz) C:\Users\xxXxx\Desktop\FRSTLauncher.exe
2014-04-04 20:17 - 2014-04-04 20:17 - 01145856 _____ (Farbar) C:\Users\xxXxx\Desktop\FRST.exe
2014-04-04 19:52 - 2014-04-04 12:04 - 00000000 ____D () C:\Program Files\trend micro
2014-04-04 18:26 - 2014-03-26 00:56 - 00000000 ____D () C:\Users\xxXxx\Desktop\teze
2014-04-04 18:14 - 2012-05-01 21:35 - 00000000 ____D () C:\Users\xxXxx\Downloads\užitečné programy
2014-04-04 18:12 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 18:12 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 18:10 - 2012-04-30 11:24 - 01623272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 18:08 - 2012-04-30 11:18 - 01686113 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 18:05 - 2014-04-04 16:37 - 00000336 _____ () C:\Windows\setupact.log
2014-04-04 18:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 16:44 - 2012-04-30 11:49 - 00000000 ____D () C:\Program Files\The KMPlayer
2014-04-04 16:37 - 2014-04-04 16:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 16:37 - 2012-10-16 18:12 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 16:36 - 2014-04-04 16:36 - 00001054 _____ () C:\Windows\PFRO.log
2014-04-04 12:13 - 2013-02-22 21:18 - 00000000 ____D () C:\Users\xxXxx\AppData\Roaming\uTorrent
2014-04-04 12:13 - 2012-05-01 11:47 - 00000000 ____D () C:\Users\xxXxx\AppData\Roaming\DAEMON Tools Lite
2014-04-04 12:12 - 2012-04-30 12:13 - 00000000 ____D () C:\Windows\Panther
2014-04-04 12:10 - 2014-04-04 12:10 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-04 12:10 - 2014-04-04 12:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-04 12:04 - 2014-04-04 12:04 - 00000000 ____D () C:\rsit
2014-04-04 08:26 - 2014-01-11 12:01 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-04-03 20:35 - 2014-04-03 21:23 - 349113578 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E19.HDTV.x264-LOL.avi
2014-04-03 20:01 - 2014-04-03 19:31 - 255983716 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E18.HDTV.x264-LOL.mp4
2014-04-03 19:32 - 2014-04-03 19:32 - 00060326 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E18.HDTV.x264-LOL.srt
2014-04-03 19:32 - 2014-04-03 19:32 - 00058960 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E19.HDTV.x264-LOL.srt
2014-04-02 09:40 - 2014-04-02 09:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-31 21:26 - 2013-01-04 22:22 - 00000000 ____D () C:\Users\xxXxx\AppData\Roaming\vlc
2014-03-31 05:14 - 2014-03-31 05:14 - 00010496 _____ () C:\Users\xxXxx\Documents\Sešit1.xlsx
2014-03-31 02:27 - 2014-03-31 02:27 - 00000000 ____D () C:\Users\xxXxx\AppData\Roaming\Updater
2014-03-31 02:27 - 2014-03-31 02:26 - 00000000 ____D () C:\Windows\system32\dfrg
2014-03-26 10:25 - 2012-06-17 12:28 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-26 10:25 - 2012-06-17 12:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-26 01:04 - 2012-05-01 21:55 - 00000000 ____D () C:\Users\xxXxx\la escuela
2014-03-25 13:45 - 2014-03-25 13:23 - 156189239 _____ () C:\Users\xxXxx\Downloads\How.I.Met.Your.Mother.S09E22.The.End.of.the.Aisle.WEB-DL.x264.AAC-P2P.mp4
2014-03-25 13:22 - 2014-03-25 13:22 - 00047323 _____ () C:\Users\xxXxx\Downloads\titulky_himym_9x22_jingspiral.zip
2014-03-25 08:41 - 2014-03-25 14:10 - 00026463 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.the.end.of.the.aisle.web-dl.x264.aac-p2p.cz.srt
2014-03-25 08:36 - 2014-03-25 14:10 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.hdtv.xvid-afg.cz.srt
2014-03-25 08:36 - 2014-03-25 14:10 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.hdtv.x264-killers.cz.srt
2014-03-25 08:36 - 2014-03-25 14:10 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e20.720p.hdtv.x264-remarkable.cz.srt
2014-03-24 22:07 - 2012-04-30 11:49 - 00000993 _____ () C:\Users\xxXxx\Desktop\KMPlayer.lnk
2014-03-24 17:11 - 2013-09-11 09:25 - 00000000 ____D () C:\Users\xxXxx\Downloads\bones
2014-03-24 16:50 - 2014-03-24 16:13 - 217180956 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E17.HDTV.x264-LOL.mp4
2014-03-24 16:16 - 2014-03-24 16:16 - 00072497 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E17.HDTV.x264-LOL.srt
2014-03-24 16:10 - 2014-03-24 16:10 - 00014684 _____ () C:\Users\xxXxx\Downloads\673E76E08E68AE81B104639A785ACF89BDF32E19.torrent
2014-03-22 10:33 - 2014-03-01 23:42 - 00000000 ____D () C:\Users\xxXxx\Downloads\vozik
2014-03-20 13:30 - 2014-03-19 19:19 - 00000000 ____D () C:\Users\xxXxx\Desktop\včely
2014-03-19 20:27 - 2012-04-30 11:19 - 00000000 ____D () C:\Users\xxXxx
2014-03-19 20:26 - 2012-05-01 21:37 - 00000000 ____D () C:\Users\xxXxx\Downloads\filmy
2014-03-19 20:24 - 2012-10-24 20:18 - 00000000 ____D () C:\Users\xxXxx\Downloads\How.I.Met.Your.Mother
2014-03-19 20:24 - 2012-05-01 21:58 - 00000000 ____D () C:\Users\xxXxx\Downloads\instalace
2014-03-19 00:02 - 2013-08-14 19:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 00:01 - 2012-04-30 12:13 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 12:17 - 2013-06-27 22:26 - 00000000 ____D () C:\Users\xxXxx\Downloads\Ncis
2014-03-14 14:04 - 2012-05-01 12:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 18:52 - 2012-04-30 11:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 18:52 - 2012-04-30 11:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 10:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

