VIRY.CZ

Zde je ten log (psal jsem do špatné místnosti)
Logfile of random's system information tool 1.10 (written by random/random)
Run by David at 2014-06-29 13:25:56
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 12 GB (17%) free of 70 GB
Total RAM: 2038 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:26:04, on 29.6.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16555)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\David\Downloads\RSIT.exe
C:\Program Files\trend micro\David.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
O4 - HKLM\..\Run: [mncvbyomjSrv] C:\Windows\inf\mncvbyomj.vbe
O4 - HKLM\..\Run: [mncahdxnSrv] C:\Windows\system32\mncahdxn.vbe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 4965 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qtqpxxi2.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.125 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-31 4702208]
"Skytel"=C:\Windows\Skytel.exe [2007-10-11 1826816]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]
"Printsrv"=c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs [2013-05-01 543]
"mncvbyomjSrv"=C:\Windows\inf\mncvbyomj.vbe [2014-01-19 1342]
"mncahdxnSrv"=C:\Windows\system32\mncahdxn.vbe [2014-03-05 7670]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-17 7737344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
c:\program files\synaptics\syntp\syntpenh.exe [2007-12-06 1029416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\windows defender\msascui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopWeatherAlerts.lnk]
C:\Users\David\AppData\Local\WEATHE~1\DESKTO~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-06-29 13:25:56 ----D---- C:\rsit
2014-06-29 13:25:56 ----D---- C:\Program Files\trend micro
2014-06-25 22:41:24 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-06-25 22:39:46 ----D---- C:\Program Files\Common Files\Adobe
2014-06-25 22:39:46 ----D---- C:\Program Files\Adobe
2014-06-25 22:39:22 ----SHD---- C:\Config.Msi
2014-06-22 17:44:42 ----D---- C:\Fraps
2014-06-22 17:43:21 ----D---- C:\Program Files\Company
2014-06-22 17:41:43 ----D---- C:\Program Files\FRAPS plna verze 3.4.7
2014-06-11 15:39:18 ----D---- C:\Program Files\Mozilla Firefox
2014-06-11 15:12:07 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-06-11 15:12:06 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2014-06-11 15:12:05 ----A---- C:\Windows\system32\usp10.dll
2014-06-11 15:12:04 ----A---- C:\Windows\system32\mshta.exe
2014-06-11 15:12:03 ----A---- C:\Windows\system32\urlmon.dll
2014-06-11 15:12:03 ----A---- C:\Windows\system32\msfeedssync.exe
2014-06-11 15:12:02 ----A---- C:\Windows\system32\vbscript.dll
2014-06-11 15:12:02 ----A---- C:\Windows\system32\url.dll
2014-06-11 15:12:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-06-11 15:12:02 ----A---- C:\Windows\system32\jsproxy.dll
2014-06-11 15:12:02 ----A---- C:\Windows\system32\ieUnatt.exe
2014-06-11 15:12:02 ----A---- C:\Windows\system32\iertutil.dll
2014-06-11 15:12:00 ----A---- C:\Windows\system32\wininet.dll
2014-06-11 15:12:00 ----A---- C:\Windows\system32\jscript9.dll
2014-06-11 15:11:59 ----A---- C:\Windows\system32\msfeeds.dll
2014-06-11 15:11:59 ----A---- C:\Windows\system32\jscript.dll
2014-06-11 15:11:59 ----A---- C:\Windows\system32\dxtmsft.dll
2014-06-11 15:11:55 ----A---- C:\Windows\system32\ieui.dll
2014-06-11 15:11:55 ----A---- C:\Windows\system32\dxtrans.dll
2014-06-11 15:11:54 ----A---- C:\Windows\system32\mshtmled.dll
2014-06-11 15:11:54 ----A---- C:\Windows\system32\ieframe.dll
2014-06-11 15:11:50 ----A---- C:\Windows\system32\mshtml.dll
2014-06-11 15:11:05 ----A---- C:\Windows\system32\msxml6.dll
2014-06-11 15:11:04 ----A---- C:\Windows\system32\msxml3.dll
2014-06-06 23:30:55 ----D---- C:\ProgramData\YTD Video Downloader
2014-06-06 23:30:01 ----D---- C:\Users\David\AppData\Roaming\Search Protection
2014-06-06 23:29:33 ----D---- C:\Program Files\GreenTree Applications

