Prosím o zkontrolování logu Vyřešeno

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

Restore::
c:\windows\SysWow64\Drivers\atapi.sys


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Reklama]

[Microsheep]

ComboFix 14-01-22.01 - Microsheep . 01. 2014 11:04:01.2.4 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.4050.2887 [GMT 1:00]
Spuštěný z: c:\users\Microsheep\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Microsheep\Desktop\CFScript.txt
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Drivers\atapi.sys . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-24 do 2014-01-24 )))))))))))))))))))))))))))))))
.
.
2014-01-24 10:08 . 2014-01-24 10:08 -------- d-----w- c:\users\Microsheep\AppData\Local\temp
2014-01-24 10:08 . 2014-01-24 10:08 -------- d-----w- c:\users\Hannybal\AppData\Local\temp
2014-01-24 10:08 . 2014-01-24 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-24 09:47 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6898F158-DF79-4ACE-BF68-0100C614D0AC}\mpengine.dll
2014-01-23 18:01 . 2014-01-23 18:01 -------- d-----w- c:\users\Hannybal\AppData\Local\AMD
2014-01-23 18:01 . 2014-01-23 18:01 -------- d-----w- c:\users\Hannybal\AppData\Local\ATI
2014-01-23 18:01 . 2014-01-23 18:01 -------- d-----w- c:\users\Hannybal\AppData\Local\2K Games
2014-01-23 17:59 . 2014-01-23 17:59 -------- d-----w- c:\users\Microsheep\AppData\Local\2K Games
2014-01-21 22:31 . 2014-01-21 22:31 -------- d-----w- c:\windows\ERUNT
2014-01-21 09:47 . 2014-01-21 09:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-21 09:47 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-21 09:44 . 2014-01-21 19:55 -------- d-----w- C:\AdwCleaner
2014-01-21 08:53 . 2014-01-21 08:53 388096 ----a-r- c:\users\Microsheep\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-21 08:53 . 2014-01-21 08:53 -------- d-----w- c:\program files (x86)\HJT
2014-01-20 19:48 . 2014-01-20 19:48 -------- d-----w- c:\users\Microsheep\AppData\Local\PassMark
2014-01-20 19:48 . 2014-01-20 19:48 -------- d-----w- c:\programdata\Passmark
2014-01-20 19:47 . 2014-01-20 19:48 -------- d-----w- c:\program files\PerformanceTest
2014-01-20 18:33 . 2007-01-01 19:03 40960 ----a-r- c:\windows\SysWow64\psfind.dll
2014-01-20 18:33 . 2006-07-11 17:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-01-20 18:33 . 2006-07-11 17:35 503808 ----a-w- c:\windows\SysWow64\MSVCP71.dll
2014-01-19 19:24 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-01-19 19:24 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-01-15 15:15 . 2014-01-09 08:02 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 15:15 . 2014-01-09 08:02 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-15 09:19 . 2012-10-12 22:22 1361408 ----a-w- c:\windows\system32\Windows.UI.Immersive.dll
2014-01-15 09:18 . 2012-10-24 04:54 396008 ----a-w- c:\windows\system32\hal.dll
2014-01-15 09:16 . 2013-07-09 06:18 439488 ----a-w- c:\windows\system32\WerFault.exe
2014-01-15 09:15 . 2013-10-10 09:21 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-01-15 09:15 . 2013-10-10 09:20 723968 ----a-w- c:\windows\system32\BFE.DLL
2014-01-15 09:15 . 2013-10-10 11:53 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2014-01-15 09:15 . 2012-10-24 03:25 26624 ----a-w- c:\windows\system32\ReAgentc.exe
2014-01-15 09:15 . 2012-10-24 02:48 24064 ----a-w- c:\windows\SysWow64\ReAgentc.exe
2014-01-15 09:15 . 2013-09-23 22:30 419328 ----a-w- c:\windows\system32\schannel.dll
2014-01-15 09:15 . 2013-09-23 22:30 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2014-01-15 09:15 . 2013-03-02 08:23 375808 ----a-w- c:\windows\SysWow64\ReAgent.dll
2014-01-15 09:15 . 2013-03-02 02:44 1011200 ----a-w- c:\windows\system32\reseteng.dll
2014-01-15 09:15 . 2012-12-15 04:55 443392 ----a-w- c:\windows\system32\ReAgent.dll
2014-01-15 09:15 . 2012-11-03 05:26 132096 ----a-w- c:\windows\system32\sysreset.exe
2014-01-15 09:15 . 2012-11-03 05:25 945152 ----a-w- c:\windows\system32\resetengmig.dll
