kontrola logu po viru baidu Vyřešeno

[shearer79]

ComboFix 15-06-30.01 - KAJA 02.07.2015 20:23:42.4.1 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2937.419 [GMT 2:00]
Spuštěný z: c:\users\KAJA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\KAJA\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\bd0001.sys"
"c:\windows\system32\drivers\bd0002.sys"
"c:\windows\system32\drivers\bd0003.sys"
"c:\windows\system32\drivers\BDArKit.sys"
"c:\windows\system32\drivers\BDDefense.sys"
"c:\windows\system32\drivers\BDMWrench_x64.sys"
"c:\windows\system32\DRIVERS\BdSandBox.sys"
"c:\windows\system32\drivers\TSSKX64.sys"
"c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3987399166-679275742-319485661-1001Core.job"
"c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3987399166-679275742-319485661-1001UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e25bec39-51d6-4b6c-9e15-8ee7ff465f58.job"
"c:\windows\Tasks\SUPERAntiSpyware Scheduled Task eaebd0b4-966e-47c0-8998-765707a7c02c.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Baidu
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\ad.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsBugRpt.exe
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsBusiness.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsCore.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsIU.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHipsUpdate.exe
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduPrevUIn.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\bd0001.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\bd0002.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDConfig.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDDriverFixer.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDLogicUtils.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMAVCached.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMAVEng.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMBase.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMDownload.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMFrameWork.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMLog.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMMsg.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMNet.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMPatchAgent.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMReport.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMStringUtils.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMTinyXml.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDMUpdate.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BDPerflog.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\blacksign.dat
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\cache_config.dat
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\DriverManager.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\drivers\bd0001.sys
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\drivers\bd0002.sys
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\drivers\BDArKit.sys
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\drivers\BDDefense_x64.sys
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\hips_customer.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\hips_product.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\hips_self_enc.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\InstallCfg.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\NetService.ini
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch.7z
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_HipsClient_2.1.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_HipsClient_2.1.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_HipsClient_2.3.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_HipsClient_2.3.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_PreU_2.1.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduAn_PreU_2.3.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduSd_HipsClient_1.8.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduSd_HipsClient_1.8.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\BaiduSd_PreU_1.8.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\patch\placeholder_tmp
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\policy.xml
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\smr.dat
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\systemfile.dat
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\TrustAndIso.dll
c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\wverify.dat
c:\program files (x86)\Common Files\Baidu\BDDownload\108\7z.dll
c:\program files (x86)\Common Files\Baidu\BDDownload\108\bdcomproxy.dll
c:\program files (x86)\Common Files\Baidu\BDDownload\108\bddownloader.exe
c:\program files (x86)\Common Files\Baidu\BDDownload\108\dl.dll