Some content of TEMP:
====================
C:\Users\xxXxx\AppData\Local\Temp\bi_cleaner.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-30 17:13

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.66 GB) (Free:307.66 GB) NTFS
Drive e: (ZT2-MM) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

Available physical RAM: 1344.6 MB
Total physical RAM: 2485.86 MB
Percentage of memory in use: 45%

==================== MBR and Partition Table ==================

SAS Power and Sample Size 3.1 (HKLM\...\6ac75c7530cfebfc1fddd4df53dc3f56) (Version: - )
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4F4E2E05)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\xxXxx\Desktop" je 2188 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

a Hijackthis:

Logfile of random's system information tool 1.08 (written by random/random)
Run by xxXxx at 2014-04-04 19:52:05
Microsoft Windows 7 Professional
System drive C: has 315 GB (66%) free of 477 GB
Total RAM: 2486 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:52:22, on 4.4.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\dfrg\mst.exe
C:\Windows\system32\conhost.exe
C:\Users\6060\Downloads\užitečné programy\RSIT.exe
C:\Program Files\trend micro\6060.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: Windows Network Discovery Service (winnetdns) - Unknown owner - C:\Windows\system32\dfrg\svc.exe

--
End of file - 6060 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-27 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-27 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-06-21 136216]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-06-21 170008]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-06-21 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2299176]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2011-01-25 536668]
"HP Quick Launch"=C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-11-09 586296]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2010-09-07 237568]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-06-02 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open -