2014-01-15 09:13 . 2013-11-06 23:18 4036608 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 09:12 . 2013-12-07 06:37 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 09:12 . 2013-12-07 05:15 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-01-15 09:12 . 2013-12-07 05:15 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 09:12 . 2013-03-22 03:49 2382336 ----a-w- c:\windows\SysWow64\esent.dll
2014-01-15 09:12 . 2013-03-21 22:47 2851840 ----a-w- c:\windows\system32\esent.dll
2014-01-15 09:09 . 2012-11-20 05:24 1164800 ----a-w- c:\windows\SysWow64\Display.dll
2014-01-15 09:09 . 2012-11-20 05:17 1184256 ----a-w- c:\windows\system32\Display.dll
2014-01-15 09:09 . 2012-11-20 05:02 6656 ----a-w- c:\windows\SysWow64\KBDKURD.DLL
2014-01-15 09:09 . 2012-11-20 04:59 7168 ----a-w- c:\windows\system32\KBDKURD.DLL
2014-01-15 09:05 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-01-15 09:05 . 2012-10-11 05:45 370176 ----a-w- c:\windows\system32\SysFxUI.dll
2014-01-15 09:05 . 2012-10-11 05:19 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2014-01-15 09:05 . 2012-10-11 05:18 111616 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-01-15 09:03 . 2013-08-02 06:28 10116608 ----a-w- c:\windows\system32\twinui.dll
2014-01-15 09:03 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2014-01-15 09:03 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll
2014-01-15 09:03 . 2013-08-02 05:08 8858112 ----a-w- c:\windows\SysWow64\twinui.dll
2014-01-15 09:02 . 2013-11-01 05:38 312320 ----a-w- c:\windows\system32\msieftp.dll
2014-01-15 09:02 . 2013-11-01 03:49 273408 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-01-14 15:33 . 2014-01-14 15:35 -------- d-----w- c:\program files (x86)\Counter-Strike 1.6
2014-01-07 15:15 . 2014-01-07 15:17 -------- d-----w- c:\programdata\Protexis64
2014-01-07 15:13 . 2014-01-07 15:13 -------- d-----w- c:\program files\Common Files\Protexis
2014-01-07 15:13 . 2014-01-07 15:13 -------- d-----w- c:\programdata\Corel
2014-01-07 15:11 . 2014-01-07 15:11 -------- d-----w- c:\program files\Corel
2014-01-07 13:38 . 2014-01-07 13:38 -------- d-----w- c:\program files\Common Files\Corel
2014-01-07 08:54 . 2014-01-07 09:03 -------- d-----w- c:\users\Microsheep\AppData\Roaming\TeamViewer
2014-01-04 10:13 . 2014-01-04 10:13 -------- d-----w- c:\users\Microsheep\AppData\Roaming\JavaFX Scene Builder
2014-01-04 10:09 . 2014-01-04 10:08 312744 ----a-w- c:\windows\system32\javaws.exe
2014-01-04 10:08 . 2014-01-04 10:08 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-04 10:08 . 2014-01-04 10:08 189352 ----a-w- c:\windows\system32\javaw.exe
2014-01-04 10:08 . 2014-01-04 10:08 189352 ----a-w- c:\windows\system32\java.exe
2014-01-02 11:37 . 2014-01-02 11:37 -------- d-----w- c:\users\Microsheep\AppData\Roaming\Scene Builder
2014-01-02 11:33 . 2014-01-04 10:12 -------- d-----w- c:\program files (x86)\Oracle
2014-01-01 09:49 . 2014-01-01 09:49 -------- d-----w- c:\windows\system32\appmgmt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-23 18:10 . 2013-10-03 19:38 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-01-23 18:10 . 2013-10-03 19:36 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-01-19 07:33 . 2013-09-30 10:58 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-15 18:51 . 2013-10-14 14:53 82896128 ----a-w- c:\windows\system32\MRT.exe
2014-01-08 13:42 . 2013-10-03 19:36 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-20 20:36 . 2013-09-30 10:44 65536 ----a-w- c:\windows\system32\spu_storage.bin
2013-12-06 22:08 . 2013-12-06 22:08 157736 ----a-w- c:\windows\system32\amdhcp64.dll
2013-12-06 22:08 . 2013-12-06 22:08 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-12-06 22:05 . 2013-12-06 22:05 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-12-06 22:04 . 2013-12-06 22:04 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-12-06 22:04 . 2013-09-05 08:01 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-12-06 22:03 . 2013-12-06 22:03 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2013-12-06 22:02 . 2013-12-06 22:02 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-12-06 22:01 . 2013-09-05 08:01 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2013-12-06 22:01 . 2013-12-06 22:01 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-12-06 22:00 . 2013-09-05 08:01 9753752 ----a-w- c:\windows\system32\atidxx64.dll
