prosím o kontrolu- havět v PC(safefinder, atp) Vyřešeno

[Anett]

+ log HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:52:51, on 2.4.2016
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

FIREFOX: 45.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\AnettZz\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
C:\Program Files\USB_video_device\Driver\Driver32\emmon.exe
C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\AnettZz\Desktop\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MiPhoneManager] "C:\Users\AnettZz\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: emMon.lnk = ?
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.webcompanion.com
O20 - AppInit_DLLs: C:\ProgramData\Bamcof\Groovetone.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Bamcof - Unknown owner - C:\ProgramData\\Bamcof\\Bamcof.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe

--
End of file - 6471 bytes

[Reklama]

[jaro3]

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin



Doinstaluj si SP1!!


Toto otestuj na Virustotal
C:\ProgramData\Bamcof\Groovetone.dll
C:\ProgramData\\Bamcof\\Bamcof.exe


Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Anett]

SP1 nainstalován :)

https://www.virustotal.com/en/file/e6dc ... 459690057/

https://www.virustotal.com/en/file/1269 ... 459690486/

[Anett]

ComboFix 16-04-01.01 - AnettZz 03.04.2016 15:39:46.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2047.1245 [GMT 2:00]
Spuštěný z: c:\users\AnettZz\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Adobe\ui.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-03-03 do 2016-04-03 )))))))))))))))))))))))))))))))
.
.
2016-04-03 13:47 . 2016-04-03 13:47 -------- d-----w- c:\users\AnettZz\AppData\Local\temp
2016-04-03 13:47 . 2016-04-03 13:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-03 13:47 . 2016-04-03 13:47 -------- d-----w- c:\users\admin\AppData\Local\temp
2016-04-03 13:24 . 2016-04-03 13:24 2778006 ----a-w- c:\program files\Common Files\gpbykyhb.exe
2016-04-03 13:11 . 2016-04-03 13:11 -------- d-----w- c:\windows\system32\SPReview
2016-04-03 12:51 . 2010-11-20 02:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2016-04-03 12:50 . 2010-11-20 02:24 442720 ----a-w- c:\windows\system32\winresume.exe
2016-04-03 12:48 . 2016-04-03 12:48 -------- d-----w- c:\windows\system32\EventProviders
2016-04-02 15:40 . 2016-04-02 15:26 24064 ----a-w- c:\windows\zoek-delete.exe
2016-04-02 15:37 . 2016-04-02 15:43 -------- d-----w- C:\zoek
2016-04-02 15:31 . 2016-04-03 12:34 -------- d-----w- c:\programdata\Bamcof
2016-04-02 15:31 . 2016-04-02 15:31 2778215 ----a-w- c:\program files\Common Files\uep0vkfn.exe
2016-04-02 15:27 . 2016-04-02 15:27 -------- d-----w- c:\users\AnettZz\AppData\Local\CrashDumps
2016-04-02 14:27 . 2016-04-02 14:27 2774906 ----a-w- c:\program files\Common Files\bnxvlhoj.exe
2016-04-02 13:24 . 2016-04-02 13:24 2806221 ----a-w- c:\program files\Common Files\5la2rii3.exe
2016-04-02 11:43 . 2016-04-02 11:43 2767505 ----a-w- c:\program files\Common Files\m2czx525.exe
2016-04-02 11:34 . 2016-04-02 11:34 2741542 ----a-w- c:\program files\Common Files\bmbm5loc.exe
2016-04-02 10:00 . 2016-04-02 15:08 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-02 09:58 . 2016-04-02 09:58 -------- d-----w- c:\programdata\RogueKiller
2016-04-02 09:55 . 2016-04-02 09:55 -------- d-----w- c:\users\AnettZz\AppData\Roaming\Xiaomi
2016-04-01 16:29 . 2016-04-01 16:29 -------- d-----w- c:\program files\Common Files\unxj0sbd
2016-04-01 15:36 . 2016-04-02 09:38 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-01 15:35 . 2016-04-01 15:35 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-04-01 15:35 . 2016-04-01 15:35 -------- d-----w- c:\programdata\Malwarebytes
2016-04-01 15:35 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-01 15:35 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-01 15:35 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-01 15:30 . 2016-04-02 09:28 -------- d-----w- C:\AdwCleaner
2016-04-01 15:29 . 2016-04-01 15:29 -------- d-----w- c:\program files\Common Files\3y5vo033
2016-03-30 18:21 . 2016-03-30 18:21 -------- d-----w- c:\program files\Common Files\Skype
2016-03-22 18:42 . 2016-03-22 18:42 -------- d-----w- c:\program files\Common Files\len1dwye
2016-03-22 17:42 . 2016-03-22 17:42 -------- d-----w- c:\program files\Common Files\zhimnpzg
2016-03-21 19:33 . 2016-03-21 19:43 -------- d-----w- C:\KVRT_Data
2016-03-21 19:23 . 2016-04-02 09:53 -------- d-----w- c:\programdata\yakdo
2016-03-20 16:51 . 2016-03-20 16:51 -------- d-----w- c:\program files\Common Files\akhmenza
