prosím o kontrolu, plné zaťaženie

Zpráva

nero150 · #1 Příspěvek od **nero150** » 26 srp 2013 18:52

Zdravím
poprosil by som o kontrolu logu nakoľko notebook beži stále skoro na 80% CPU, proces iexplorer.exe nejde vypnúť, vždy sa znova zapne.
ďakujem za každú radu
LOG RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Miro at 2013-08-26 19:49:10
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 112 GB (60%) free of 187 GB
Total RAM: 3767 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:49:15, on 26. 8. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Miro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Microsoft.vbs] "C:\Users\Miro\AppData\Local\Temp\Microsoft.vbs"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Microsoft.vbs] "C:\Users\Miro\AppData\Local\Temp\Microsoft.vbs"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Microsoft.vbs
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: ASUS Virtual MFP Service (UsbService) - Unknown owner - C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe

--
End of file - 8543 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe"
"C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d4a9b427-f075-447d-aa56-f27f4d812ff5 -SystemEventPortName:HostProcess-0b72c159-7dfb-47dd-9e50-c9de95b52042 -IoCancelEventPortName:HostProcess-07514b56-6ba5-49b8-80e6-77c72d9605e6 -NonStateChangingEventPortName:HostProcess-691142a9-3009-467b-a8f1-cef9fccdf89f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:909b1118-4014-4aae-b46e-61eef4e1f54b -DeviceGroupId:WpdFsGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE" -Embedding
C:\Windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3068 CREDAT:996488 /prefetch:2
"C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1560.0.2020539488\1684452861" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,19,25 --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2622 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ForceCompositingMode/thread/GZippedProtobufs/GzippedProtobufsDisabled/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="1560.2.1401327404\1034687615" /prefetch:673131151
"C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ForceCompositingMode/thread/GZippedProtobufs/GzippedProtobufsDisabled/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="1560.6.2017316105\861515304" /prefetch:673131151
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ForceCompositingMode/thread/GZippedProtobufs/GzippedProtobufsDisabled/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="1560.20.1063896900\1411945161" /prefetch:673131151
"C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ForceCompositingMode/thread/GZippedProtobufs/GzippedProtobufsDisabled/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="1560.21.822936566\1910633414" /prefetch:673131151
"C:\Users\Miro\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 6669000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-09 4171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-12 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-12 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-10 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-10 392984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-10 417560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21 19875432]
"Microsoft.vbs"=C:\Users\Miro\AppData\Local\Temp\Microsoft.vbs [2013-06-29 4550]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [2011-09-28 404568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft.vbs]
C:\Users\Miro\AppData\Local\Temp\Microsoft.vbs [2013-06-29 4550]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoIE4StubProcessing]
C:\Windows\system32\reg.exe [2009-07-14 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Cleaners]
C:\ProgramData\PC Cleaners\PCCleaners.exe /minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk]
C:\PROGRA~2\ASUS\ASUSUS~1\EMRCtl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
C:\PROGRA~2\ArcSoft\TOTALM~1.5\TMMONI~1.EXE []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"Microsoft.vbs"=C:\Users\Miro\AppData\Local\Temp\Microsoft.vbs [2013-06-29 4550]