======List of files/folders created in the last 1 months======

2014-04-04 12:10:25 ----D---- C:\Program Files\CCleaner
2014-04-04 12:04:01 ----D---- C:\rsit
2014-04-04 12:04:01 ----D---- C:\Program Files\trend micro
2014-04-02 09:39:49 ----D---- C:\Program Files\Mozilla Firefox
2014-03-31 02:27:12 ----D---- C:\Users\xxXxx\AppData\Roaming\Updater
2014-03-31 02:26:58 ----D---- C:\Windows\system32\dfrg

======List of files/folders modified in the last 1 months======

2014-04-04 19:49:36 ----D---- C:\Windows\Prefetch
2014-04-04 18:10:49 ----D---- C:\Windows\System32
2014-04-04 18:10:49 ----D---- C:\Windows\inf
2014-04-04 18:10:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-04 18:10:41 ----D---- C:\Windows\Temp
2014-04-04 18:07:44 ----A---- C:\Windows\system32\log.txt
2014-04-04 18:03:02 ----D---- C:\Windows\system32\config
2014-04-04 16:44:17 ----D---- C:\Program Files\The KMPlayer
2014-04-04 16:37:04 ----D---- C:\Windows
2014-04-04 12:13:56 ----D---- C:\Users\xxXxx\AppData\Roaming\DAEMON Tools Lite
2014-04-04 12:13:55 ----D---- C:\Users\xxXxx\AppData\Roaming\uTorrent
2014-04-04 12:12:45 ----D---- C:\Windows\Panther
2014-04-04 12:12:45 ----D---- C:\Windows\ModemLogs
2014-04-04 12:12:44 ----D---- C:\Windows\Logs
2014-04-04 12:12:44 ----D---- C:\Windows\debug
2014-04-04 12:10:31 ----D---- C:\Windows\system32\Tasks
2014-04-04 12:10:25 ----RD---- C:\Program Files
2014-04-04 09:39:47 ----D---- C:\Windows\winsxs
2014-04-04 09:29:46 ----SHD---- C:\Windows\Installer
2014-04-04 09:29:30 ----SHD---- C:\System Volume Information
2014-04-04 09:24:13 ----D---- C:\Temp
2014-04-04 08:26:54 ----AD---- C:\Kaspersky Rescue Disk 10.0
2014-04-01 14:37:43 ----SD---- C:\Users\xxXxx\AppData\Roaming\Microsoft
2014-03-31 21:26:19 ----D---- C:\Users\xxXxx\AppData\Roaming\vlc
2014-03-27 09:18:41 ----D---- C:\Windows\system32\catroot2
2014-03-26 10:26:29 ----D---- C:\Windows\system32\catroot
2014-03-26 10:25:38 ----D---- C:\Windows\system32\drivers
2014-03-26 10:25:37 ----D---- C:\Program Files\Microsoft Security Client
2014-03-19 00:02:43 ----D---- C:\Windows\system32\MRT
2014-03-19 00:01:06 ----A---- C:\Windows\system32\MRT.exe
2014-03-14 14:04:17 ----D---- C:\ProgramData\Microsoft Help
2014-03-12 18:52:14 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-27 435736]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-10 243128]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-06-21 5586432]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-06-21 210432]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2012-06-20 2957312]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 108560]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd32.sys [2010-06-21 8758272]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 STHDA;@%SystemRoot%\system32\stlang.dll,-10322; C:\Windows\system32\DRIVERS\stwrt.sys [2011-01-25 435200]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 299312]
R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 34944]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-10-10 715248]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\Windows\system32\DRIVERS\adusbmdm65.sys [2005-05-02 65408]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\Windows\system32\DRIVERS\adusbser65.sys [2005-05-02 65408]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2010-09-07 31232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393216]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-07-23 102912]
S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-06-02 8758272]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-11-01 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2011-07-25 64512]
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2011-07-20 35328]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2011-02-17 11520]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 WSDScan;Podpora skenování WSD přes UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-06-21 176128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-05-03 325656]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R2 STacSV;@%SystemRoot%\system32\stlang.dll,-10122; C:\Program Files\IDT\WDM\STacSV.exe [2011-01-25 274514]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
R2 updater;Update Service; C:\Users\xxXxx\AppData\Roaming\Updater\updater.dll [2014-03-28 1564672]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2010-02-23 1799472]
R2 winnetdns;Windows Network Discovery Service; C:\Windows\system32\dfrg\svc.exe [2014-03-26 53760]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-02-04 797240]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
S2 .EsetTrialReset;Eset Trial Reset; C:\Windows\system32\regedt32.exe [2009-07-14 9216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-30 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 04 dub 2014 20:04