======List of files/folders modified in the last 1 month======

2014-06-29 13:26:04 ----D---- C:\Windows\Prefetch
2014-06-29 13:25:56 ----RD---- C:\Program Files
2014-06-29 13:05:47 ----D---- C:\Windows\Temp
2014-06-29 13:04:45 ----A---- C:\Windows\system32\acovcnt.exe
2014-06-28 12:03:46 ----SHD---- C:\System Volume Information
2014-06-26 11:53:46 ----D---- C:\Windows
2014-06-25 23:01:48 ----D---- C:\Users\David\AppData\Roaming\uTorrent
2014-06-25 23:01:16 ----D---- C:\Windows\inf
2014-06-25 22:41:25 ----D---- C:\Windows\system32\Tasks
2014-06-25 22:41:24 ----D---- C:\Windows\Tasks
2014-06-25 22:41:24 ----D---- C:\Windows\System32
2014-06-25 22:40:13 ----SHD---- C:\Windows\Installer
2014-06-25 22:39:50 ----D---- C:\ProgramData\Adobe
2014-06-25 22:39:46 ----D---- C:\Program Files\Common Files
2014-06-25 22:39:37 ----D---- C:\Windows\winsxs
2014-06-23 22:25:55 ----D---- C:\Windows\system32\drivers
2014-06-22 22:35:43 ----A---- C:\Users\David\AppData\Roaming\die.bat
2014-06-22 18:25:31 ----D---- C:\Windows\system32\catroot2
2014-06-22 18:23:33 ----D---- C:\Windows\Microsoft.NET
2014-06-22 17:43:31 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2014-06-22 17:41:46 ----D---- C:\Windows\system32\bitstreams
2014-06-20 06:53:53 ----D---- C:\Windows\Debug
2014-06-13 19:45:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-12 19:17:33 ----D---- C:\ProgramData\Microsoft Help
2014-06-11 18:30:17 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-06-11 16:28:57 ----D---- C:\Windows\system32\migration
2014-06-11 16:28:57 ----D---- C:\Program Files\Internet Explorer
2014-06-11 15:15:33 ----D---- C:\Windows\system32\MRT
2014-06-11 15:13:09 ----A---- C:\Windows\system32\mrt.exe
2014-06-11 15:11:42 ----D---- C:\Windows\system32\catroot
2014-06-09 15:01:40 ----SD---- C:\Users\David\AppData\Roaming\Microsoft
2014-06-06 23:30:55 ----HD---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-05-20 242240]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-12-06 761856]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-11-01 2011224]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 23256]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-07-13 50688]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2014-05-18 66560]
S1 MpKsl776e2624;MpKsl776e2624; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AAE8998-C090-429A-99CA-78AC48F26031}\MpKsl776e2624.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 51928]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-05-18 155136]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-02 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-18 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-18 116648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-11 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Tak jsem si vas nasel i tady

Mate zavirovano

Udelejte kontrolu s MBAM podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

DObrý den omlouvám se že jsem nenapsal dřív ale musel jsem nalehavě odjet prič.
zde je log s MBAM
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 29.6.2014
Čas skenování: 13:53:45
Protokol: log.txt
Správce: Ano

Verze: 2.00.2.1012
Databáze malwaru: v2014.06.29.02
Databáze rootkitů: v2014.06.23.02
Licence: Premium
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Self-protection: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: David

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 405952
Uplynulý čas: 1 hod, 33 min, 17 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 0
(No malicious items detected)

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 0
(No malicious items detected)

Soubory: 2
PUP.BitCoinMiner, C:\Windows\inf\MSASGui.exe, , [77bf3c425d1e290dfc8acaefd8290bf5],
BitcoinMiner, C:\Windows\inf\msktij\msktij.exe, , [3bfbb5c9e893ac8aa5c8a062b84927d9],

Fyzické sektory: 0
(No malicious items detected)

(end)

kontez. píše:DObrý den omlouvám se že jsem nenapsal dřív ale musel jsem nalehavě odjet prič.

V poradku, ja taky nesedim u pc nonstop

Nalezy nechte odstranit, pak MBAM odinstalujte.

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

zde je log
# AdwCleaner v3.213 - Report created 29/06/2014 at 19:24:43
# Updated 23/06/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Desktop\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Users\David\AppData\Roaming\Search Protection

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16555

-\\ Mozilla Firefox v30.0 (cs)

[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qtqpxxi2.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R2].txt - [1329 octets] - [29/06/2014 19:24:08]
AdwCleaner[S2].txt - [1260 octets] - [29/06/2014 19:24:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1320 octets] ##########

chtel bych se zeptat bude možné opět zpět nainstalovat MBAM ?

kontez. píše:chtel bych se zeptat bude možné opět zpět nainstalovat MBAM ?

Pokud ho tam chcete mit, klidne si ho tam nechte. ale nesmi byt zapnuta ochrana v realnem case. Jinak se bude prat s MSE. I tak bude bezet zbytecne (jeho sluzby). Ale zalezi na vas.

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Jak mam vypnout MSE? kdyz na nej kliknu pravým vyjede jen otevřít

Zkuste najet do nastaveni a tam Ochrana v realnem case, nebo tak nejak. Kdyz to nepujde, bud ho nechte zapnuty, nebo krok s ComboFixem provedte v nouzovem rezimu.