C:\Users\Miro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-01-10 390656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 6669000]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-09 4171464]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-08-26 19:46:31 ----D---- C:\rsit
2013-08-26 19:46:31 ----D---- C:\Program Files\trend micro
2013-08-26 13:43:11 ----D---- C:\dvbdream
2013-08-26 13:26:24 ----A---- C:\Windows\SYSWOW64\SuperFrameSplitter.dll
2013-08-26 13:26:24 ----A---- C:\Windows\SYSWOW64\RTL283XACCESS.dll
2013-08-26 13:26:24 ----A---- C:\Windows\SYSWOW64\RTKFMSOURCE.dll
2013-08-26 13:26:24 ----A---- C:\Windows\SYSWOW64\RTKFM.dll
2013-08-26 13:26:24 ----A---- C:\Windows\SYSWOW64\RTKDABSOURCE.dll
2013-08-26 13:26:24 ----A---- C:\Windows\SYSWOW64\RTKDABMWare.dll
2013-08-26 13:26:24 ----A---- C:\Windows\SYSWOW64\RTKDAB.dll
2013-08-26 13:26:17 ----D---- C:\Windows\LastGood
2013-08-26 13:26:15 ----D---- C:\Windows\RTL
2013-08-26 13:26:09 ----A---- C:\Windows\system32\drivers\RTL2832UUSB.sys
2013-08-26 13:26:09 ----A---- C:\Windows\system32\drivers\RTL2832UBDA.sys
2013-08-25 11:53:41 ----D---- C:\Program Files (x86)\NovaLogic
2013-08-20 17:07:31 ----D---- C:\Program Files (x86)\Avago-HP
2013-08-20 17:07:30 ----D---- C:\Program Files\Avago-HP
2013-08-20 17:06:23 ----A---- C:\Windows\system32\drivers\vuhub.sys
2013-08-14 20:24:13 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-08-14 20:24:13 ----A---- C:\Windows\system32\ieui.dll
2013-08-14 20:24:12 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-08-14 20:24:12 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-08-14 20:24:12 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-08-14 20:24:12 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-08-14 20:24:12 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-08-14 20:24:12 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 20:24:12 ----A---- C:\Windows\system32\iesysprep.dll
2013-08-14 20:24:12 ----A---- C:\Windows\system32\iesetup.dll
2013-08-14 20:24:12 ----A---- C:\Windows\system32\iernonce.dll
2013-08-14 20:24:12 ----A---- C:\Windows\system32\ie4uinit.exe
2013-08-14 20:24:11 ----A---- C:\Windows\system32\iertutil.dll
2013-08-14 20:24:10 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-08-14 20:24:10 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-08-14 20:24:10 ----A---- C:\Windows\system32\msfeeds.dll
2013-08-14 20:24:10 ----A---- C:\Windows\system32\jscript.dll
2013-08-14 20:24:09 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-08-14 20:24:09 ----A---- C:\Windows\system32\jscript9.dll
2013-08-14 20:24:08 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-08-14 20:24:08 ----A---- C:\Windows\system32\urlmon.dll
2013-08-14 20:24:07 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-08-14 20:24:07 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-08-14 20:24:07 ----A---- C:\Windows\system32\jsproxy.dll
2013-08-14 20:24:06 ----A---- C:\Windows\system32\wininet.dll
2013-08-14 20:24:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-08-14 20:24:04 ----A---- C:\Windows\system32\ieframe.dll
2013-08-14 20:24:03 ----A---- C:\Windows\system32\mshtml.dll
2013-08-14 20:24:00 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-08-14 12:50:00 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2013-08-14 12:50:00 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-08-14 12:50:00 ----A---- C:\Windows\system32\wintrust.dll
2013-08-14 12:50:00 ----A---- C:\Windows\system32\crypt32.dll
2013-08-14 12:49:59 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-08-14 12:49:59 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-08-14 12:49:59 ----A---- C:\Windows\system32\cryptsvc.dll
2013-08-14 12:49:59 ----A---- C:\Windows\system32\cryptnet.dll
2013-08-14 12:45:28 ----A---- C:\Windows\SYSWOW64\tzres.dll
2013-08-14 12:45:28 ----A---- C:\Windows\system32\tzres.dll
2013-08-14 12:45:26 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-08-14 12:45:26 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-08-14 12:45:23 ----A---- C:\Windows\system32\rpcrt4.dll
2013-08-14 12:45:22 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2013-08-14 12:45:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-08-14 12:45:21 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-08-14 12:45:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-08-14 12:45:20 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-08-14 12:45:20 ----A---- C:\Windows\SYSWOW64\user.exe
2013-08-14 12:45:20 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-08-14 12:45:20 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-08-14 12:45:20 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-08-14 12:45:20 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-08-14 12:45:20 ----A---- C:\Windows\system32\wow64.dll
2013-08-14 12:45:20 ----A---- C:\Windows\system32\ntdll.dll
2013-08-14 12:45:16 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2013-08-14 12:45:15 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-07-27 22:40:43 ----D---- C:\Windows\system32\MRT