c:\programdata\Rising
c:\programdata\Rising\Rav\datastorage.db
c:\programdata\Rising\Rav\language.ini
c:\programdata\Rising\Rav\RAV.ini
c:\programdata\Rising\Rav\ravcfg.xml
c:\programdata\Rising\Rav\rsmon.db
c:\programdata\Rising\Rav\rsmon.db1
c:\programdata\Rising\Rav\rsuser.db
c:\programdata\Rising\Rav\rsuser.db1
c:\programdata\Rising\Rav\ShortCut\RAV.ico
c:\programdata\Rising\Rav\ShortCut\Repair.url
c:\programdata\Rising\RSD\rsmsgcache.ini
c:\programdata\Rising\RSD\rsmsginfo.ini
c:\programdata\RogueKiller
c:\programdata\RogueKiller\config.ini
c:\programdata\RogueKiller\Logs\RKreport_SCN_06302015_003727.log
c:\programdata\RogueKiller\vt.cache
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Legacy_BDDEFENSE
-------\Service_BaiduHips
-------\Service_bd0001
-------\Service_bd0002
-------\Service_BDDefense
-------\Service_BDKVRTP
-------\Service_BdSandBox
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-02 do 2015-07-02 )))))))))))))))))))))))))))))))
.
.
2015-07-02 18:38 . 2015-07-02 18:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-07-02 18:38 . 2015-07-02 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-01 09:35 . 2015-07-01 09:33 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F983B7F-1F2D-465E-9973-54CE14D1F99E}\gapaengine.dll
2015-07-01 09:33 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9D2D94E-2721-4118-8261-0C54C9C5FA13}\mpengine.dll
2015-07-01 09:07 . 2015-07-01 09:07 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2015-07-01 06:35 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-30 21:26 . 2015-06-30 21:26 -------- d-----w- c:\users\KAJA\AppData\Roaming\SUPERAntiSpyware.com
2015-06-30 21:24 . 2015-06-30 21:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-06-30 21:24 . 2015-06-30 21:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-06-30 05:15 . 2015-06-30 05:15 -------- d-----w- c:\programdata\ioloGovernor
2015-06-29 23:24 . 2015-06-29 22:40 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-29 23:24 . 2015-07-02 18:42 -------- d-----w- c:\users\KAJA\AppData\Local\Temp
2015-06-29 22:40 . 2015-06-29 23:18 -------- d-----w- C:\zoek_backup
2015-06-29 22:20 . 2015-06-29 22:20 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-29 21:54 . 2015-06-29 21:54 -------- d-----w- C:\RegBackup
2015-06-26 08:19 . 2015-06-26 08:19 -------- d-----w- c:\users\KAJA\AppData\Local\GWX
2015-06-23 15:11 . 2015-06-23 15:16 -------- d-s---w- c:\windows\system32\GWX
2015-06-23 15:11 . 2015-06-23 15:11 -------- d-s---w- c:\windows\SysWow64\GWX
2015-06-23 15:05 . 2015-06-23 15:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-06-23 09:03 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-23 09:03 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-06-23 08:04 . 2015-05-25 18:19 50176 ----a-w- c:\windows\system32\srclient.dll
2015-06-23 08:00 . 2015-05-23 03:15 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-06-23 07:57 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-06-23 07:57 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-06-23 07:56 . 2015-03-10 03:25 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-06-23 07:56 . 2015-03-10 03:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-06-23 07:56 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-06-23 07:56 . 2015-03-10 03:05 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-06-23 07:56 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-06-23 07:56 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-23 07:51 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-06-23 07:51 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-06-23 07:51 . 2015-04-20 02:11 3204608 ----a-w- c:\windows\system32\win32k.sys
2015-06-23 07:51 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-06-23 07:42 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-06-23 07:41 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-06-23 07:40 . 2015-02-20 03:29 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-06-23 07:30 . 2015-06-23 07:30 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-23 07:30 . 2015-06-23 07:30 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 07:30 . 2015-06-23 07:30 -------- d-----w- c:\windows\SysWow64\Macromed
2015-06-23 07:30 . 2015-06-23 07:30 -------- d-----w- c:\windows\system32\Macromed
2015-06-23 07:20 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-06-23 07:20 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-06-23 07:20 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-06-23 07:20 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-06-23 07:20 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-06-21 16:53 . 2015-06-21 18:38 28984 ----a-w- c:\windows\SysWow64\drivers\TS888x64.sys
2015-06-21 09:01 . 2015-06-21 08:58 38200 ----a-w- c:\windows\system32\drivers\TSSKX64.sys