ComboFix 14-06-27.01 - David 29.06.2014 19:45:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.1238 [GMT 2:00]
Spuštěný z: c:\users\David\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET1E3F.tmp
c:\windows\system32\SETAB77.tmp
c:\windows\system32\SETABE8.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-28 do 2014-06-29 )))))))))))))))))))))))))))))))
.
.
2014-06-29 17:23 . 2014-06-29 17:24 -------- d-----w- C:\AdwCleaner
2014-06-29 11:25 . 2014-06-29 11:26 -------- d-----w- C:\rsit
2014-06-29 11:25 . 2014-06-29 11:26 -------- d-----w- c:\program files\trend micro
2014-06-29 10:55 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{763F750D-1F00-4329-AEEB-8C00F2E795AA}\mpengine.dll
2014-06-27 20:28 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-25 20:41 . 2014-06-25 20:41 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-25 20:41 . 2014-06-25 20:41 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-25 20:39 . 2014-06-25 20:39 -------- d-----w- c:\program files\Common Files\Adobe
2014-06-25 08:39 . 2014-04-23 09:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78663C0D-B66D-4F36-90CF-664152A48A16}\gapaengine.dll
2014-06-22 15:44 . 2014-06-22 15:47 -------- d-----w- C:\Fraps
2014-06-22 15:43 . 2014-06-22 15:43 -------- d-----w- c:\program files\Company
2014-06-22 15:41 . 2014-03-05 21:19 7670 --s-a-w- c:\windows\system32\mncahdxn.vbe
2014-06-22 15:41 . 2014-06-22 15:44 -------- d-----w- c:\program files\FRAPS plna verze 3.4.7
2014-06-15 14:21 . 2014-06-15 14:22 -------- d-----w- c:\users\David\AppData\Local\Microsoft Games
2014-06-11 13:11 . 2014-05-28 16:32 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-06-06 21:30 . 2014-06-06 21:30 -------- d-----w- c:\programdata\YTD Video Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-29 18:03 . 2014-05-17 15:13 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-06-22 20:35 . 2014-05-27 17:29 95 ----a-w- c:\users\David\AppData\Roaming\die.bat
2014-05-20 15:39 . 2014-05-20 15:39 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-05-20 15:06 . 2014-05-20 15:06 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-05-17 22:32 . 2014-05-17 22:32 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-05-17 22:32 . 2014-05-17 22:32 9728 ----a-w- c:\windows\system32\lsass.exe
2014-05-17 22:32 . 2014-05-17 22:32 72704 ----a-w- c:\windows\system32\secur32.dll
2014-05-17 22:32 . 2014-05-17 22:32 278528 ----a-w- c:\windows\system32\schannel.dll
2014-05-17 22:32 . 2014-05-17 22:32 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-17 22:30 . 2014-05-17 22:30 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-05-17 22:30 . 2014-05-17 22:30 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-05-17 22:30 . 2014-05-17 22:30 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2014-05-17 22:30 . 2014-05-17 22:30 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-05-17 22:30 . 2014-05-17 22:30 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-05-17 22:30 . 2014-05-17 22:30 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-05-17 22:30 . 2014-05-17 22:30 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-05-17 22:30 . 2014-05-17 22:30 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-05-17 22:30 . 2014-05-17 22:30 16896 ----a-w- c:\windows\system32\winusb.dll
2014-05-17 22:30 . 2014-05-17 22:30 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-05-17 22:30 . 2014-05-17 22:30 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-05-17 22:28 . 2014-05-17 22:28 5120 ----a-w- c:\windows\system32\wmi.dll
2014-05-17 22:28 . 2014-05-17 22:28 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-05-17 17:38 . 2014-05-17 17:38 161792 ----a-w- c:\windows\system32\msls31.dll
2014-05-17 17:38 . 2014-05-17 17:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2014-05-17 17:38 . 2014-05-17 17:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-05-17 17:38 . 2014-05-17 17:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-05-17 17:38 . 2014-05-17 17:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2014-05-17 17:38 . 2014-05-17 17:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-05-17 17:38 . 2014-05-17 17:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2014-05-17 17:38 . 2014-05-17 17:38 367104 ----a-w- c:\windows\system32\html.iec
2014-05-17 17:38 . 2014-05-17 17:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2014-05-17 17:38 . 2014-05-17 17:38 152064 ----a-w- c:\windows\system32\wextract.exe
2014-05-17 17:38 . 2014-05-17 17:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2014-05-17 17:38 . 2014-05-17 17:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2014-05-17 17:38 . 2014-05-17 17:38 101888 ----a-w- c:\windows\system32\admparse.dll
2014-05-17 17:38 . 2014-05-17 17:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-05-17 17:37 . 2014-05-17 17:37 98816 ----a-w- c:\windows\system32\mfps.dll
2014-05-17 17:37 . 2014-05-17 17:37 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2014-05-17 17:37 . 2014-05-17 17:37 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2014-05-17 17:37 . 2014-05-17 17:37 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2014-05-17 17:37 . 2014-05-17 17:37 2873344 ----a-w- c:\windows\system32\mf.dll