======List of files/folders modified in the last 1 months======

2013-08-26 19:49:14 ----D---- C:\Windows\Temp
2013-08-26 19:47:57 ----D---- C:\Windows\Prefetch
2013-08-26 19:46:31 ----RD---- C:\Program Files
2013-08-26 19:27:03 ----D---- C:\Users\Miro\AppData\Roaming\Skype
2013-08-26 19:21:08 ----D---- C:\Program Files\Mafia
2013-08-26 17:35:59 ----D---- C:\Windows\SysWOW64
2013-08-26 17:35:59 ----D---- C:\Windows\inf
2013-08-26 17:35:59 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-08-26 13:38:44 ----D---- C:\Users\Miro\AppData\Roaming\vlc
2013-08-26 13:36:51 ----D---- C:\Windows\system32\config
2013-08-26 13:29:28 ----D---- C:\Windows\System32
2013-08-26 13:29:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-26 13:26:18 ----D---- C:\Windows\system32\drivers
2013-08-26 13:26:17 ----D---- C:\Windows
2013-08-26 13:26:16 ----D---- C:\Windows\system32\DriverStore
2013-08-26 13:26:16 ----D---- C:\Windows\system32\catroot
2013-08-25 11:53:41 ----RD---- C:\Program Files (x86)
2013-08-21 13:13:27 ----SHD---- C:\System Volume Information
2013-08-20 17:06:23 ----D---- C:\Program Files (x86)\ASUS
2013-08-15 08:05:58 ----D---- C:\Windows\rescache
2013-08-15 07:47:43 ----RSD---- C:\Windows\assembly
2013-08-15 07:47:43 ----D---- C:\Windows\Microsoft.NET
2013-08-14 20:29:03 ----D---- C:\Windows\winsxs
2013-08-14 20:28:55 ----D---- C:\Windows\Panther
2013-08-14 20:26:35 ----D---- C:\Windows\SYSWOW64\sk-SK
2013-08-14 20:26:35 ----D---- C:\Windows\system32\sk-SK
2013-08-14 20:26:35 ----D---- C:\Windows\AppPatch
2013-08-14 20:26:35 ----D---- C:\Program Files\Internet Explorer
2013-08-14 20:26:35 ----D---- C:\Program Files (x86)\Internet Explorer
2013-08-14 20:24:29 ----D---- C:\Windows\system32\catroot2
2013-08-14 20:23:48 ----SHD---- C:\Windows\Installer
2013-08-14 20:18:38 ----A---- C:\Windows\system32\MRT.exe
2013-08-14 07:19:13 ----D---- C:\Windows\system32\wdi
2013-07-27 22:49:41 ----D---- C:\ProgramData\Microsoft Help
2013-07-27 22:49:09 ----A---- C:\Windows\win.ini
2013-07-27 22:40:43 ----D---- C:\Windows\debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-06-01 564824]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-08-05 2768384]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]
R3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2013-03-26 34336]
R3 vuhub;Virtual Usb Hub; C:\Windows\system32\DRIVERS\vuhub.sys [2007-12-17 47616]
S3 andnetadb;ADB Interface DriverNet; C:\Windows\System32\Drivers\lgandnetadb.sys [2012-07-03 31744]
S3 AndNetDiag;LGE AndroidNet USB Serial Port; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [2012-07-03 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [2012-07-03 36352]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [2012-07-04 93184]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\lgandadb.sys [2010-08-02 31744]
S3 ASUSVRC64;ASUSTeK Virtual Capture Device; C:\Windows\system32\DRIVERS\AsusVRC64.sys [2008-10-13 23424]
S3 azff53wu;azff53wu; C:\Windows\system32\drivers\azff53wu.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 Rockusb;Driver for Rockusb Device; C:\Windows\system32\DRIVERS\rockusb.sys [2012-05-02 65648]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2012-08-03 237968]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2012-08-03 39056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2013-03-26 23016]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2012-03-02 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2012-03-02 28160]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2012-03-02 34816]
S3 WinUsb;TI WinUSB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-03-23 23048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-04-25 335168]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UsbService;ASUS Virtual MFP Service; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-08-10 334848]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-08-10 57344]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2003-04-18 8192]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 30798512]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-06-02 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

nero150 · #2 Příspěvek od **nero150** » 26 srp 2013 21:05

pridávam ešte log z MBAM

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2013.08.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Miro :: NOTEBOOK [administrátor]

Ochrana: Zapnuté

26. 8. 2013 20:11:36
MBAM-log-2013-08-26 (22-03-06).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 819552
Uplynutý čas: 1 hod, 51 min, 2 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 11
C:\$Recycle.Bin\S-1-5-21-413697087-671043976-181596044-1000\$RBUAJL6\rld-nu2k.exe (Trojan.Downloader) -> Žiadna úloha nevykonaná.
C:\Program Files (x86)\Rockstar Games\GTA San Andreas\engine.exe (Backdoor.Bot) -> Žiadna úloha nevykonaná.
C:\Users\Miro\Downloads\gta-sa-v1.1-euro-trainer-plus20.zip (Backdoor.Bot) -> Žiadna úloha nevykonaná.
D:\APP\LEXIA\DIAGSYS\Diagsys.exe (Spyware.Zbot) -> Žiadna úloha nevykonaná.
D:\Documents and Settings\mirko\Dokumenty\Downloads\Crack-Vivid-Workshop-10.2.zip (Backdoor.IRCBot) -> Žiadna úloha nevykonaná.
D:\Documents and Settings\mirko\Plocha\Crack\VIVID_REG.EXE (Backdoor.IRCBot) -> Žiadna úloha nevykonaná.
D:\Program Files\Vivid WorkshopData ATI\VIVID_REG.EXE (Backdoor.IRCBot) -> Žiadna úloha nevykonaná.
D:\RECYCLER\S-1-5-21-1417001333-1957994488-2147097355-1003\Dc12\48\VIVID_REG.EXE (Backdoor.IRCBot) -> Žiadna úloha nevykonaná.