2016-03-19 14:21 . 2016-03-19 14:21 -------- d-----w- c:\program files\Common Files\5kv0zv4i
2016-03-18 19:30 . 2016-03-18 19:30 -------- d-----w- c:\program files\Common Files\ujcep44d
2016-03-18 18:48 . 2016-03-18 18:48 -------- d-----w- c:\program files\CCleaner
2016-03-18 18:37 . 2016-03-18 18:37 -------- d-----w- c:\program files\Google
2016-03-18 18:37 . 2016-03-18 18:38 -------- d-----w- c:\users\AnettZz\AppData\Local\Google
2016-03-17 16:54 . 2016-03-17 16:54 -------- d-----w- c:\windows\system32\_tWm
2016-03-15 20:10 . 2016-03-15 20:10 -------- d-----w- c:\program files\Common Files\44zxlgy5
2016-03-10 15:50 . 2016-03-10 15:50 -------- d-----w- c:\users\AnettZz\AppData\Roaming\LG Electronics
2016-03-10 15:48 . 2016-03-10 15:48 -------- d-----w- c:\users\AnettZz\AppData\Local\LG Electronics
2016-03-10 15:44 . 2016-03-10 15:48 -------- d-----w- c:\program files\LG Electronics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-03 13:08 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2016-04-02 19:38 . 2014-03-02 10:42 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2016-04-02 19:38 . 2014-04-03 14:02 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2016-04-02 19:38 . 2014-03-02 10:42 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2016-04-02 18:58 . 2014-03-02 10:42 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2016-03-28 17:28 . 2014-01-02 20:20 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-03-28 17:28 . 2014-01-02 20:20 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-01-10 11:56 . 2016-01-10 11:56 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"MiPhoneManager"="c:\users\AnettZz\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe" [2015-07-03 146224]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-02-12 6638296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"vmware-tray.exe"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2013-10-18 111696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
emMon.lnk - c:\program files\USB_video_device\Driver\Driver32\emmon.exe [2014-1-2 81408]
SteelSeries Engine 3.lnk - c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="c:\programdata\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [2014-7-28 14586368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\programdata\Bamcof\Groovetone.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-03-10 14:50 2094080 ----a-w- c:\users\AnettZz\AppData\Roaming\uTorrent\uTorrent.exe
.
R2 Bamcof;Bamcof;c:\programdata\\Bamcof\\Bamcof.exe [2016-04-02 528384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-01-29 327296]
R3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\system32\DRIVERS\lgandnetbus.sys [2014-10-09 15744]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [2014-10-09 23680]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [2014-10-09 28416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [2013-01-25 14936]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2013-10-08 71888]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-10-08 63824]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-29 243128]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2013-12-18 203024]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2013-12-18 103696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-04-29 291840]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2013-10-09 721464]
S2 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2013-10-18 14405200]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi20-shared.sys [2013-02-22 23632]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 sshid;SteelSeries HID filter driver;c:\windows\system32\DRIVERS\sshid.sys [2014-06-27 30208]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-12-18 114960]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2013-12-18 126224]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - VMBUS
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-31 17:43 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.110\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-02 17:28]
.
2016-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-03-18 18:37]
.
2016-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-03-18 18:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
FF - ProfilePath - c:\users\AnettZz\AppData\Roaming\Mozilla\Firefox\Profiles\rzf1zg16.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-04-03 15:48:53
ComboFix-quarantined-files.txt 2016-04-03 13:48
.
Před spuštěním: Volných bajtů: 102 286 946 304
Po spuštění: Volných bajtů: 102 213 033 984
.
- - End Of File - - CDBBD0D07352D831FA035C72767D98AC
A36C5E4F47E84449FF07ED3517B43A31