2014-05-17 17:37 . 2014-05-17 17:37 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2014-05-17 17:37 . 2014-05-17 17:37 586240 ----a-w- c:\windows\system32\stobject.dll
2014-05-17 17:37 . 2014-05-17 17:37 209920 ----a-w- c:\windows\system32\mfplat.dll
2014-05-17 17:37 . 2014-05-17 17:37 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2014-05-17 17:37 . 2014-05-17 17:37 847360 ----a-w- c:\windows\system32\OpcServices.dll
2014-05-17 17:37 . 2014-05-17 17:37 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2014-05-17 17:37 . 2014-05-17 17:37 478720 ----a-w- c:\windows\system32\dxgi.dll
2014-05-17 17:37 . 2014-05-17 17:37 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2014-05-17 17:37 . 2014-05-17 17:37 258048 ----a-w- c:\windows\system32\winspool.drv
2014-05-17 17:37 . 2014-05-17 17:37 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2014-05-17 17:35 . 2014-05-17 17:35 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2014-05-17 17:35 . 2014-05-17 17:35 519680 ----a-w- c:\windows\system32\d3d11.dll
2014-05-17 17:35 . 2014-05-17 17:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2014-05-17 17:35 . 2014-05-17 17:35 252928 ----a-w- c:\windows\system32\dxdiag.exe
2014-05-17 17:35 . 2014-05-17 17:35 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2014-05-17 17:35 . 2014-05-17 17:35 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-05-17 17:35 . 2014-05-17 17:35 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-17 17:35 . 2014-05-17 17:35 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-05-17 11:58 . 2014-05-17 11:58 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-05-17 11:58 . 2014-05-17 11:58 315392 ----a-w- c:\windows\HideWin.exe
2014-04-23 09:50 . 2014-05-19 12:26 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-17 03:32 . 2014-05-17 14:30 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD5526C3-DDAB-4B78-8C01-B7AC2283D600}\mpengine.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
"mncvbyomjSrv"="c:\windows\inf\mncvbyomj.vbe" [2014-01-19 1342]
"mncahdxnSrv"="c:\windows\system32\mncahdxn.vbe" [2014-03-05 7670]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopWeatherAlerts.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
backup=c:\windows\pss\DesktopWeatherAlerts.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2007-10-17 17:04 7737344 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 12:20 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-18 11:39]
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-18 11:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qtqpxxi2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\GreenTree Applications\YTD Video Downloader\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-29 20:05
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="2FCDA224AF6BBB20032349E72A5BADDE8385A45466225612EA3C75D02F5DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A6A0AC4980AC7933A2D97226D213B555BA7FD869164D6794140CC6934958D01819A4D02A66737E2A4E74665A8D356741E23808FA38C57B6F0235ED487AF9E794BE1F5CEC74A2B79478C4855A3EAD79CEDDA07A6FF70AFAF7F8213273576B9534D15896DBD651868A1765AAE9646959A462C3390A2DB665DD81D61F197390D3A75A5513DFF16DBDB554F61074D584D47F5A81C75E42B39E9367131F9068BEBE36A54F4634B0DAD2CF9E5057BC6C1059AFF56A0F509E5E309DBAC28587D23F9AB9C5320BEB01EF622829790358890FFC1AA7475A1DB588C495D08B08FA5251CB9F109EA1E95377AA22E7307A318CF87535A7905BD2F875B029BF45BEC08BA6DBEB1C69A9679DB10F3616E688855FBB218EF076A5536060E6196579A80028667AB3C81BABF1D94F956FB341DC66E9B57EC641DAB1D6687480B962E9A433D428F7A1B66F1168857A69EA7F1B8BB99B3BB1121D54DB6710D3BA759809FA2D417BCAF3CAD7A882A14BD95E03010CB968950338CA2CE4E35B92F6C9317DD38E23620DFB2D7825C635D25A8F06B438F2C4FD5D1656E2F17FD0BA38C71AA4BCD032D2FBA24CA91C924813005A96AAD0492E28519A8DAA0A40FD492993808CA6BF2CB6F9DED9F788176A0307AE880D7970A03513CA85689901702E96685B79E6FACF6B0D4149A4C8D72C0FCE8E713A3873A0BEF9BF133872F0BE4F7012E063B77564C35EEB55239EAF23945812AA43F930B2CF0225D3E847137D06CC728D74B5773106BC94F99D31C969E6CC64D36C8CD764E8CB3BA5FA32BDC99EE27E228C621E026B9A8479EE8A279BCDF445CC31256F427E1AD5AB27AE1BC25A913F2340A35629220C1C5828199DDC0441863E3E5AD2DEF755DD4D579C2C8DEED7D3D656C2E6F94DCC4CDF8D2FD45138C3111074262ED1B00A4F35A8C041CF04DCEACA4A6CE54E81399B1C988449240E345F7269EA8336FAE6BA53EF44023637E74BCF4C343F014954A4DFF4B14C821CEC80D6E7E928299841C4DAB1B2E8EF9AE54EF8BE8CB2F423C294BF0335049DECEC9872ECCAC7CEC21025422AFC46B13268611EBA51D48D0150AF94D8F266AB00575D412A995E4C256EA7C3C677BA327624045C0ABD0DB3C769C97CBCB0C265C8721CFE84C43FCDDF1EAC60A9D93E2DD4F1CD922DF4175453A04FD7AC9739892EA9B23095A00E808682A95B2A419BE1AF4EE6E657FB81DEEFAABDCB59B73D588B8B15192B65451821A2263A532F71155A5A0C40F03BB14960E226C0260319192E4B4A45C62C34CB2D2BBD496285B20E1F5B10CA9481DE8B5A47B1E42C4FE894DAC0ED811E"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\conime.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\Rundll32.exe
.
**************************************************************************
.
Celkový čas: 2014-06-29 20:09:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-29 18:09
.
Před spuštěním: Volných bajtů: 11 912 847 360
Po spuštění: Volných bajtů: 11 838 930 944
.
- - End Of File - - D5D3645BEAAC97BE8C5FADD29AA55B3A
5C616939100B85E558DA92B899A0FC36