(koniec)

#3 Příspěvek od **vyosek** » 26 srp 2013 21:53

Zdravim

Nalezy MBAMu smazte

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

nero150 · #4 Příspěvek od **nero150** » 27 srp 2013 06:49

tu su tie logy Rkill:
Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/27/2013 07:28:01 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE (PID: 1836) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Miro\Desktop\rkill\rkill-08-27-2013-07-28-06.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 csmg.lgmobile.com
127.0.0.1 csmgdl.lgmobile.com

Program finished at: 08/27/2013 07:30:44 AM
Execution time: 0 hours(s), 2 minute(s), and 42 seconds(s)

Combofix:
ComboFix 13-08-25.01 - Miro . 08. 2013 7:41.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3767.2473 [GMT 2:00]
Running from: c:\users\Miro\Desktop\ComboFix.exe
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Miro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbs
.
.
((((((((((((((((((((((((( Files Created from 2013-07-27 to 2013-08-27 )))))))))))))))))))))))))))))))
.
.
2013-08-26 17:58 . 2013-08-26 17:58 -------- d-----w- c:\users\Miro\AppData\Roaming\Malwarebytes
2013-08-26 17:58 . 2013-08-26 17:58 -------- d-----w- c:\programdata\Malwarebytes
2013-08-26 17:58 . 2013-08-26 18:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-26 17:58 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-26 17:46 . 2013-08-26 17:49 -------- d-----w- c:\program files\trend micro
2013-08-26 17:46 . 2013-08-26 17:46 -------- d-----w- C:\rsit
2013-08-26 11:43 . 2013-08-26 15:01 -------- d-----w- C:\dvbdream
2013-08-26 11:26 . 2011-03-10 22:30 90243 ----a-w- c:\windows\SysWow64\SuperFrameSplitter.dll
2013-08-26 11:26 . 2010-01-29 01:41 135277 ----a-w- c:\windows\SysWow64\RTKFMSOURCE.dll
2013-08-26 11:26 . 2010-01-21 16:33 352335 ----a-w- c:\windows\SysWow64\RTKFM.dll
2013-08-26 11:26 . 2010-01-21 16:18 4698216 ----a-w- c:\windows\SysWow64\RTKDAB.dll
2013-08-26 11:26 . 2010-01-18 20:01 139369 ----a-w- c:\windows\SysWow64\RTKDABSOURCE.dll
2013-08-26 11:26 . 2009-12-29 21:12 69632 ----a-w- c:\windows\SysWow64\RTKDABMWare.dll
2013-08-26 11:26 . 2009-09-11 20:15 114688 ----a-w- c:\windows\SysWow64\RTL283XACCESS.dll
2013-08-26 11:26 . 2013-08-26 11:26 -------- d-----w- c:\windows\RTL
2013-08-26 11:26 . 2012-08-03 19:28 39056 ----a-w- c:\windows\system32\drivers\RTL2832UUSB.sys
2013-08-26 11:26 . 2012-08-03 19:28 237968 ----a-w- c:\windows\system32\drivers\RTL2832UBDA.sys
2013-08-25 09:53 . 2013-08-25 09:53 -------- d-----w- c:\program files (x86)\NovaLogic
2013-08-23 21:53 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27002684-6E84-485A-9400-DB284CF17B26}\mpengine.dll
2013-08-20 15:07 . 2013-08-20 15:07 -------- d-----w- c:\program files (x86)\Avago-HP
2013-08-20 15:07 . 2013-08-20 15:07 -------- d-----w- c:\program files\Avago-HP
2013-08-20 15:06 . 2007-12-17 08:25 47616 ----a-w- c:\windows\system32\drivers\vuhub.sys
2013-08-14 10:50 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 10:50 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 10:50 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-14 10:50 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-14 10:49 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 10:49 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 10:49 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-14 10:49 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 18:18 . 2013-06-01 21:12 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-14 10:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-14 19:59 . 2013-06-30 09:12 5370576 ----a-w- c:\programdata\pclunst.exe
2013-06-12 19:48 . 2013-06-16 17:36 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 19:48 . 2013-06-16 17:36 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 19:47 . 2013-06-20 14:03 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-05 03:34 . 2013-07-10 02:11 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-05 01:08 . 2013-06-05 01:08 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-05 01:08 . 2013-06-05 01:08 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-05 01:08 . 2013-06-05 01:08 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-05 01:08 . 2013-06-05 01:08 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-05 01:08 . 2013-06-05 01:08 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-05 01:08 . 2013-06-05 01:08 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-05 01:08 . 2013-06-05 01:08 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-05 01:08 . 2013-06-05 01:08 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-05 01:08 . 