PS: nějak jsem si neuvědomila, že je win defender zapnutý...doufam, že to nějak nevadí...

[jerabina]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::

Folder::
c:\programdata\Bamcof
c:\programdata\RogueKiller
c:\program files\Common Files\unxj0sbd
c:\program files\Common Files\3y5vo033
c:\program files\Common Files\len1dwye
c:\program files\Common Files\zhimnpzg
c:\programdata\yakdo
c:\program files\Common Files\akhmenza
c:\program files\Common Files\5kv0zv4i
c:\program files\Common Files\ujcep44d
c:\windows\system32\_tWm
c:\program files\Skype\Updater
c:\program files\Google\Update

File::
c:\program files\Common Files\gpbykyhb.exe
c:\program files\Common Files\uep0vkfn.exe
c:\program files\Common Files\bnxvlhoj.exe
c:\program files\Common Files\5la2rii3.exe
c:\program files\Common Files\m2czx525.exe
c:\program files\Common Files\bmbm5loc.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"CCleaner Monitoring"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-

Driver::
SkypeUpdate

DDS::
Trusted Zone: localhost
Trusted Zone: webcompanion.com
FF - prefs.js: browser.startup.homepage - about:home

RegLock::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\programdata\Bamcof\Groovetone.dll

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Anett]