2015-06-21 08:36 . 2015-04-08 07:17 103240 ----a-w- c:\windows\system32\drivers\BDDefense.sys
2015-06-21 08:36 . 2015-04-08 07:17 196936 ----a-w- c:\windows\system32\drivers\bd0002.sys
2015-06-21 08:34 . 2015-04-08 07:17 56136 ----a-w- c:\windows\system32\drivers\BDMWrench_x64.sys
2015-06-21 08:32 . 2015-04-08 07:17 152392 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2015-06-21 08:32 . 2015-04-08 07:17 67400 ----a-w- c:\windows\system32\drivers\bd0003.sys
2015-06-20 08:12 . 2015-04-08 07:17 202576 ----a-w- c:\windows\system32\drivers\bd0001.sys
2015-06-20 08:02 . 2012-02-29 07:49 11888 ------w- c:\windows\system32\drivers\rsndisp.sys
2015-06-20 08:02 . 2015-03-11 05:00 71056 ------w- c:\windows\system32\drivers\rsutils.sys
2015-06-20 08:02 . 2015-02-11 05:00 121072 ------w- c:\windows\system32\drivers\sysmon.sys
2015-06-16 21:36 . 2015-06-16 21:36 -------- d-----w- c:\users\KAJA\AppData\Local\Dropbox
2015-06-16 21:36 . 2015-06-16 21:36 -------- d-----w- c:\programdata\Dropbox
2015-06-02 21:52 . 2015-06-02 21:52 -------- d-----w- c:\users\KAJA\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-02 17:46 . 2014-07-23 20:59 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-23 15:04 . 2014-09-21 15:56 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-21 08:35 . 2015-02-27 15:40 73728 ----a-w- c:\windows\SysWow64\tasks.dll
2015-05-26 22:04 . 2014-07-23 20:19 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:19 . 2015-06-23 08:05 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-23 08:05 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-23 08:05 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-23 08:05 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-23 08:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-04 11:24 . 2015-05-04 11:24 4097140 ----a-w- c:\windows\SysWow64\FotoMagica_FotoMagica_uninstaller.exe
2015-04-15 11:12 . 2015-04-15 11:12 138056 ----a-w- c:\windows\SysWow64\atl100.dll
2015-04-14 07:37 . 2014-07-23 20:58 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-07-23 20:58 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-07-23 20:58 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-12-14 21:36 233128 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-12-14 21:36 233128 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-12-14 21:36 233128 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
R4 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S0 sysmon;sysmon;c:\windows\system32\DRIVERS\sysmon.sys;c:\windows\SYSNATIVE\DRIVERS\sysmon.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S1 BDMWrench_x64;BDMWrench_x64;c:\windows\system32\DRIVERS\BDMWrench_x64.sys;c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys [x]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
S1 rsutils;rsutils;c:\windows\system32\DRIVERS\rsutils.sys;c:\windows\SYSNATIVE\DRIVERS\rsutils.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-22 21:16 990024 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-07-02 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3987399166-679275742-319485661-1001Core.job
- c:\users\KAJA\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 21:35]
.
2015-07-02 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3987399166-679275742-319485661-1001UA.job
- c:\users\KAJA\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 21:35]
.
2015-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-21 19:09]
.
2015-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-21 19:09]
.
2015-07-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e25bec39-51d6-4b6c-9e15-8ee7ff465f58.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-07-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task eaebd0b4-966e-47c0-8998-765707a7c02c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-12-14 21:37 260776 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-12-14 21:37 260776 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-12-14 21:37 260776 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-29 1794856]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mDefault_Search_URL = 00
mDefault_Page_URL = 00
mSearch Page = 00
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.100.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - (no file)
AddRemove-FotoMagica_FotoMagica - c:\windows\system32\FotoMagica_FotoMagica_uninstaller.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\users\KAJA\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2015-07-02 20:49:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-07-02 18:49
ComboFix2.txt 2015-06-30 22:21
ComboFix3.txt 2014-12-28 18:10
ComboFix4.txt 2014-12-28 17:49
.
Před spuštěním: Volných bajtů: 130 127 360 000
Po spuštění: Volných bajtů: 129 932 234 752
.
- - End Of File - - 596D8875487548E42ED7F61D4F384C5E
A36C5E4F47E84449FF07ED3517B43A31