Presunte ComboFix na plochu!

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\inf\mncvbyomj.vbe
c:\windows\system32\mncahdxn.vbe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mncvbyomjSrv"=-
"mncahdxnSrv"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

Regnull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 14-06-30.01 - David 30.06.2014 14:22:50.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.988 [GMT 2:00]
Spuštěný z: c:\users\David\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-28 do 2014-06-30 )))))))))))))))))))))))))))))))
.
.
2014-06-30 12:45 . 2014-06-30 12:45 -------- d-----w- c:\users\David\AppData\Local\temp
2014-06-30 12:45 . 2014-06-30 12:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-06-30 12:45 . 2014-06-30 12:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-30 12:45 . 2014-06-30 12:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-06-29 18:16 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68AED580-FACE-412F-8D52-DDD66EE622E6}\mpengine.dll
2014-06-29 17:23 . 2014-06-29 17:24 -------- d-----w- C:\AdwCleaner
2014-06-29 11:25 . 2014-06-29 11:26 -------- d-----w- C:\rsit
2014-06-29 11:25 . 2014-06-29 11:26 -------- d-----w- c:\program files\trend micro
2014-06-27 20:28 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-25 20:41 . 2014-06-25 20:41 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-25 20:41 . 2014-06-25 20:41 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-25 20:39 . 2014-06-25 20:39 -------- d-----w- c:\program files\Common Files\Adobe
2014-06-25 08:39 . 2014-04-23 09:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78663C0D-B66D-4F36-90CF-664152A48A16}\gapaengine.dll
2014-06-22 15:44 . 2014-06-22 15:47 -------- d-----w- C:\Fraps
2014-06-22 15:43 . 2014-06-22 15:43 -------- d-----w- c:\program files\Company
2014-06-22 15:41 . 2014-03-05 21:19 7670 --s-a-w- c:\windows\system32\mncahdxn.vbe
2014-06-22 15:41 . 2014-06-22 15:44 -------- d-----w- c:\program files\FRAPS plna verze 3.4.7
2014-06-15 14:21 . 2014-06-15 14:22 -------- d-----w- c:\users\David\AppData\Local\Microsoft Games
2014-06-11 13:11 . 2014-05-28 16:32 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-06-06 21:30 . 2014-06-06 21:30 -------- d-----w- c:\programdata\YTD Video Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-30 12:12 . 2014-05-17 15:13 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-06-22 20:35 . 2014-05-27 17:29 95 ----a-w- c:\users\David\AppData\Roaming\die.bat
2014-05-20 15:39 . 2014-05-20 15:39 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-05-20 15:06 . 2014-05-20 15:06 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-05-17 22:32 . 2014-05-17 22:32 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-05-17 22:32 . 2014-05-17 22:32 9728 ----a-w- c:\windows\system32\lsass.exe
2014-05-17 22:32 . 2014-05-17 22:32 72704 ----a-w- c:\windows\system32\secur32.dll
2014-05-17 22:32 . 2014-05-17 22:32 278528 ----a-w- c:\windows\system32\schannel.dll
2014-05-17 22:32 . 2014-05-17 22:32 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-17 22:30 . 2014-05-17 22:30 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-05-17 22:30 . 2014-05-17 22:30 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-05-17 22:30 . 2014-05-17 22:30 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2014-05-17 22:30 . 2014-05-17 22:30 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-05-17 22:30 . 2014-05-17 22:30 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-05-17 22:30 . 2014-05-17 22:30 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-05-17 22:30 . 2014-05-17 22:30 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-05-17 22:30 . 2014-05-17 22:30 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-05-17 22:30 . 2014-05-17 22:30 16896 ----a-w- c:\windows\system32\winusb.dll
2014-05-17 22:30 . 2014-05-17 22:30 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-05-17 22:30 . 2014-05-17 22:30 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-05-17 22:28 . 2014-05-17 22:28 5120 ----a-w- c:\windows\system32\wmi.dll
2014-05-17 22:28 . 2014-05-17 22:28 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-05-17 17:38 . 2014-05-17 17:38 161792 ----a-w- c:\windows\system32\msls31.dll
2014-05-17 17:38 . 2014-05-17 17:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2014-05-17 17:38 . 2014-05-17 17:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-05-17 17:38 . 2014-05-17 17:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-05-17 17:38 . 2014-05-17 17:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2014-05-17 17:38 . 2014-05-17 17:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-05-17 17:38 . 2014-05-17 17:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2014-05-17 17:38 . 2014-05-17 17:38 367104 ----a-w- c:\windows\system32\html.iec
2014-05-17 17:38 . 2014-05-17 17:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2014-05-17 17:38 . 2014-05-17 17:38 152064 ----a-w- c:\windows\system32\wextract.exe
2014-05-17 17:38 . 2014-05-17 17:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2014-05-17 17:38 . 2014-05-17 17:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2014-05-17 17:38 . 2014-05-17 17:38 101888 ----a-w- c:\windows\system32\admparse.dll
2014-05-17 17:38 . 2014-05-17 17:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-05-17 17:37 . 2014-05-17 17:37 98816 ----a-w- c:\windows\system32\mfps.dll