ComboFix 16-04-01.01 - AnettZz 04.04.2016 18:50:23.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2047.1273 [GMT 2:00]
Spuštěný z: c:\users\AnettZz\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\AnettZz\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\5la2rii3.exe"
"c:\program files\Common Files\bmbm5loc.exe"
"c:\program files\Common Files\bnxvlhoj.exe"
"c:\program files\Common Files\gpbykyhb.exe"
"c:\program files\Common Files\m2czx525.exe"
"c:\program files\Common Files\uep0vkfn.exe"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\3y5vo033
c:\program files\Common Files\3y5vo033\bc6ccudwoc3af.exe
c:\program files\Common Files\3y5vo033\bc6ccudwoc3af.exe.config
c:\program files\Common Files\5kv0zv4i
c:\program files\Common Files\5kv0zv4i\4236cdg0ljjvk.exe
c:\program files\Common Files\5kv0zv4i\4236cdg0ljjvk.exe.config
c:\program files\Common Files\5la2rii3.exe
c:\program files\Common Files\akhmenza
c:\program files\Common Files\akhmenza\59780a03ynawo.exe
c:\program files\Common Files\akhmenza\59780a03ynawo.exe.config
c:\program files\Common Files\bmbm5loc.exe
c:\program files\Common Files\bnxvlhoj.exe
c:\program files\Common Files\gpbykyhb.exe
c:\program files\Common Files\len1dwye
c:\program files\Common Files\len1dwye\81c7fki00tywd.exe
c:\program files\Common Files\len1dwye\81c7fki00tywd.exe.config
c:\program files\Common Files\m2czx525.exe
c:\program files\Common Files\uep0vkfn.exe
c:\program files\Common Files\ujcep44d
c:\program files\Common Files\ujcep44d\a0234ekcdmqz4.exe
c:\program files\Common Files\ujcep44d\a0234ekcdmqz4.exe.config
c:\program files\Common Files\unxj0sbd
c:\program files\Common Files\unxj0sbd\093044q1dv2fo.exe
c:\program files\Common Files\unxj0sbd\093044q1dv2fo.exe.config
c:\program files\Common Files\zhimnpzg
c:\program files\Common Files\zhimnpzg\e980bhvu1rxvs.exe
c:\program files\Common Files\zhimnpzg\e980bhvu1rxvs.exe.config
c:\program files\Google\Update
c:\program files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdate.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateWebPlugin.exe
c:\program files\Google\Update\1.3.29.5\goopdate.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_am.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ar.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_bg.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_bn.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ca.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_cs.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_da.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_de.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_el.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_en.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_es.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_et.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fa.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fi.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fil.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_gu.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_hi.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_hr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_hu.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_id.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_is.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_it.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_iw.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ja.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_kn.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ko.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_lt.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_lv.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ml.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_mr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ms.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_nl.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_no.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_pl.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ro.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ru.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sk.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sl.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sv.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sw.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ta.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_te.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_th.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_tr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_uk.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ur.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_vi.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.29.5\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.29.5\psmachine.dll
c:\program files\Google\Update\1.3.29.5\psmachine_64.dll
c:\program files\Google\Update\1.3.29.5\psuser.dll
c:\program files\Google\Update\1.3.29.5\psuser_64.dll
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\49.0.2623.110\49.0.2623.110_49.0.2623.87_chrome_updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\programdata\Bamcof
c:\programdata\Bamcof\Bamcof.d.dat
c:\programdata\Bamcof\Bamcof.dat
c:\programdata\Bamcof\Bamcof.exe
c:\programdata\Bamcof\conf.config
c:\programdata\Bamcof\Config.xml
c:\programdata\Bamcof\Fixity.bin
c:\programdata\Bamcof\GeoTam.bin
c:\programdata\Bamcof\Groovetone.dll
c:\programdata\Bamcof\IndigoFix.bin
c:\programdata\Bamcof\Lexidex.bin
c:\programdata\Bamcof\md.xml
c:\programdata\Bamcof\Stringaping.bin
c:\programdata\Bamcof\Temptone.bin
c:\programdata\Bamcof\Transfax.bin
c:\programdata\Bamcof\Transhold.exe
c:\programdata\Bamcof\Transhold.exe.config
c:\programdata\Bamcof\uninstall.dat
c:\programdata\Bamcof\Viaflex.exe
c:\programdata\Bamcof\Viaflex.exe.config
c:\programdata\Bamcof\Zaamlatfresh.dat
c:\programdata\Bamcof\Zamdom.dll
c:\programdata\Bamcof\Zonejob.dat
c:\programdata\ntuser.pol
c:\programdata\RogueKiller
c:\programdata\RogueKiller\config.ini
c:\programdata\RogueKiller\Logs\RKreport_DEL_04022016_172344.json
c:\programdata\RogueKiller\Logs\RKreport_SCN_04022016_121404.json
c:\programdata\RogueKiller\Logs\RKreport_SCN_04022016_172157.json
c:\programdata\RogueKiller\vt.cache
c:\programdata\yakdo
c:\programdata\yakdo\AlphaZenlam.dll
c:\programdata\yakdo\CanZamdom.dat
c:\programdata\yakdo\conf.config
c:\programdata\yakdo\Config.xml
c:\programdata\yakdo\Hotflex.bin
c:\programdata\yakdo\Icelight.exe.config
c:\programdata\yakdo\Kaywarm.bin
c:\programdata\yakdo\md.xml
c:\programdata\yakdo\Qvotech.dat
c:\programdata\yakdo\Rankfix.bin
c:\programdata\yakdo\Roundis.exe.config
c:\programdata\yakdo\Sanfax.bin
c:\programdata\yakdo\StatRedtam.bin
c:\programdata\yakdo\Toughtough.bin
c:\programdata\yakdo\Treedox.bin
c:\programdata\yakdo\uninstall.dat
c:\programdata\yakdo\yakdo.d.dat
c:\programdata\yakdo\yakdo.dat
c:\windows\system32\_tWm
c:\windows\system32\_tWm\39.json
c:\windows\system32\_tWm\DataBase