[Reklama]

[jaro3]

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.


Co ty soubory na virustotal?

[shearer79]

pouze ten první fotomagica a čistý, tamty jsem nenašel v tom adresáři. Je to možné?

[shearer79]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-07-02 23:10:42
-----------------------------
23:10:42.779 OS Version: Windows x64 6.1.7601 Service Pack 1
23:10:42.779 Number of processors: 1 586 0x170A
23:10:42.779 ComputerName: KAJA-PC UserName: KAJA
23:10:44.042 Initialize success
23:10:45.524 VM: initialized successfully
23:10:45.524 VM: Intel CPU virtualization not supported
23:10:52.632 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:10:52.648 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
23:10:52.788 Disk 0 MBR read successfully
23:10:52.788 Disk 0 MBR scan
23:10:52.788 Disk 0 Windows 7 default MBR code
23:10:52.804 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
23:10:52.819 Disk 0 Boot: NTFS code=2
23:10:52.835 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 304842 MB offset 821248
23:10:52.850 Disk 0 scanning C:\Windows\system32\drivers
23:10:59.808 Service scanning
23:11:26.547 Modules scanning
23:11:26.547 Disk 0 trace - called modules:
23:11:27.077 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys iaStor.sys
23:11:27.077 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002ec2060]
23:11:27.093 3 CLASSPNP.SYS[fffff88001bc343f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8002ebf060]
23:11:27.108 5 thpdrv.sys[fffff88001b0bcc0] -> nt!IofCallDriver -> [0xfffffa8002d14e40]
23:11:27.108 7 ACPI.sys[fffff88000f737a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8002d13050]
23:11:27.124 Disk 0 statistics 98943/0/0 @ 8,06 MB/s
23:11:27.124 Scan finished successfully
23:13:42.454 Disk 0 MBR has been saved successfully to "C:\Users\KAJA\Desktop\MBR.dat"
23:13:42.563 The log file has been saved successfully to "C:\Users\KAJA\Desktop\aswMBR.txt"

[jerabina]

V možnostech složky si povol zobrazování skrytých souborů a složek + odškrtni zatržítko skrýt chráněné soubory operačního systému. To musíš udělat u té složky drivers, ale je možné, že tam už třeba ani nebudou, zkus to ale.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Co problémy? + nový log z HJT

[shearer79]

skryté složky nastavil a stejně nic nenašel. zde log...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:49:05, on 3.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\KAJA\Desktop\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5602 bytes

[jerabina]

Tak ještě dočistíme

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - zelenou "fajfku"

[shearer79]

# DelFix v1.010 - Logfile created 04/07/2015 at 00:07:05
# Updated 26/04/2015 by Xplode
# Username : KAJA - KAJA-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\zoek-results.log
Deleted : C:\Users\KAJA\Desktop\AdwCleaner.exe
Deleted : C:\Users\KAJA\Desktop\aswmbr (1).exe
Deleted : C:\Users\KAJA\Desktop\JRT log.txt
Deleted : C:\Users\KAJA\Desktop\JRT.exe
Deleted : C:\Users\KAJA\Desktop\JRT.txt
Deleted : C:\Users\KAJA\Desktop\HijackThis (1).exe
Deleted : C:\Users\KAJA\Desktop\hijackthis.log
Deleted : C:\Users\KAJA\Desktop\MBR.dat
Deleted : C:\Users\KAJA\Desktop\RogueKillerX64.exe
Deleted : C:\Users\KAJA\Desktop\zoek-results.txt
Deleted : C:\Users\KAJA\Desktop\zoek.exe
Deleted : C:\Users\KAJA\Downloads\adwcleaner_4.207.exe
Deleted : C:\Users\KAJA\Downloads\esetsmartinstaller_csy.exe
Deleted : C:\Users\KAJA\Downloads\HijackThis.exe
Deleted : C:\Users\KAJA\Downloads\hijackthis.log
Deleted : C:\Users\KAJA\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #169 [ComboFix created restore point | 07/03/2015 06:08:26]

New restore point created !

########## - EOF - ##########

[shearer79]

V HJT se mi neodstranily první dva řádky...

[jerabina]

Oni se neodstraní, pouze u nich dojde k resetování do výchozího stavu, jedná se o prevenci. Pokud je to vše, tak téma uzavřít zelenou "fajfkou"

[shearer79]

dobře děkuji. Ten super antispyware mám nechat?

[Orcus]

Můžeš.