2014-05-17 17:37 . 2014-05-17 17:37 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2014-05-17 17:37 . 2014-05-17 17:37 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2014-05-17 17:37 . 2014-05-17 17:37 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2014-05-17 17:37 . 2014-05-17 17:37 2873344 ----a-w- c:\windows\system32\mf.dll
2014-05-17 17:37 . 2014-05-17 17:37 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2014-05-17 17:37 . 2014-05-17 17:37 586240 ----a-w- c:\windows\system32\stobject.dll
2014-05-17 17:37 . 2014-05-17 17:37 209920 ----a-w- c:\windows\system32\mfplat.dll
2014-05-17 17:37 . 2014-05-17 17:37 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2014-05-17 17:37 . 2014-05-17 17:37 847360 ----a-w- c:\windows\system32\OpcServices.dll
2014-05-17 17:37 . 2014-05-17 17:37 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2014-05-17 17:37 . 2014-05-17 17:37 478720 ----a-w- c:\windows\system32\dxgi.dll
2014-05-17 17:37 . 2014-05-17 17:37 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2014-05-17 17:37 . 2014-05-17 17:37 258048 ----a-w- c:\windows\system32\winspool.drv
2014-05-17 17:37 . 2014-05-17 17:37 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2014-05-17 17:35 . 2014-05-17 17:35 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2014-05-17 17:35 . 2014-05-17 17:35 519680 ----a-w- c:\windows\system32\d3d11.dll
2014-05-17 17:35 . 2014-05-17 17:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2014-05-17 17:35 . 2014-05-17 17:35 252928 ----a-w- c:\windows\system32\dxdiag.exe
2014-05-17 17:35 . 2014-05-17 17:35 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2014-05-17 17:35 . 2014-05-17 17:35 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-05-17 17:35 . 2014-05-17 17:35 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-17 17:35 . 2014-05-17 17:35 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-05-17 11:58 . 2014-05-17 11:58 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-05-17 11:58 . 2014-05-17 11:58 315392 ----a-w- c:\windows\HideWin.exe
2014-04-23 09:50 . 2014-05-19 12:26 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-17 03:32 . 2014-05-17 14:30 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD5526C3-DDAB-4B78-8C01-B7AC2283D600}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
"mncvbyomjSrv"="c:\windows\inf\mncvbyomj.vbe" [2014-01-19 1342]
"mncahdxnSrv"="c:\windows\system32\mncahdxn.vbe" [2014-03-05 7670]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopWeatherAlerts.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
backup=c:\windows\pss\DesktopWeatherAlerts.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2007-10-17 17:04 7737344 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 12:20 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-18 11:39]
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-18 11:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qtqpxxi2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-30 14:45
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="2FCDA224AF6BBB20032349E72A5BADDE8385A45466225612EA3C75D02F5DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A6A0AC4980AC7933A2D97226D213B555BA7FD869164D6794140CC6934958D01819A4D02A66737E2A4E74665A8D356741E23808FA38C57B6F0235ED487AF9E794BE1F5CEC74A2B79478C4855A3EAD79CEDDA07A6FF70AFAF7F8213273576B9534D15896DBD651868A1765AAE9646959A462C3390A2DB665DD81D61F197390D3A75A5513DFF16DBDB554F61074D584D47F5A81C75E42B39E9367131F9068BEBE36A54F4634B0DAD2CF9E5057BC6C1059AFF56A0F509E5E309DBAC28587D23F9AB9C5320BEB01EF622829790358890FFC1AA7475A1DB588C495D08B08FA5251CB9F109EA1E95377AA22E7307A318CF87535A7905BD2F875B029BF45BEC08BA6DBEB1C69A9679DB10F3616E688855FBB218EF076A5536060E6196579A80028667AB3C81BABF1D94F956FB341DC66E9B57EC641DAB1D6687480B962E9A433D428F7A1B66F1168857A69EA7F1B8BB99B3BB1121D54DB6710D3BA759809FA2D417BCAF3CAD7A882A14BD95E03010CB968950338CA2CE4E35B92F6C9317DD38E23620DFB2D7825C635D25A8F06B438F2C4FD5D1656E2F17FD0BA38C71AA4BCD032D2FBA24CA91C924813005A96AAD0492E28519A8DAA0A40FD492993808CA6BF2CB6F9DED9F788176A0307AE880D7970A03513CA85689901702E96685B79E6FACF6B0D4149A4C8D72C0FCE8E713A3873A0BEF9BF133872F0BE4F7012E063B77564C35EEB55239EAF23945812AA43F930B2CF0225D3E847137D06CC728D74B5773106BC94F99D31C969E6CC64D36C8CD764E8CB3BA5FA32BDC99EE27E228C621E026B9A8479EE8A279BCDF445CC31256F427E1AD5AB27AE1BC25A913F2340A35629220C1C5828199DDC0441863E3E5AD2DEF755DD4D579C2C8DEED7D3D656C2E6F94DCC4CDF8D2FD45138C3111074262ED1B00A4F35A8C041CF04DCEACA4A6CE54E81399B1C988449240E345F7269EA8336FAE6BA53EF44023637E74BCF4C343F014954A4DFF4B14C821CEC80D6E7E928299841C4DAB1B2E8EF9AE54EF8BE8CB2F423C294BF0335049DECEC9872ECCAC7CEC21025422AFC46B13268611EBA51D48D0150AF94D8F266AB00575D412A995E4C256EA7C3C677BA327624045C0ABD0DB3C769C97CBCB0C265C8721CFE84C43FCDDF1EAC60A9D93E2DD4F1CD922DF4175453A04FD7AC9739892EA9B23095A00E808682A95B2A419BE1AF4EE6E657FB81DEEFAABDCB59B73D588B8B15192B65451821A2263A532F71155A5A0C40F03BB14960E226C0260319192E4B4A45C62C34CB2D2BBD496285B20E1F5B10CA9481DE8B5A47B1E42C4FE894DAC0ED811E"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2014-06-30 14:47:39
ComboFix-quarantined-files.txt 2014-06-30 12:47
ComboFix2.txt 2014-06-29 18:09
.
Před spuštěním: Volných bajtů: 11 753 512 960
Po spuštění: Volných bajtů: 11 620 790 272
.
- - End Of File - - 4826AC256F75FC9580F23EB9187A6927
5C616939100B85E558DA92B899A0FC36