c:\windows\system32\_tWm\default_newtabff#5.4.21.xpi
c:\windows\system32\_tWm\ihpul.exe
c:\windows\system32\_tWm\picx.exe
c:\windows\system32\_tWm\QQBrowser.exe
c:\windows\system32\_tWm\QQBrowserFrame.dll
c:\windows\system32\_tWm\WinHlp.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-03-04 do 2016-04-04 )))))))))))))))))))))))))))))))
.
.
2016-04-04 16:59 . 2016-04-04 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-04 16:59 . 2016-04-04 16:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-04-04 16:59 . 2016-04-04 16:59 -------- d-----w- c:\users\admin\AppData\Local\temp
2016-04-03 19:59 . 2016-04-03 19:59 2779694 ----a-w- c:\program files\Common Files\hhbv2d05.exe
2016-04-03 19:13 . 2016-04-03 19:13 2788581 ----a-w- c:\program files\Common Files\pxh4ygrg.exe
2016-04-03 18:32 . 2016-04-03 18:32 2790986 ----a-w- c:\program files\Common Files\mapums1l.exe
2016-04-03 17:45 . 2016-04-03 17:45 2785555 ----a-w- c:\program files\Common Files\f2ania5t.exe
2016-04-03 16:48 . 2016-04-03 16:48 2773460 ----a-w- c:\program files\Common Files\xncmrbdy.exe
2016-04-03 16:48 . 2016-04-03 16:48 2773460 ----a-w- c:\program files\Common Files\lnnjy332.exe
2016-04-03 15:53 . 2016-04-03 15:53 2723521 ----a-w- c:\program files\Common Files\tahyiwcz.exe
2016-04-03 15:31 . 2016-04-03 15:31 2727414 ----a-w- c:\program files\Common Files\knfyuj3t.exe
2016-04-03 14:42 . 2016-04-03 14:42 -------- d-----w- c:\users\AnettZz\AppData\Local\CrashRpt
2016-04-03 14:27 . 2016-04-03 14:27 2794398 ----a-w- c:\program files\Common Files\vznhfinh.exe
2016-04-03 13:48 . 2016-04-04 17:03 -------- d-----w- c:\users\AnettZz\AppData\Local\temp
2016-04-03 13:11 . 2016-04-03 13:11 -------- d-----w- c:\windows\system32\SPReview
2016-04-03 12:51 . 2010-11-20 02:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2016-04-03 12:50 . 2010-11-20 02:24 442720 ----a-w- c:\windows\system32\winresume.exe
2016-04-03 12:48 . 2016-04-03 12:48 -------- d-----w- c:\windows\system32\EventProviders
2016-04-02 15:40 . 2016-04-02 15:26 24064 ----a-w- c:\windows\zoek-delete.exe
2016-04-02 15:37 . 2016-04-02 15:43 -------- d-----w- C:\zoek
2016-04-02 15:32 . 2016-04-02 15:32 -------- d-----w- c:\programdata\Bamcofs
2016-04-02 15:27 . 2016-04-02 15:27 -------- d-----w- c:\users\AnettZz\AppData\Local\CrashDumps
2016-04-02 10:00 . 2016-04-02 15:08 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-02 09:55 . 2016-04-02 09:55 -------- d-----w- c:\users\AnettZz\AppData\Roaming\Xiaomi
2016-04-01 15:36 . 2016-04-02 09:38 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-01 15:35 . 2016-04-01 15:35 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-04-01 15:35 . 2016-04-01 15:35 -------- d-----w- c:\programdata\Malwarebytes
2016-04-01 15:35 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-01 15:35 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-01 15:35 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-01 15:30 . 2016-04-02 09:28 -------- d-----w- C:\AdwCleaner
2016-03-30 18:21 . 2016-03-30 18:21 -------- d-----w- c:\program files\Common Files\Skype
2016-03-21 19:33 . 2016-03-21 19:43 -------- d-----w- C:\KVRT_Data
2016-03-18 18:48 . 2016-03-18 18:48 -------- d-----w- c:\program files\CCleaner
2016-03-18 18:37 . 2016-03-18 18:37 -------- d-----w- c:\program files\Google
2016-03-18 18:37 . 2016-03-18 18:38 -------- d-----w- c:\users\AnettZz\AppData\Local\Google
2016-03-15 20:10 . 2016-03-15 20:10 -------- d-----w- c:\program files\Common Files\44zxlgy5
2016-03-10 15:50 . 2016-03-10 15:50 -------- d-----w- c:\users\AnettZz\AppData\Roaming\LG Electronics
2016-03-10 15:48 . 2016-03-10 15:48 -------- d-----w- c:\users\AnettZz\AppData\Local\LG Electronics
2016-03-10 15:44 . 2016-03-10 15:48 -------- d-----w- c:\program files\LG Electronics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-03 20:03 . 2014-03-02 10:42 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2016-04-03 20:03 . 2014-04-03 14:02 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2016-04-03 20:03 . 2014-03-02 10:42 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2016-04-03 20:02 . 2014-03-02 10:42 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2016-04-03 13:08 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2016-03-28 17:28 . 2014-01-02 20:20 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-03-28 17:28 . 2014-01-02 20:20 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-01-10 11:56 . 2016-01-10 11:56 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MiPhoneManager"="c:\users\AnettZz\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe" [2015-07-03 146224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"vmware-tray.exe"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2013-10-18 111696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
emMon.lnk - c:\program files\USB_video_device\Driver\Driver32\emmon.exe [2014-1-2 81408]
SteelSeries Engine 3.lnk - c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="c:\programdata\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [2014-7-28 14586368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-03-10 14:50 2094080 ----a-w- c:\users\AnettZz\AppData\Roaming\uTorrent\uTorrent.exe
.
R2 Bamcof;Bamcof;c:\programdata\\Bamcof\\Bamcof.exe [x]
R3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\system32\DRIVERS\lgandnetbus.sys [2014-10-09 15744]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [2014-10-09 23680]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [2014-10-09 28416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [2013-01-25 14936]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2013-10-08 71888]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-10-08 63824]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-29 243128]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2013-12-18 203024]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2013-12-18 103696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-04-29 291840]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2013-10-09 721464]
S2 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2013-10-18 14405200]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi20-shared.sys [2013-02-22 23632]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 sshid;SteelSeries HID filter driver;c:\windows\system32\DRIVERS\sshid.sys [2014-06-27 30208]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-12-18 114960]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2013-12-18 126224]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-31 17:43 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.110\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
FF - ProfilePath - c:\users\AnettZz\AppData\Roaming\Mozilla\Firefox\Profiles\rzf1zg16.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2016-04-04 19:06:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-04-04 17:06
ComboFix2.txt 2016-04-03 13:48
.
Před spuštěním: Volných bajtů: 98 626 162 688
Po spuštění: Volných bajtů: 98 237 976 576
.
- - End Of File - - 2D560AA6A5A6CC904D5CC4EAF9FB56FF
A36C5E4F47E84449FF07ED3517B43A31