2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-12-06 21:59 . 2013-12-06 21:59 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-12-06 21:58 . 2013-12-06 21:58 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-12-06 21:57 . 2013-12-06 21:57 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2013-12-06 21:56 . 2013-12-06 21:56 7751920 ----a-w- c:\windows\system32\atiumd64.dll
2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll
2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-06 21:28 . 2013-12-06 21:28 77312 ----a-w- c:\windows\system32\drivers\amdkiomd.sys
2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll
2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll
2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-12-06 20:53 . 2013-12-06 20:53 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll
2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe
2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-12-06 20:22 . 2013-12-06 20:22 96256 ----a-w- c:\windows\system32\amdave64.dll
2013-12-06 20:22 . 2013-12-06 20:22 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-12-06 20:22 . 2013-12-06 20:22 1144320 ----a-w- c:\windows\system32\atiadlxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 89088 ----a-w- c:\windows\system32\atisamu64.dll
2013-12-06 20:22 . 2013-12-06 20:22 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2013-12-06 20:22 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-12-06 20:21 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-12-06 15:49 . 2013-12-06 15:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-12-06 15:44 . 2013-12-06 15:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-12-06 15:24 . 2013-12-06 15:24 350208 ----a-w- c:\windows\system32\amdacpusl.dll
2013-12-06 15:24 . 2013-12-06 15:24 237056 ----a-w- c:\windows\SysWow64\amdacpusl.dll
2013-11-15 05:10 . 2013-11-15 05:10 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-11 1823656]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2013-09-16 800280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2013-08-27 111696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
.
c:\users\Microsheep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Microsheep\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 cpuz136;cpuz136;c:\users\MICROS~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\MICROS~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd2.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\SysWOW64\fsproflt2.exe;c:\windows\SysWOW64\fsproflt2.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 Start8;Stardock Start8;c:\program files (x86)\Stardock\Start8\Start8Srv.exe;c:\program files (x86)\Stardock\Start8\Start8Srv.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 amdiommu;amdiommu;c:\windows\System32\drivers\amdkiomd.sys;c:\windows\SYSNATIVE\drivers\amdkiomd.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 sthid;Splashtop Virtual Hid;c:\windows\System32\drivers\sthid.sys;c:\windows\SYSNATIVE\drivers\sthid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 23:42 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30 10:23]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30 10:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2013-05-20 499712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-29 7174728]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
LSP: %windir%\system32\vsocklib.dll
TCP: Interfaces\{C7ED262C-4208-4DAB-B5D6-22DED1A98C53}: NameServer = 10.122.0.1,10.122.128.2
FF - ProfilePath - c:\users\Microsheep\AppData\Roaming\Mozilla\Firefox\Profiles\t0v5vggr.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Dishonored 1.00 - c:\hry\Dishonored\Dishonored\Dishonored\Uninstall.exe
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2014-01-24 11:10:43
ComboFix-quarantined-files.txt 2014-01-24 10:10
ComboFix2.txt 2014-01-22 10:32
.
Před spuštěním: 331 747 418 112 bytes free
Po spuštění: 331 684 659 200 bytes free
.
- - End Of File - - 0840F6E59EEEEA3E7CA9841D2C010211
A36C5E4F47E84449FF07ED3517B43A31