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

tamtam · #3 Příspěvek od **tamtam** » 05 dub 2014 09:09

děkuji.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by xxXxx on so 05.04.2014 at 10:12:03,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"

~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\xxXxx\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\xxXxx\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\xxXxx\AppData\Roaming\specialsavings"
Successfully deleted: [Folder] "C:\Program Files\basicscan"
Successfully deleted: [Folder] "C:\Program Files\file scout"

~~~ FireFox

Successfully deleted: [File] C:\Users\xxXxx\AppData\Roaming\mozilla\firefox\profiles\200i5xwk.default\user.js
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\statuswinks@statuswinks
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\statuswinks@statuswinks
Emptied folder: C:\Users\xxXxx\AppData\Roaming\mozilla\firefox\profiles\200i5xwk.default\minidumps [736 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 05.04.2014 at 10:14:41,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

tamtam · #4 Příspěvek od **tamtam** » 05 dub 2014 09:13

# AdwCleaner v3.023 - Report created 05/04/2014 at 10:17:26
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional (32 bits)
# Username : xxXxx - XXXXX-PC
# Running from : C:\Users\xxXxx\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\xxXxx\AppData\Local\RavenBleuSA
Folder Deleted : C:\Users\xxXxx\AppData\Roaming\StatusWinks
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [SpecialSavings@SpecialSavings.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0ED70A6-9526-4D6D-AB69-B3D2FF7676DA}
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\prefs.js ]

Line Deleted : user_pref("extensions.basicscan.init", true);
Line Deleted : user_pref("keyword.URL", "hxxp://www.basicscan.com/?tmp=nemo_results_rem ... &keywords=");

*************************

AdwCleaner[R0].txt - [1806 octets] - [05/04/2014 10:16:11]
AdwCleaner[S0].txt - [1761 octets] - [05/04/2014 10:17:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1821 octets] ##########

edit: na chvíli to vypadalo dobře, ale už to zase nabíhá do vysokých hodnot.. :/

#5 Příspěvek od **vyosek** » 05 dub 2014 10:02

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

tamtam · #6 Příspěvek od **tamtam** » 05 dub 2014 10:10

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/05/2014 11:15:02 AM in x86 mode.
Windows Version: Windows 7 Professional

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\dfrg\svc.exe (PID: 436) [WD-HEUR]
* C:\Windows\system32\dfrg\mst.exe (PID: 5964) [WD-HEUR]
* C:\Windows\system32\dfrg\cpu\cpu.exe (PID: 3344) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 04/05/2014 11:15:37 AM
Execution time: 0 hours(s), 0 minute(s), and 35 seconds(s)

#7 Příspěvek od **vyosek** » 05 dub 2014 10:23

Pokracujte ComboFixem

tamtam · #8 Příspěvek od **tamtam** » 05 dub 2014 10:26

ComboFix 14-04-05.01 - xxXxx 05.04.2014 11:23:21.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2486.1407 [GMT 2:00]
Spuštěný z: c:\users\xxXxx\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\507dfbba53ded630bed518a046deec21_c
c:\users\xxXxx\AppData\Local\Temp\sfamcc00003.dll
c:\users\xxXxx\AppData\Local\Temp\sfamcc00005.dll
c:\users\xxXxx\AppData\Local\Temp\sfareca00003.dll
c:\users\xxXxx\AppData\Local\Temp\sfareca00005.dll
c:\users\xxXxx\Favorites\bookmarks-2013-12-17.json
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_updater
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-05 do 2014-04-05 )))))))))))))))))))))))))))))))
.
.
2014-04-05 09:27 . 2014-04-05 09:28 -------- d-----w- c:\users\xxXxx\AppData\Local\temp
2014-04-05 08:16 . 2014-04-05 08:17 -------- d-----w- C:\AdwCleaner
2014-04-05 08:12 . 2014-04-05 08:12 -------- d-----w- c:\windows\ERUNT
2014-04-05 07:47 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75B33F18-BAD3-4932-BE55-B713A4FA08B0}\mpengine.dll
2014-04-04 19:43 . 2014-04-05 08:46 -------- d-----w- c:\program files\SpeedFan