[jerabina]

Poprosím tě ještě o jeden skript:

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::

Folder::
c:\programdata\\Bamcof
c:\programdata\Bamcof

File::
c:\programdata\\Bamcof\\Bamcof.exe

Driver::
Bamcof

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Anett]

ComboFix 16-04-01.01 - AnettZz 05.04.2016 18:43:55.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2047.1226 [GMT 2:00]
Spuštěný z: c:\users\AnettZz\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\AnettZz\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\\Bamcof\\Bamcof.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\0i5nmxk2.exe
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Bamcof
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-03-05 do 2016-04-05 )))))))))))))))))))))))))))))))
.
.
2016-04-05 16:53 . 2016-04-05 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-05 16:53 . 2016-04-05 16:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-04-05 16:53 . 2016-04-05 16:53 -------- d-----w- c:\users\admin\AppData\Local\temp
2016-04-04 20:00 . 2016-04-04 20:00 2795425 ----a-w- c:\program files\Common Files\afvhkkqn.exe
2016-04-04 18:08 . 2016-03-28 10:07 9302992 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7417D13-76DC-4E4F-8381-E6B36AA9AF26}\mpengine.dll
2016-04-03 19:59 . 2016-04-03 19:59 2779694 ----a-w- c:\program files\Common Files\hhbv2d05.exe
2016-04-03 19:13 . 2016-04-03 19:13 2788581 ----a-w- c:\program files\Common Files\pxh4ygrg.exe
2016-04-03 18:32 . 2016-04-03 18:32 2790986 ----a-w- c:\program files\Common Files\mapums1l.exe
2016-04-03 17:45 . 2016-04-03 17:45 2785555 ----a-w- c:\program files\Common Files\f2ania5t.exe
2016-04-03 16:48 . 2016-04-03 16:48 2773460 ----a-w- c:\program files\Common Files\xncmrbdy.exe
2016-04-03 16:48 . 2016-04-03 16:48 2773460 ----a-w- c:\program files\Common Files\lnnjy332.exe
2016-04-03 15:53 . 2016-04-03 15:53 2723521 ----a-w- c:\program files\Common Files\tahyiwcz.exe
2016-04-03 15:31 . 2016-04-03 15:31 2727414 ----a-w- c:\program files\Common Files\knfyuj3t.exe
2016-04-03 14:42 . 2016-04-03 14:42 -------- d-----w- c:\users\AnettZz\AppData\Local\CrashRpt
2016-04-03 14:27 . 2016-04-03 14:27 2794398 ----a-w- c:\program files\Common Files\vznhfinh.exe
2016-04-03 13:48 . 2016-04-05 16:56 -------- d-----w- c:\users\AnettZz\AppData\Local\temp
2016-04-03 13:11 . 2016-04-03 13:11 -------- d-----w- c:\windows\system32\SPReview
2016-04-03 12:51 . 2010-11-20 02:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2016-04-03 12:50 . 2010-11-20 02:24 442720 ----a-w- c:\windows\system32\winresume.exe
2016-04-03 12:48 . 2016-04-03 12:48 -------- d-----w- c:\windows\system32\EventProviders
2016-04-02 15:40 . 2016-04-02 15:26 24064 ----a-w- c:\windows\zoek-delete.exe
2016-04-02 15:37 . 2016-04-02 15:43 -------- d-----w- C:\zoek
2016-04-02 15:32 . 2016-04-02 15:32 -------- d-----w- c:\programdata\Bamcofs
2016-04-02 15:27 . 2016-04-02 15:27 -------- d-----w- c:\users\AnettZz\AppData\Local\CrashDumps
2016-04-02 10:00 . 2016-04-02 15:08 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-02 09:55 . 2016-04-02 09:55 -------- d-----w- c:\users\AnettZz\AppData\Roaming\Xiaomi
2016-04-01 15:36 . 2016-04-02 09:38 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-01 15:35 . 2016-04-01 15:35 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-04-01 15:35 . 2016-04-01 15:35 -------- d-----w- c:\programdata\Malwarebytes
2016-04-01 15:35 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-01 15:35 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-01 15:35 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-01 15:30 . 2016-04-02 09:28 -------- d-----w- C:\AdwCleaner
2016-03-30 18:21 . 2016-03-30 18:21 -------- d-----w- c:\program files\Common Files\Skype
2016-03-21 19:33 . 2016-03-21 19:43 -------- d-----w- C:\KVRT_Data
2016-03-18 18:48 . 2016-03-18 18:48 -------- d-----w- c:\program files\CCleaner
2016-03-18 18:37 . 2016-03-18 18:37 -------- d-----w- c:\program files\Google
2016-03-18 18:37 . 2016-03-18 18:38 -------- d-----w- c:\users\AnettZz\AppData\Local\Google
2016-03-15 20:10 . 2016-03-15 20:10 -------- d-----w- c:\program files\Common Files\44zxlgy5
2016-03-10 15:50 . 2016-03-10 15:50 -------- d-----w- c:\users\AnettZz\AppData\Roaming\LG Electronics
2016-03-10 15:48 . 2016-03-10 15:48 -------- d-----w- c:\users\AnettZz\AppData\Local\LG Electronics
2016-03-10 15:44 . 2016-03-10 15:48 -------- d-----w- c:\program files\LG Electronics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-04 19:02 . 2014-03-02 10:42 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2016-04-04 19:01 . 2014-04-03 14:02 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2016-04-04 19:01 . 2014-03-02 10:42 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2016-04-04 19:01 . 2014-03-02 10:42 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2016-04-03 13:08 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2016-03-28 17:28 . 2014-01-02 20:20 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-03-28 17:28 . 2014-01-02 20:20 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-01-10 11:56 . 2016-01-10 11:56 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MiPhoneManager"="c:\users\AnettZz\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe" [2015-07-03 146224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"vmware-tray.exe"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2013-10-18 111696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
emMon.lnk - c:\program files\USB_video_device\Driver\Driver32\emmon.exe [2014-1-2 81408]
SteelSeries Engine 3.lnk - c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="c:\programdata\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [2014-7-28 14586368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-03-10 14:50 2094080 ----a-w- c:\users\AnettZz\AppData\Roaming\uTorrent\uTorrent.exe
.
R3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\system32\DRIVERS\lgandnetbus.sys [2014-10-09 15744]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [2014-10-09 23680]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [2014-10-09 28416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [2013-01-25 14936]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2013-10-08 71888]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-10-08 63824]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-29 243128]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2013-12-18 203024]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2013-12-18 103696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-04-29 291840]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2013-10-09 721464]
S2 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2013-10-18 14405200]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi20-shared.sys [2013-02-22 23632]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 sshid;SteelSeries HID filter driver;c:\windows\system32\DRIVERS\sshid.sys [2014-06-27 30208]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-12-18 114960]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2013-12-18 126224]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-31 17:43 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.110\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
FF - ProfilePath - c:\users\AnettZz\AppData\Roaming\Mozilla\Firefox\Profiles\rzf1zg16.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2016-04-05 18:58:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-04-05 16:58
ComboFix2.txt 2016-04-04 17:06
ComboFix3.txt 2016-04-03 13:48
.
Před spuštěním: Volných bajtů: 97 654 358 016
Po spuštění: Volných bajtů: 97 366 650 880
.
- - End Of File - - 401B4A4AAC50EB41A81FD70AC81ED43D
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
Collect::
c:\program files\Common Files\afvhkkqn.exe
c:\program files\Common Files\hhbv2d05.exe
c:\program files\Common Files\pxh4ygrg.exe
c:\program files\Common Files\mapums1l.exe
c:\program files\Common Files\f2ania5t.exe
c:\program files\Common Files\xncmrbdy.exe
c:\program files\Common Files\lnnjy332.exe
c:\program files\Common Files\tahyiwcz.exe
c:\program files\Common Files\knfyuj3t.exe
c:\program files\Common Files\vznhfinh.exe
c:\program files\Common Files\44zxlgy5

Folder::
c:\programdata\Bamcofs
c:\program files\Common Files\44zxlgy5



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu, klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Anett]