[Microsheep]

aswMBR padá

[Microsheep]

Nový sken HTJ

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:17:13, on 24. 1. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files\Hide Folders 2012\hf.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - Startup: Dropbox.lnk = Microsheep\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7ED262C-4208-4DAB-B5D6-22DED1A98C53}: NameServer = 10.122.0.1,10.122.128.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - Unknown owner - C:\Program Files (x86)\BlueStacks\HD-Service.exe (file missing)
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - Unknown owner - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FSPro Filter Service 2 (fsproflt2) - FSPro Labs - C:\Windows\SysWOW64\fsproflt2.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8534 bytes

[Orcus]

Zkus provést ještě jednou skript CF v nouzovém režimu.

[Microsheep]

V nouzovém režimu

ComboFix 14-01-22.01 - Microsheep . 01. 2014 10:25:17.3.4 - x64 NETWORK
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.4050.2641 [GMT 1:00]
Spuštěný z: c:\users\Microsheep\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Microsheep\Desktop\CFScript.txt
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Drivers\atapi.sys . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-25 do 2014-01-25 )))))))))))))))))))))))))))))))
.
.
2014-01-25 09:29 . 2014-01-25 09:29 -------- d-----w- c:\users\Microsheep\AppData\Local\temp
2014-01-25 09:29 . 2014-01-25 09:29 -------- d-----w- c:\users\Hannybal\AppData\Local\temp
2014-01-25 09:29 . 2014-01-25 09:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-25 08:57 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8616D3D-2B58-4345-B970-3B217EF6BE6D}\mpengine.dll
2014-01-23 18:01 . 2014-01-23 18:01 -------- d-----w- c:\users\Hannybal\AppData\Local\AMD
2014-01-23 18:01 . 2014-01-23 18:01 -------- d-----w- c:\users\Hannybal\AppData\Local\ATI
2014-01-23 18:01 . 2014-01-23 18:01 -------- d-----w- c:\users\Hannybal\AppData\Local\2K Games
2014-01-23 17:59 . 2014-01-23 17:59 -------- d-----w- c:\users\Microsheep\AppData\Local\2K Games
2014-01-21 22:31 . 2014-01-21 22:31 -------- d-----w- c:\windows\ERUNT
2014-01-21 09:47 . 2014-01-21 09:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-21 09:47 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-21 09:44 . 2014-01-21 19:55 -------- d-----w- C:\AdwCleaner
2014-01-21 08:53 . 2014-01-21 08:53 388096 ----a-r- c:\users\Microsheep\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-21 08:53 . 2014-01-21 08:53 -------- d-----w- c:\program files (x86)\HJT
2014-01-20 19:48 . 2014-01-20 19:48 -------- d-----w- c:\users\Microsheep\AppData\Local\PassMark
2014-01-20 19:48 . 2014-01-20 19:48 -------- d-----w- c:\programdata\Passmark
2014-01-20 19:47 . 2014-01-20 19:48 -------- d-----w- c:\program files\PerformanceTest
2014-01-20 18:33 . 2007-01-01 19:03 40960 ----a-r- c:\windows\SysWow64\psfind.dll
2014-01-20 18:33 . 2006-07-11 17:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-01-20 18:33 . 2006-07-11 17:35 503808 ----a-w- c:\windows\SysWow64\MSVCP71.dll
2014-01-19 19:24 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-01-19 19:24 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-01-15 15:15 . 2014-01-09 08:02 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 15:15 . 2014-01-09 08:02 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-15 09:19 . 2012-10-12 22:22 1361408 ----a-w- c:\windows\system32\Windows.UI.Immersive.dll
2014-01-15 09:18 . 2012-10-24 04:54 396008 ----a-w- c:\windows\system32\hal.dll
2014-01-15 09:16 . 2013-07-09 06:18 439488 ----a-w- c:\windows\system32\WerFault.exe
2014-01-15 09:15 . 2013-10-10 09:21 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-01-15 09:15 . 2013-10-10 09:20 723968 ----a-w- c:\windows\system32\BFE.DLL
2014-01-15 09:15 . 2013-10-10 11:53 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2014-01-15 09:15 . 2012-10-24 03:25 26624 ----a-w- c:\windows\system32\ReAgentc.exe
2014-01-15 09:15 . 2012-10-24 02:48 24064 ----a-w- c:\windows\SysWow64\ReAgentc.exe
2014-01-15 09:15 . 2013-09-23 22:30 419328 ----a-w- c:\windows\system32\schannel.dll
2014-01-15 09:15 . 2013-09-23 22:30 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2014-01-15 09:15 . 2013-03-02 08:23 375808 ----a-w- c:\windows\SysWow64\ReAgent.dll
2014-01-15 09:15 . 2013-03-02 02:44 1011200 ----a-w- c:\windows\system32\reseteng.dll
2014-01-15 09:15 . 2012-12-15 04:55 443392 ----a-w- c:\windows\system32\ReAgent.dll
2014-01-15 09:15 . 2012-11-03 05:26 132096 ----a-w- c:\windows\system32\sysreset.exe
2014-01-15 09:15 . 2012-11-03 05:25 945152 ----a-w- c:\windows\system32\resetengmig.dll