Dobrý den ted jsem zapnul pc a mam zase vytížený procesor ted mi tam naskocilo MsMpEng.exe je to ve složce microsoft security client

Nepostupoval jste podle navodu. Nepisu to pro srandu kralikum. CF mel byt na plose a spusteny pomoci skriptu. Vsechno tam zustalo, nic se nesmazalo. Takze repete a poradne cist.

zde je log dle vašeho postupu
ComboFix 14-06-30.01 - David 30.06.2014 20:34:35.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.1030 [GMT 2:00]
Spuštěný z: c:\users\David\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-28 do 2014-06-30 )))))))))))))))))))))))))))))))
.
.
2014-06-30 18:52 . 2014-06-30 18:52 -------- d-----w- c:\users\David\AppData\Local\temp
2014-06-30 18:52 . 2014-06-30 18:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-06-30 18:52 . 2014-06-30 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-30 18:52 . 2014-06-30 18:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-06-30 15:48 . 2014-05-16 13:24 104736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-06-30 15:48 . 2014-06-30 15:52 -------- dc----w- c:\windows\system32\DRVSTORE
2014-06-30 13:05 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DBEB0AF-7A8C-4F51-8F5F-962C10DE82B5}\mpengine.dll
2014-06-30 12:53 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-29 11:25 . 2014-06-29 11:26 -------- d-----w- c:\program files\trend micro
2014-06-25 20:41 . 2014-06-25 20:41 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-25 20:41 . 2014-06-25 20:41 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-25 20:39 . 2014-06-25 20:39 -------- d-----w- c:\program files\Common Files\Adobe
2014-06-25 08:39 . 2014-04-23 09:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78663C0D-B66D-4F36-90CF-664152A48A16}\gapaengine.dll
2014-06-22 15:44 . 2014-06-22 15:47 -------- d-----w- C:\Fraps
2014-06-22 15:43 . 2014-06-22 15:43 -------- d-----w- c:\program files\Company
2014-06-22 15:41 . 2014-03-05 21:19 7670 --s-a-w- c:\windows\system32\mncahdxn.vbe
2014-06-22 15:41 . 2014-06-22 15:44 -------- d-----w- c:\program files\FRAPS plna verze 3.4.7
2014-06-15 14:21 . 2014-06-15 14:22 -------- d-----w- c:\users\David\AppData\Local\Microsoft Games
2014-06-11 13:11 . 2014-05-28 16:32 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-06-06 21:30 . 2014-06-06 21:30 -------- d-----w- c:\programdata\YTD Video Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-30 14:36 . 2014-05-17 15:13 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-06-22 20:35 . 2014-05-27 17:29 95 ----a-w- c:\users\David\AppData\Roaming\die.bat
2014-05-20 15:39 . 2014-05-20 15:39 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-05-20 15:06 . 2014-05-20 15:06 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-05-17 22:32 . 2014-05-17 22:32 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-05-17 22:32 . 2014-05-17 22:32 9728 ----a-w- c:\windows\system32\lsass.exe
2014-05-17 22:32 . 2014-05-17 22:32 72704 ----a-w- c:\windows\system32\secur32.dll
2014-05-17 22:32 . 2014-05-17 22:32 278528 ----a-w- c:\windows\system32\schannel.dll
2014-05-17 22:32 . 2014-05-17 22:32 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-17 22:30 . 2014-05-17 22:30 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-05-17 22:30 . 2014-05-17 22:30 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-05-17 22:30 . 2014-05-17 22:30 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2014-05-17 22:30 . 2014-05-17 22:30 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-05-17 22:30 . 2014-05-17 22:30 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-05-17 22:30 . 2014-05-17 22:30 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-05-17 22:30 . 2014-05-17 22:30 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-05-17 22:30 . 2014-05-17 22:30 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-05-17 22:30 . 2014-05-17 22:30 16896 ----a-w- c:\windows\system32\winusb.dll
2014-05-17 22:30 . 2014-05-17 22:30 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-05-17 22:30 . 2014-05-17 22:30 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-05-17 22:28 . 2014-05-17 22:28 5120 ----a-w- c:\windows\system32\wmi.dll
2014-05-17 22:28 . 2014-05-17 22:28 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-05-17 17:38 . 2014-05-17 17:38 161792 ----a-w- c:\windows\system32\msls31.dll
2014-05-17 17:38 . 2014-05-17 17:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2014-05-17 17:38 . 2014-05-17 17:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-05-17 17:38 . 2014-05-17 17:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-05-17 17:38 . 2014-05-17 17:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2014-05-17 17:38 . 2014-05-17 17:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-05-17 17:38 . 2014-05-17 17:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2014-05-17 17:38 . 2014-05-17 17:38 367104 ----a-w- c:\windows\system32\html.iec
2014-05-17 17:38 . 2014-05-17 17:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2014-05-17 17:38 . 2014-05-17 17:38 152064 ----a-w- c:\windows\system32\wextract.exe
2014-05-17 17:38 . 2014-05-17 17:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2014-05-17 17:38 . 2014-05-17 17:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2014-05-17 17:38 . 2014-05-17 17:38 101888 ----a-w- c:\windows\system32\admparse.dll
2014-05-17 17:38 . 2014-05-17 17:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-05-17 17:37 . 2014-05-17 17:37 98816 ----a-w- c:\windows\system32\mfps.dll
2014-05-17 17:37 . 2014-05-17 17:37 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2014-05-17 17:37 . 2014-05-17 17:37 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2014-05-17 17:37 . 2014-05-17 17:37 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2014-05-17 17:37 . 2014-05-17 17:37 2873344 ----a-w- c:\windows\system32\mf.dll