ComboFix 16-04-06.01 - AnettZz 06.04.2016 15:36:07.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2047.1350 [GMT 2:00]
Spuštěný z: c:\users\AnettZz\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\AnettZz\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
file zipped: c:\program files\Common Files\afvhkkqn.exe
file zipped: c:\program files\Common Files\f2ania5t.exe
file zipped: c:\program files\Common Files\hhbv2d05.exe
file zipped: c:\program files\Common Files\knfyuj3t.exe
file zipped: c:\program files\Common Files\lnnjy332.exe
file zipped: c:\program files\Common Files\mapums1l.exe
file zipped: c:\program files\Common Files\pxh4ygrg.exe
file zipped: c:\program files\Common Files\tahyiwcz.exe
file zipped: c:\program files\Common Files\vznhfinh.exe
file zipped: c:\program files\Common Files\xncmrbdy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\0walbjdw.exe
c:\program files\Common Files\44zxlgy5
c:\program files\Common Files\44zxlgy5\7d3fellburpax.exe
c:\program files\Common Files\44zxlgy5\7d3fellburpax.exe.config
c:\program files\Common Files\afvhkkqn.exe
c:\program files\Common Files\f2ania5t.exe
c:\program files\Common Files\hhbv2d05.exe
c:\program files\Common Files\knfyuj3t.exe
c:\program files\Common Files\lnnjy332.exe
c:\program files\Common Files\mapums1l.exe
c:\program files\Common Files\pxh4ygrg.exe
c:\program files\Common Files\tahyiwcz.exe
c:\program files\Common Files\vznhfinh.exe
c:\program files\Common Files\xncmrbdy.exe
c:\programdata\Bamcofs
c:\programdata\Bamcofs\ff.HP
c:\programdata\Bamcofs\ff.NT
c:\programdata\Bamcofs\snp.sc
.
Nakažená kopie c:\windows\system32\ntdll.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17514_none_5ade482d5a6fc521\ntdll.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-03-06 do 2016-04-06 )))))))))))))))))))))))))))))))
.
.
2016-04-06 13:44 . 2016-04-06 13:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-06 13:44 . 2016-04-06 13:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-04-06 13:44 . 2016-04-06 13:44 -------- d-----w- c:\users\admin\AppData\Local\temp
2016-04-05 19:59 . 2016-04-05 19:59 2785625 ----a-w- c:\program files\Common Files\w0mzcszl.exe
2016-04-04 18:08 . 2016-03-28 10:07 9302992 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7417D13-76DC-4E4F-8381-E6B36AA9AF26}\mpengine.dll
2016-04-03 14:42 . 2016-04-03 14:42 -------- d-----w- c:\users\AnettZz\AppData\Local\CrashRpt
2016-04-03 13:48 . 2016-04-06 13:46 -------- d-----w- c:\users\AnettZz\AppData\Local\temp
2016-04-03 13:11 . 2016-04-03 13:11 -------- d-----w- c:\windows\system32\SPReview
2016-04-03 12:51 . 2010-11-20 02:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2016-04-03 12:50 . 2010-11-20 02:24 442720 ----a-w- c:\windows\system32\winresume.exe
2016-04-03 12:48 . 2016-04-03 12:48 -------- d-----w- c:\windows\system32\EventProviders
2016-04-02 15:40 . 2016-04-02 15:26 24064 ----a-w- c:\windows\zoek-delete.exe
2016-04-02 15:37 . 2016-04-02 15:43 -------- d-----w- C:\zoek
2016-04-02 15:27 . 2016-04-02 15:27 -------- d-----w- c:\users\AnettZz\AppData\Local\CrashDumps
2016-04-02 10:00 . 2016-04-02 15:08 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-02 09:55 . 2016-04-02 09:55 -------- d-----w- c:\users\AnettZz\AppData\Roaming\Xiaomi
2016-04-01 15:36 . 2016-04-02 09:38 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-01 15:35 . 2016-04-01 15:35 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-04-01 15:35 . 2016-04-01 15:35 -------- d-----w- c:\programdata\Malwarebytes
2016-04-01 15:35 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-01 15:35 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-01 15:35 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-01 15:30 . 2016-04-02 09:28 -------- d-----w- C:\AdwCleaner
2016-03-30 18:21 . 2016-03-30 18:21 -------- d-----w- c:\program files\Common Files\Skype
2016-03-21 19:33 . 2016-03-21 19:43 -------- d-----w- C:\KVRT_Data
2016-03-18 18:48 . 2016-03-18 18:48 -------- d-----w- c:\program files\CCleaner
2016-03-18 18:37 . 2016-03-18 18:37 -------- d-----w- c:\program files\Google
2016-03-18 18:37 . 2016-03-18 18:38 -------- d-----w- c:\users\AnettZz\AppData\Local\Google
2016-03-10 15:50 . 2016-03-10 15:50 -------- d-----w- c:\users\AnettZz\AppData\Roaming\LG Electronics
2016-03-10 15:48 . 2016-03-10 15:48 -------- d-----w- c:\users\AnettZz\AppData\Local\LG Electronics
2016-03-10 15:44 . 2016-03-10 15:48 -------- d-----w- c:\program files\LG Electronics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-05 20:14 . 2014-03-02 10:42 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2016-04-05 20:14 . 2014-04-03 14:02 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2016-04-05 20:14 . 2014-03-02 10:42 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2016-04-05 20:13 . 2014-03-02 10:42 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2016-04-03 13:08 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2016-03-28 17:28 . 2014-01-02 20:20 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-03-28 17:28 . 2014-01-02 20:20 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-01-10 11:56 . 2016-01-10 11:56 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MiPhoneManager"="c:\users\AnettZz\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe" [2015-07-03 146224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"vmware-tray.exe"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2013-10-18 111696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
emMon.lnk - c:\program files\USB_video_device\Driver\Driver32\emmon.exe [2014-1-2 81408]
SteelSeries Engine 3.lnk - c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="c:\programdata\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [2014-7-28 14586368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-03-10 14:50 2094080 ----a-w- c:\users\AnettZz\AppData\Roaming\uTorrent\uTorrent.exe
.
R3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\system32\DRIVERS\lgandnetbus.sys [2014-10-09 15744]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [2014-10-09 23680]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [2014-10-09 28416]
R3 CFcatchme;CFcatchme;c:\users\AnettZz\AppData\Local\Temp\CFcatchme.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [2013-01-25 14936]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2013-10-08 71888]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-10-08 63824]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-29 243128]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2013-12-18 203024]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2013-12-18 103696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-04-29 291840]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2013-10-09 721464]
S2 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2013-10-18 14405200]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi20-shared.sys [2013-02-22 23632]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 sshid;SteelSeries HID filter driver;c:\windows\system32\DRIVERS\sshid.sys [2014-06-27 30208]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-12-18 114960]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2013-12-18 126224]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-31 17:43 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.110\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
FF - ProfilePath - c:\users\AnettZz\AppData\Roaming\Mozilla\Firefox\Profiles\rzf1zg16.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2016-04-06 15:49:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-04-06 13:49
ComboFix2.txt 2016-04-05 16:58
ComboFix3.txt 2016-04-04 17:06
ComboFix4.txt 2016-04-03 13:48
.
Před spuštěním: Volných bajtů: 97 224 798 208
Po spuštění: Volných bajtů: 97 005 830 144
.
- - End Of File - - CF535EF2216B5898829B6C9D8AF8F0A2
A36C5E4F47E84449FF07ED3517B43A31