2013-06-05 01:08 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-05 01:08 . 2013-06-05 01:08 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-05 01:08 . 2013-06-05 01:08 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-05 01:08 . 2013-06-05 01:08 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-05 01:08 . 2013-06-05 01:08 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-05 01:08 . 2013-06-05 01:08 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-05 01:08 . 2013-06-05 01:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-05 01:08 . 2013-06-05 01:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-05 01:08 . 2013-06-05 01:08 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-05 01:08 . 2013-06-05 01:08 441856 ----a-w- c:\windows\system32\html.iec
2013-06-05 01:08 . 2013-06-05 01:08 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-05 01:08 . 2013-06-05 01:08 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-05 01:08 . 2013-06-05 01:08 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-05 01:08 . 2013-06-05 01:08 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-05 01:08 . 2013-06-05 01:08 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-05 01:08 . 2013-06-05 01:08 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-05 01:08 . 2013-06-05 01:08 235008 ----a-w- c:\windows\system32\url.dll
2013-06-05 01:08 . 2013-06-05 01:08 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-05 01:08 . 2013-06-05 01:08 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-05 01:08 . 2013-06-05 01:08 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-05 01:08 . 2013-06-05 01:08 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-05 01:08 . 2013-06-05 01:08 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-05 01:08 . 2013-06-05 01:08 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-05 01:08 . 2013-06-05 01:08 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-05 01:08 . 2013-06-05 01:08 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-05 01:08 . 2013-06-05 01:08 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-05 01:08 . 2013-06-05 01:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-05 01:08 . 2013-06-05 01:08 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-05 01:08 . 2013-06-05 01:08 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-05 01:08 . 2013-06-05 01:08 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-05 01:08 . 2013-06-05 01:08 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-05 01:08 . 2013-06-05 01:08 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-05 01:08 . 2013-06-05 01:08 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-05 01:08 . 2013-06-05 01:08 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-05 01:08 . 2013-06-05 01:08 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-05 01:08 . 2013-06-05 01:08 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-05 01:08 . 2013-06-05 01:08 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-05 01:08 . 2013-06-05 01:08 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-05 01:08 . 2013-06-05 01:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-05 01:08 . 2013-06-05 01:08 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-05 01:08 . 2013-06-05 01:08 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-04 06:00 . 2013-07-10 02:15 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 02:15 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-06-04 01:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-06-04 01:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-06-01 22:40 . 2013-06-01 22:40 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-06-01 20:54 . 2013-06-01 20:54 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 ASUSVRC64;ASUSTeK Virtual Capture Device;c:\windows\system32\DRIVERS\AsusVRC64.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVRC64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys;c:\windows\SYSNATIVE\DRIVERS\rockusb.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 UsbService;ASUS Virtual MFP Service;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys;c:\windows\SYSNATIVE\DRIVERS\vuhub.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Microsoft.vbs - c:\users\Miro\AppData\Local\Temp\Microsoft.vbs
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-27 07:47:33
ComboFix-quarantined-files.txt 2013-08-27 05:47
.
Pre-Run: 119 721 451 520 bytes free
Post-Run: 119 322 198 016 bytes free
.
- - End Of File - - DF86B1A3FB7296C49DB41801039A292D
A36C5E4F47E84449FF07ED3517B43A31