2014-05-17 17:37 . 2014-05-17 17:37 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2014-05-17 17:37 . 2014-05-17 17:37 586240 ----a-w- c:\windows\system32\stobject.dll
2014-05-17 17:37 . 2014-05-17 17:37 209920 ----a-w- c:\windows\system32\mfplat.dll
2014-05-17 17:37 . 2014-05-17 17:37 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2014-05-17 17:37 . 2014-05-17 17:37 847360 ----a-w- c:\windows\system32\OpcServices.dll
2014-05-17 17:37 . 2014-05-17 17:37 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2014-05-17 17:37 . 2014-05-17 17:37 478720 ----a-w- c:\windows\system32\dxgi.dll
2014-05-17 17:37 . 2014-05-17 17:37 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2014-05-17 17:37 . 2014-05-17 17:37 258048 ----a-w- c:\windows\system32\winspool.drv
2014-05-17 17:37 . 2014-05-17 17:37 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2014-05-17 17:35 . 2014-05-17 17:35 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2014-05-17 17:35 . 2014-05-17 17:35 519680 ----a-w- c:\windows\system32\d3d11.dll
2014-05-17 17:35 . 2014-05-17 17:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2014-05-17 17:35 . 2014-05-17 17:35 252928 ----a-w- c:\windows\system32\dxdiag.exe
2014-05-17 17:35 . 2014-05-17 17:35 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2014-05-17 17:35 . 2014-05-17 17:35 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-05-17 17:35 . 2014-05-17 17:35 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-17 17:35 . 2014-05-17 17:35 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-05-17 11:58 . 2014-05-17 11:58 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-05-17 11:58 . 2014-05-17 11:58 315392 ----a-w- c:\windows\HideWin.exe
2014-04-23 09:50 . 2014-05-19 12:26 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-17 03:32 . 2014-05-17 14:30 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD5526C3-DDAB-4B78-8C01-B7AC2283D600}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
"mncvbyomjSrv"="c:\windows\inf\mncvbyomj.vbe" [2014-01-19 1342]
"mncahdxnSrv"="c:\windows\system32\mncahdxn.vbe" [2014-03-05 7670]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopWeatherAlerts.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
backup=c:\windows\pss\DesktopWeatherAlerts.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2007-10-17 17:04 7737344 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 12:20 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-18 11:39]
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-18 11:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qtqpxxi2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-30 20:52
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="2FCDA224AF6BBB20032349E72A5BADDE8385A45466225612EA3C75D02F5DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A6A0AC4980AC7933A2D97226D213B555BA7FD869164D6794140CC6934958D01819A4D02A66737E2A4E74665A8D356741E23808FA38C57B6F0235ED487AF9E794BE1F5CEC74A2B79478C4855A3EAD79CEDDA07A6FF70AFAF7F8213273576B9534D15896DBD651868A1765AAE9646959A462C3390A2DB665DD81D61F197390D3A75A5513DFF16DBDB554F61074D584D47F5A81C75E42B39E9367131F9068BEBE36A54F4634B0DAD2CF9E5057BC6C1059AFF56A0F509E5E309DBAC28587D23F9AB9C5320BEB01EF622829790358890FFC1AA7475A1DB588C495D08B08FA5251CB9F109EA1E95377AA22E7307A318CF87535A7905BD2F875B029BF45BEC08BA6DBEB1C69A9679DB10F3616E688855FBB218EF076A5536060E6196579A80028667AB3C81BABF1D94F956FB341DC66E9B57EC641DAB1D6687480B962E9A433D428F7A1B66F1168857A69EA7F1B8BB99B3BB1121D54DB6710D3BA759809FA2D417BCAF3CAD7A882A14BD95E03010CB968950338CA2CE4E35B92F6C9317DD38E23620DFB2D7825C635D25A8F06B438F2C4FD5D1656E2F17FD0BA38C71AA4BCD032D2FBA24CA91C924813005A96AAD0492E28519A8DAA0A40FD492993808CA6BF2CB6F9DED9F788176A0307AE880D7970A03513CA85689901702E96685B79E6FACF6B0D4149A4C8D72C0FCE8E713A3873A0BEF9BF133872F0BE4F7012E063B77564C35EEB55239EAF23945812AA43F930B2CF0225D3E847137D06CC728D74B5773106BC94F99D31C969E6CC64D36C8CD764E8CB3BA5FA32BDC99EE27E228C621E026B9A8479EE8A279BCDF445CC31256F427E1AD5AB27AE1BC25A913F2340A35629220C1C5828199DDC0441863E3E5AD2DEF755DD4D579C2C8DEED7D3D656C2E6F94DCC4CDF8D2FD45138C3111074262ED1B00A4F35A8C041CF04DCEACA4A6CE54E81399B1C988449240E345F7269EA8336FAE6BA53EF44023637E74BCF4C343F014954A4DFF4B14C821CEC80D6E7E928299841C4DAB1B2E8EF9AE54EF8BE8CB2F423C294BF0335049DECEC9872ECCAC7CEC21025422AFC46B13268611EBA51D48D0150AF94D8F266AB00575D412A995E4C256EA7C3C677BA327624045C0ABD0DB3C769C97CBCB0C265C8721CFE84C43FCDDF1EAC60A9D93E2DD4F1CD922DF4175453A04FD7AC9739892EA9B23095A00E808682A95B2A419BE1AF4EE6E657FB81DEEFAABDCB59B73D588B8B15192B65451821A2263A532F71155A5A0C40F03BB14960E226C0260319192E4B4A45C62C34CB2D2BBD496285B20E1F5B10CA9481DE8B5A47B1E42C4FE894DAC0ED811E"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2014-06-30 20:55:16
ComboFix-quarantined-files.txt 2014-06-30 18:55
ComboFix2.txt 2014-06-30 12:47
ComboFix3.txt 2014-06-29 18:09
.
Před spuštěním: Volných bajtů: 19 447 394 304
Po spuštění: Volných bajtů: 19 319 492 608
.
- - End Of File - - F3C893A03AE386EA91BC52E7F397FF2C
5C616939100B85E558DA92B899A0FC36

PS to co jsem psal jak mi vytezovalo pc tak jsem se docetl ze to byla sluzba windows defenderu

Dobrý den opět jsem to udělal špatně zkopírovanou věc jsem pouze vložil vedle ale nepřetáhnul dnes už musím jít spát ráno vstávám na brigádu tak to udělám zítra odpoledne už správně. Nezlobte se že vás pořád otravuji budu velice rád když mi to pomůžete odstranit.zítra vám sem dám už správný log. Děkuji přeji hezký večer.

VIRY.CZ

Sekání pc

Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc

Re: Sekání pc