[Anett]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-04-06 15:53:07
-----------------------------
15:53:07.647 OS Version: Windows 6.1.7601 Service Pack 1
15:53:07.648 Number of processors: 2 586 0x602
15:53:07.648 ComputerName: ANETTZZ-PC UserName: AnettZz
15:53:16.332 Initialize success
15:53:16.400 VM: initialized successfully
15:53:16.404 VM: Amd CPU BiosDisabled
15:53:28.936 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
15:53:28.948 Disk 0 Vendor: WDC_WD3200AAKS-00L9A0 01.03E01 Size: 305245MB BusType: 3
15:53:28.956 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-6
15:53:28.964 Disk 1 Vendor: WDC_WD5000AVDS-63U7B1 01.00A01 Size: 476940MB BusType: 3
15:53:29.548 Disk 1 MBR read successfully
15:53:29.557 Disk 1 MBR scan
15:53:29.566 Disk 1 Windows 7 default MBR code
15:53:29.604 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 476938 MB offset 2048
15:53:29.644 Disk 1 scanning sectors +976771072
15:53:29.846 Disk 1 scanning C:\Windows\system32\drivers
15:53:43.111 Service scanning
15:54:04.975 Modules scanning
15:54:05.330 Disk 1 trace - called modules:
15:54:05.378 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys
15:54:05.393 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85a74030]
15:54:05.408 3 CLASSPNP.SYS[891a659e] -> nt!IofCallDriver -> [0x85631918]
15:54:05.423 5 ACPI.sys[88ba93d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-6[0x855f2338]
15:54:05.432 Disk 1 statistics 73824/0/0 @ 3,08 MB/s
15:54:05.437 Scan finished successfully
15:54:10.627 Disk 1 MBR has been saved successfully to "C:\Users\AnettZz\Desktop\MBR.dat"
15:54:10.632 The log file has been saved successfully to "C:\Users\AnettZz\Desktop\aswMBR.txt"

[jaro3]

Stáhni Kaspersky VRT
na svojí plochu.
Spusť program Kaspersky VRT, .Program se nainstaluje.
Potvrď licenci a klikni na „Start“ . Pokud program nabídne aktualizaci , klikni dole na na „Download Now“.
- Klikni na ozubené kolečko v pravém horním rohu. V okně vyber kromě již zatržených , svojí jednotku disku , pokud jich máš víc , můžeš zatrhnout všechny.
- zvol „Automatic Scan“ nahoře vlevo. a stiskni tlačítko „Start Scanning“
- Program začne skenovat zatržené jednotky

Zaškrtnuté :
Hidden startup objects
System Memory
Disk boot sectors
Počítač
Místní disk C

Nezašrkrtnuté:
Dokumenty
My email
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Disketová jednotka
A jiné , např. Flash disky , které máš připojeny.

- povol programu Virus Removal Tool odstranit všechny nalezené infekce
- jakmile sken skončí ,zvol záložku „Report“ , vpravo nahoře (vedle ozubeného kolečka)
- klikni na „Detected Threads“ a klikni na obrázek diskety („Save“)
- ulož do počítače zprávu a vložit ji sem do příspěvku