2014-04-04 18:44 . 2014-04-04 18:44 22688 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2014-04-04 18:43 . 2014-04-04 18:44 -------- d-----w- c:\program files\HWiNFO32
2014-04-04 18:20 . 2014-04-04 18:35 -------- d-----w- C:\FRST
2014-04-04 10:10 . 2014-04-04 10:10 -------- d-----w- c:\program files\CCleaner
2014-04-04 10:04 . 2014-04-04 17:52 -------- d-----w- c:\program files\trend micro
2014-04-04 10:04 . 2014-04-04 10:04 -------- d-----w- C:\rsit
2014-04-04 07:21 . 2014-02-21 07:22 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{066D22C6-BDF4-46FB-922B-2A5529D44189}\gapaengine.dll
2014-04-04 07:21 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-31 00:27 . 2014-03-31 00:27 -------- d-----w- c:\users\xxXxx\AppData\Roaming\Updater
2014-03-31 00:26 . 2014-03-31 00:27 -------- d-----w- c:\windows\system32\dfrg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 16:52 . 2012-04-30 09:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 16:52 . 2012-04-30 09:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 08:52 . 2012-03-20 18:44 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-21 07:22 . 2012-07-08 07:14 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-25 00:19 . 2014-01-25 00:19 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32 . 2012-04-30 09:37 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-21 136216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-21 170008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-24 536668]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-09-07 237568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-10-10 715248]
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2009-07-14 9216]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\DRIVERS\adusbmdm65.sys [2005-05-02 65408]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\DRIVERS\adusbser65.sys [2005-05-02 65408]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-09-07 31232]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-17 11520]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-10 243128]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2014-04-04 22688]
S1 MpKsl3a5e88d6;MpKsl3a5e88d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75B33F18-BAD3-4932-BE55-B713A4FA08B0}\MpKsl3a5e88d6.sys [2014-04-05 39464]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-21 176128]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 1799472]
S2 winnetdns;Windows Network Discovery Service;c:\windows\system32\dfrg\svc.exe [2014-03-26 53760]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-06-21 8758272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 16:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2013-02-23 13:10; statuswinks@StatusWinks; c:\users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-04-05 11:31:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-05 09:31
.
Před spuštěním: Volných bajtů: 330 225 836 032
Po spuštění: Volných bajtů: 329 622 192 128
.
- - End Of File - - 9FE6E7D46818603B69855D72A0965BAA
A36C5E4F47E84449FF07ED3517B43A31

#9 Příspěvek od **vyosek** » 05 dub 2014 10:31

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
C:\Windows\system32\dfrg

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

Driver::
.EsetTrialReset
winnetdns

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

File::
C:\Windows\tasks\Adobe Flash Player Updater.job

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

tamtam · #10 Příspěvek od **tamtam** » 05 dub 2014 10:49

ComboFix 14-04-05.01 - xxXxx 05.04.2014 11:44:01.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2486.1458 [GMT 2:00]
Spuštěný z: c:\users\xxXxx\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\xxXxx\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dfrg
c:\windows\system32\dfrg\cpu\cpu.exe
c:\windows\system32\dfrg\cpu\libcurl-4.dll
c:\windows\system32\dfrg\cpu\pthreadGC2.dll
c:\windows\system32\dfrg\mst.exe
c:\windows\system32\dfrg\stub.exe
c:\windows\system32\dfrg\svc.exe
c:\windows\tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.EsetTrialReset