Ako vidim tak fixol ten script Microsoft.vbs ten sa nedal vypnut ani v ccleanery

#5 Příspěvek od **vyosek** » 27 srp 2013 18:56

Stahnete Host permissions http://www.bleepingcomputer.com/download/hosts-permbat/

Ulozte na plochu a spustte
Probehne oprava, objevi se hlaska o uspesne resetu prav k hosts souboru
Stisknete libovolnou klavesu k ukonceni

Poprosim o DDS http://forum.viry.cz/viewtopic.php?f=30&t=125172

nero150 · #6 Příspěvek od **nero150** » 27 srp 2013 20:02

tady to je

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Miro at 21:01:03 on 2013-08-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3767.2289 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{20F146E0-E277-4090-BA02-7812A21D488E} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-7-8 335168]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-26 418376]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2013-8-20 334848]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2013-6-1 57344]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-26 25928]
R3 vuhub;Virtual Usb Hub;C:\Windows\System32\drivers\vuhub.sys [2013-8-20 47616]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-26 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2013-6-13 31744]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2013-6-13 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2013-6-13 36352]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgandnetndis64.sys [2013-6-13 93184]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\lgandadb.sys [2013-6-13 31744]
S3 ASUSVRC64;ASUSTeK Virtual Capture Device;C:\Windows\System32\drivers\AsusVRC64.sys [2013-6-23 23424]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-4 19456]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-7-8 34336]
S3 Rockusb;Driver for Rockusb Device;C:\Windows\System32\drivers\rockusb.sys [2013-6-22 65648]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;C:\Windows\System32\drivers\RTL2832UBDA.sys [2013-8-26 237968]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;C:\Windows\System32\drivers\RTL2832UUSB.sys [2013-8-26 39056]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-4 57856]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-7-8 23016]
S3 WatAdminSvc;Služba Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-2 1255736]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-7-8 23048]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-08-27 06:11:59 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27002684-6E84-485A-9400-DB284CF17B26}\offreg.dll
2013-08-27 05:47:38 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-27 05:39:12 98816 ----a-w- C:\Windows\sed.exe
2013-08-27 05:39:12 256000 ----a-w- C:\Windows\PEV.exe
2013-08-27 05:39:12 208896 ----a-w- C:\Windows\MBR.exe
2013-08-26 17:58:59 -------- d-----w- C:\Users\Miro\AppData\Roaming\Malwarebytes
2013-08-26 17:58:52 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-26 17:58:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-26 17:58:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-26 17:46:31 -------- d-----w- C:\Program Files\trend micro
2013-08-26 11:43:11 -------- d-----w- C:\dvbdream
2013-08-26 11:26:24 90243 ----a-w- C:\Windows\SysWow64\SuperFrameSplitter.dll
2013-08-26 11:26:24 69632 ----a-w- C:\Windows\SysWow64\RTKDABMWare.dll
2013-08-26 11:26:24 4698216 ----a-w- C:\Windows\SysWow64\RTKDAB.dll
2013-08-26 11:26:24 352335 ----a-w- C:\Windows\SysWow64\RTKFM.dll
2013-08-26 11:26:24 139369 ----a-w- C:\Windows\SysWow64\RTKDABSOURCE.dll
2013-08-26 11:26:24 135277 ----a-w- C:\Windows\SysWow64\RTKFMSOURCE.dll
2013-08-26 11:26:24 114688 ----a-w- C:\Windows\SysWow64\RTL283XACCESS.dll
2013-08-26 11:26:15 -------- d-----w- C:\Windows\RTL
2013-08-26 11:26:09 39056 ----a-w- C:\Windows\System32\drivers\RTL2832UUSB.sys
2013-08-26 11:26:09 237968 ----a-w- C:\Windows\System32\drivers\RTL2832UBDA.sys
2013-08-25 09:53:41 -------- d-----w- C:\Program Files (x86)\NovaLogic
2013-08-23 21:53:56 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27002684-6E84-485A-9400-DB284CF17B26}\mpengine.dll
2013-08-20 15:07:31 -------- d-----w- C:\Program Files (x86)\Avago-HP
2013-08-20 15:07:30 -------- d-----w- C:\Program Files\Avago-HP
2013-08-20 15:06:23 47616 ----a-w- C:\Windows\System32\drivers\vuhub.sys
2013-08-14 10:50:00 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 10:50:00 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 10:50:00 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 10:50:00 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 10:49:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 10:49:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 10:49:59 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 10:49:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-14 19:59:59 5370576 ----a-w- C:\ProgramData\pclunst.exe
2013-06-12 19:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-12 19:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-12 19:47:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-04 01:15:28 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-06-04 01:15:28 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-06-01 20:54:30 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys
.
============= FINISH: 21:01:17,40 ===============

#7 Příspěvek od **vyosek** » 29 srp 2013 10:09

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

nero150 · #8 Příspěvek od **nero150** » 29 srp 2013 19:28

tady je LOG:

ComboFix 13-08-29.02 - Miro . 08. 2013 20:18:41.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3767.2625 [GMT 2:00]
Running from: c:\users\Miro\Desktop\ComboFix.exe
Command switches used :: c:\users\Miro\Desktop\CFScript.txt
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-29 )))))))))))))))))))))))))))))))
.
.
2013-08-29 18:22 . 2013-08-29 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-27 20:59 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34208EEF-7A4F-4942-8A32-3CD7F945FADB}\mpengine.dll
2013-08-26 17:58 . 2013-08-26 17:58 -------- d-----w- c:\users\Miro\AppData\Roaming\Malwarebytes
2013-08-26 17:58 . 2013-08-26 17:58 -------- d-----w- c:\programdata\Malwarebytes
2013-08-26 17:58 . 2013-08-26 18:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-26 17:58 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-26 17:46 . 2013-08-26 17:49 -------- d-----w- c:\program files\trend micro
2013-08-26 17:46 . 2013-08-26 17:46 -------- d-----w- C:\rsit
2013-08-26 11:43 . 2013-08-26 15:01 -------- d-----w- C:\dvbdream
2013-08-26 11:26 . 2011-03-10 22:30 90243 ----a-w- c:\windows\SysWow64\SuperFrameSplitter.dll
2013-08-26 11:26 . 2010-01-29 01:41 135277 ----a-w- c:\windows\SysWow64\RTKFMSOURCE.dll
2013-08-26 11:26 . 2010-01-21 16:33 352335 ----a-w- c:\windows\SysWow64\RTKFM.dll
2013-08-26 11:26 . 2010-01-21 16:18 4698216 ----a-w- c:\windows\SysWow64\RTKDAB.dll
2013-08-26 11:26 . 2010-01-18 20:01 139369 ----a-w- c:\windows\SysWow64\RTKDABSOURCE.dll
2013-08-26 11:26 . 2009-12-29 21:12 69632 ----a-w- c:\windows\SysWow64\RTKDABMWare.dll
2013-08-26 11:26 . 2009-09-11 20:15 114688 ----a-w- c:\windows\SysWow64\RTL283XACCESS.dll
2013-08-26 11:26 . 2013-08-26 11:26 -------- d-----w- c:\windows\RTL
2013-08-26 11:26 . 2012-08-03 19:28 39056 ----a-w- c:\windows\system32\drivers\RTL2832UUSB.sys
2013-08-26 11:26 . 2012-08-03 19:28 237968 ----a-w- c:\windows\system32\drivers\RTL2832UBDA.sys
2013-08-25 09:53 . 2013-08-25 09:53 -------- d-----w- c:\program files (x86)\NovaLogic
2013-08-20 15:07 . 2013-08-20 15:07 -------- d-----w- c:\program files (x86)\Avago-HP
2013-08-20 15:07 . 2013-08-20 15:07 -------- d-----w- c:\program files\Avago-HP
2013-08-20 15:06 . 2007-12-17 08:25 47616 ----a-w- c:\windows\system32\drivers\vuhub.sys
2013-08-14 10:50 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 10:50 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 10:50 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-14 10:50 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-14 10:49 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 10:49 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 10:49 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-14 10:49 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 18:18 . 2013-06-01 21:12 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-14 10:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-14 19:59 . 2013-06-30 09:12 5370576 ----a-w- c:\programdata\pclunst.exe
2013-06-12 19:48 . 2013-06-16 17:36 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 19:48 . 2013-06-16 17:36 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 19:47 . 2013-06-20 14:03 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-05 03:34 . 2013-07-10 02:11 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-05 01:08 . 2013-06-05 01:08 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-05 01:08 . 2013-06-05 01:08 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-05 01:08 . 2013-06-05 01:08 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-05 01:08 . 2013-06-05 01:08 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-05 01:08 . 2013-06-05 01:08 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-05 01:08 . 2013-06-05 01:08 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-05 01:08 . 2013-06-05 01:08 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-05 01:08 . 2013-06-05 01:08 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-05 01:08 . 2013-06-05 01:08 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-05 01:08 . 2013-06-05 01:08 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-05 01:08 . 2013-06-05 01:08 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-05 01:08 . 2013-06-05 01:08 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-05 01:08 . 2013-06-05 01:08 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-05 01:08 . 2013-06-05 01:08 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-05 01:08 . 2013-06-05 01:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-05 01:08 . 2013-06-05 01:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-05 01:08 . 2013-06-05 01:08 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-05 01:08 . 2013-06-05 01:08 441856 ----a-w- c:\windows\system32\html.iec
2013-06-05 01:08 . 2013-06-05 01:08 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-05 01:08 . 2013-06-05 01:08 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-05 01:08 . 2013-06-05 01:08 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-05 01:08 . 2013-06-05 01:08 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-05 01:08 . 2013-06-05 01:08 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-05 01:08 . 2013-06-05 01:08 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-05 01:08 . 2013-06-05 01:08 235008 ----a-w- c:\windows\system32\url.dll
2013-06-05 01:08 . 2013-06-05 01:08 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-05 01:08 . 2013-06-05 01:08 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-05 01:08 . 2013-06-05 01:08 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-05 01:08 . 2013-06-05 01:08 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-05 01:08 . 2013-06-05 01:08 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-05 01:08 . 2013-06-05 01:08 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-05 01:08 . 2013-06-05 01:08 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-05 01:08 . 2013-06-05 01:08 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-05 01:08 . 2013-06-05 01:08 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-05 01:08 . 2013-06-05 01:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-05 01:08 . 2013-06-05 01:08 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-05 01:08 . 2013-06-05 01:08 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-05 01:08 . 2013-06-05 01:08 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-05 01:08 . 2013-06-05 01:08 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-05 01:08 . 2013-06-05 01:08 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-05 01:08 . 2013-06-05 01:08 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-05 01:08 . 2013-06-05 01:08 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-05 01:08 . 2013-06-05 01:08 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-05 01:08 . 2013-06-05 01:08 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-05 01:08 . 2013-06-05 01:08 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-05 01:08 . 2013-06-05 01:08 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-05 01:08 . 2013-06-05 01:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-05 01:08 . 2013-06-05 01:08 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-05 01:08 . 2013-06-05 01:08 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-04 06:00 . 2013-07-10 02:15 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 02:15 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-06-04 01:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-06-04 01:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-06-01 22:40 . 2013-06-01 22:40 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-06-01 20:54 . 2013-06-01 20:54 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 ASUSVRC64;ASUSTeK Virtual Capture Device;c:\windows\system32\DRIVERS\AsusVRC64.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVRC64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys;c:\windows\SYSNATIVE\DRIVERS\rockusb.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 UsbService;ASUS Virtual MFP Service;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys;c:\windows\SYSNATIVE\DRIVERS\vuhub.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2013-08-29 20:27:07 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-29 18:27
ComboFix2.txt 2013-08-27 05:47
.
Pre-Run: 118 836 731 904 bytes free
Post-Run: 118 637 498 368 bytes free
.
- - End Of File - - ED6336D0B0EB7C099EB15C353274CF2C
A36C5E4F47E84449FF07ED3517B43A31