-------\Service_winnetdns
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-05 do 2014-04-05 )))))))))))))))))))))))))))))))
.
.
2014-04-05 09:48 . 2014-04-05 09:49 -------- d-----w- c:\users\xxXxx\AppData\Local\temp
2014-04-05 09:48 . 2014-04-05 09:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-05 08:16 . 2014-04-05 08:17 -------- d-----w- C:\AdwCleaner
2014-04-05 08:12 . 2014-04-05 08:12 -------- d-----w- c:\windows\ERUNT
2014-04-04 19:43 . 2014-04-05 09:34 -------- d-----w- c:\program files\SpeedFan
2014-04-04 18:44 . 2014-04-04 18:44 22688 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2014-04-04 18:43 . 2014-04-04 18:44 -------- d-----w- c:\program files\HWiNFO32
2014-04-04 18:20 . 2014-04-04 18:35 -------- d-----w- C:\FRST
2014-04-04 10:10 . 2014-04-04 10:10 -------- d-----w- c:\program files\CCleaner
2014-04-04 10:04 . 2014-04-04 17:52 -------- d-----w- c:\program files\trend micro
2014-04-04 10:04 . 2014-04-04 10:04 -------- d-----w- C:\rsit
2014-04-04 07:21 . 2014-02-21 07:22 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{066D22C6-BDF4-46FB-922B-2A5529D44189}\gapaengine.dll
2014-04-04 07:21 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-31 00:27 . 2014-03-31 00:27 -------- d-----w- c:\users\xxXxx\AppData\Roaming\Updater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 16:52 . 2012-04-30 09:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 16:52 . 2012-04-30 09:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 08:52 . 2012-03-20 18:44 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-21 07:22 . 2012-07-08 07:14 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-25 00:19 . 2014-01-25 00:19 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32 . 2012-04-30 09:37 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-21 136216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-21 170008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-24 536668]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-09-07 237568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-10-10 715248]
R1 MpKsl3a5e88d6;MpKsl3a5e88d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75B33F18-BAD3-4932-BE55-B713A4FA08B0}\MpKsl3a5e88d6.sys [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\DRIVERS\adusbmdm65.sys [2005-05-02 65408]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\DRIVERS\adusbser65.sys [2005-05-02 65408]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-09-07 31232]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-17 11520]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-10 243128]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2014-04-04 22688]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-21 176128]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 1799472]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-06-21 8758272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2013-02-23 13:10; statuswinks@StatusWinks; c:\users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-04-05 11:52:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-05 09:52
ComboFix2.txt 2014-04-05 09:31
.
Před spuštěním: Volných bajtů: 329 704 591 360
Po spuštění: Volných bajtů: 329 651 494 912
.
- - End Of File - - D55A9206993B44622F4E251C39589573
A36C5E4F47E84449FF07ED3517B43A31

zatim to vypadá líp, cpu už nelítá do závratných výšin. někdy to ale trvalo delší dobu, než se to projevilo..

#11 Příspěvek od **vyosek** » 05 dub 2014 10:57

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

tamtam · #12 Příspěvek od **tamtam** » 05 dub 2014 10:59

super děkuji mockrát

#13 Příspěvek od **vyosek** » 05 dub 2014 11:02

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

přehřívání, CPU 90%

přehřívání, CPU 90%

Re: přehřívání, CPU 90%

Re: přehřívání, CPU 90%

Re: přehřívání, CPU 90%

Re: přehřívání, CPU 90%

Re: přehřívání, CPU 90%

Re: přehřívání, CPU 90%

Re: přehřívání, CPU 90%

Re: přehřívání, CPU 90%

Re: přehřívání, CPU 90%

Re: přehřívání, CPU 90%

Re: přehřívání, CPU 90%

Re: přehřívání, CPU 90%