#9 Příspěvek od **vyosek** » 29 srp 2013 19:36

Fajn, jak se chova PC

nero150 · #10 Příspěvek od **nero150** » 29 srp 2013 21:06

No je to lepšie zaťaženie kleslo.maximálna hodnota pri nečinnosti je do 15%, čo je podľa mňa výborne.
Ale mám pár otázok ak môžem teda:

1.) musí proces DWM.exe (Desktop Window Manager) brať 50MB z RAM ak na ploche nemám ani jednu ikonku?
2.) musí proces explorer.exe (windows prieskumník) brať 30MB?
3.) musí proces svchost.exe (Host Process for Windows Services) brať takmer 100MB z ram?
3.) Existuje nejaký program, ktorý mi ukáže aké programy/procesy zaťažujú HDD? lebo indikátor HDD ani nepreblikáva, ale stále svieti.
4.) Aký program na defragmentáciu HDD odporúčate?

Ďakujem

#11 Příspěvek od **vyosek** » 30 srp 2013 08:25

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Doporucuji provest defragmentaci disku

Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace

Ad vase otazky

dwmu i explorer jsou systemove sluzby stejne jako svchost - jejich zabrani RAM pameti urcuje system
sledovani HDD, zkusim pohledat
defragmentace - vizte vyse

nero150 · #12 Příspěvek od **nero150** » 30 srp 2013 10:18

všetko urobené, momentálne zapínam defragmentáciu je tam 6%, ale zapnem to aj tak...

zatiaľ ďakujem veľmi pekne

#13 Příspěvek od **vyosek** » 30 srp 2013 15:52

OK, pak napiste jak se chova PC...

nero150 · #14 Příspěvek od **nero150** » 31 srp 2013 13:45

zdravim

tak Cečko to naformátovalo a ostalo 1% fragmentácia, Dečko naformátovalo a ostalo 9% fragmetácia. 9% ostalo aj na druhý pokus.
Inak CPU je v pohode ale HDD stále svieti a ani neblikne.
Aký programom odporúčate otestovať HDD aby som zistil v akej je kondícii? či nemá vadne sektory atď.

ďakujem

#15 Příspěvek od **vyosek** » 31 srp 2013 13:47

Udelejte CDI dle kolegy

MiliNess píše:Stáhni CrystalDiskInfo, v nabídce Úpravy zvol Kopírovat a obsah schránky sem vlož pomocí Ctrl+V.

Otestujte HD pomoci HD Tune http://www.stahuj.centrum.cz/utility_a_ ... g/hd-tune/

Udelejte testy Benchmark a Error Scan - dejte screeny
Dejte screen ze zalozky Health
Scree udelate kdyz klilknete na tu modrou disketku a pak jej sem dejte dle tohoto navdou http://forum.viry.cz/viewtopic.php?f=11&t=14114 - zajima Vas jen cast "zaslani na forum" samozrejme

VIRY.CZ

prosím o kontrolu, plné zaťaženie

prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie

Re: prosím o kontrolu, plné zaťaženie