2014-01-15 09:13 . 2013-11-06 23:18 4036608 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 09:12 . 2013-12-07 06:37 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 09:12 . 2013-12-07 05:15 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-01-15 09:12 . 2013-12-07 05:15 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 09:12 . 2013-03-22 03:49 2382336 ----a-w- c:\windows\SysWow64\esent.dll
2014-01-15 09:12 . 2013-03-21 22:47 2851840 ----a-w- c:\windows\system32\esent.dll
2014-01-15 09:09 . 2012-11-20 05:24 1164800 ----a-w- c:\windows\SysWow64\Display.dll
2014-01-15 09:09 . 2012-11-20 05:17 1184256 ----a-w- c:\windows\system32\Display.dll
2014-01-15 09:09 . 2012-11-20 05:02 6656 ----a-w- c:\windows\SysWow64\KBDKURD.DLL
2014-01-15 09:09 . 2012-11-20 04:59 7168 ----a-w- c:\windows\system32\KBDKURD.DLL
2014-01-15 09:05 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-01-15 09:05 . 2012-10-11 05:45 370176 ----a-w- c:\windows\system32\SysFxUI.dll
2014-01-15 09:05 . 2012-10-11 05:19 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2014-01-15 09:05 . 2012-10-11 05:18 111616 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-01-15 09:03 . 2013-08-02 06:28 10116608 ----a-w- c:\windows\system32\twinui.dll
2014-01-15 09:03 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2014-01-15 09:03 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll
2014-01-15 09:03 . 2013-08-02 05:08 8858112 ----a-w- c:\windows\SysWow64\twinui.dll
2014-01-15 09:02 . 2013-11-01 05:38 312320 ----a-w- c:\windows\system32\msieftp.dll
2014-01-15 09:02 . 2013-11-01 03:49 273408 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-01-14 15:33 . 2014-01-14 15:35 -------- d-----w- c:\program files (x86)\Counter-Strike 1.6
2014-01-07 15:15 . 2014-01-07 15:17 -------- d-----w- c:\programdata\Protexis64
2014-01-07 15:13 . 2014-01-07 15:13 -------- d-----w- c:\program files\Common Files\Protexis
2014-01-07 15:13 . 2014-01-07 15:13 -------- d-----w- c:\programdata\Corel
2014-01-07 15:11 . 2014-01-07 15:11 -------- d-----w- c:\program files\Corel
2014-01-07 13:38 . 2014-01-07 13:38 -------- d-----w- c:\program files\Common Files\Corel
2014-01-07 08:54 . 2014-01-07 09:03 -------- d-----w- c:\users\Microsheep\AppData\Roaming\TeamViewer
2014-01-04 10:13 . 2014-01-04 10:13 -------- d-----w- c:\users\Microsheep\AppData\Roaming\JavaFX Scene Builder
2014-01-04 10:09 . 2014-01-04 10:08 312744 ----a-w- c:\windows\system32\javaws.exe
2014-01-04 10:08 . 2014-01-04 10:08 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-04 10:08 . 2014-01-04 10:08 189352 ----a-w- c:\windows\system32\javaw.exe
2014-01-04 10:08 . 2014-01-04 10:08 189352 ----a-w- c:\windows\system32\java.exe
2014-01-02 11:37 . 2014-01-02 11:37 -------- d-----w- c:\users\Microsheep\AppData\Roaming\Scene Builder
2014-01-02 11:33 . 2014-01-04 10:12 -------- d-----w- c:\program files (x86)\Oracle
2014-01-01 09:49 . 2014-01-01 09:49 -------- d-----w- c:\windows\system32\appmgmt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-23 18:10 . 2013-10-03 19:38 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-01-23 18:10 . 2013-10-03 19:36 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-01-19 07:33 . 2013-09-30 10:58 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-15 18:51 . 2013-10-14 14:53 82896128 ----a-w- c:\windows\system32\MRT.exe
2014-01-08 13:42 . 2013-10-03 19:36 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-20 20:36 . 2013-09-30 10:44 65536 ----a-w- c:\windows\system32\spu_storage.bin
2013-12-06 22:08 . 2013-12-06 22:08 157736 ----a-w- c:\windows\system32\amdhcp64.dll
2013-12-06 22:08 . 2013-12-06 22:08 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-12-06 22:05 . 2013-12-06 22:05 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-12-06 22:04 . 2013-12-06 22:04 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-12-06 22:04 . 2013-09-05 08:01 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-12-06 22:03 . 2013-12-06 22:03 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2013-12-06 22:02 . 2013-12-06 22:02 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-12-06 22:01 . 2013-09-05 08:01 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2013-12-06 22:01 . 2013-12-06 22:01 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-12-06 22:00 . 2013-09-05 08:01 9753752 ----a-w- c:\windows\system32\atidxx64.dll
2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-12-06 21:59 . 2013-12-06 21:59 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-12-06 21:58 . 2013-12-06 21:58 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-12-06 21:57 . 2013-12-06 21:57 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2013-12-06 21:56 . 2013-12-06 21:56 7751920 ----a-w- c:\windows\system32\atiumd64.dll
2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll
2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-06 21:28 . 2013-12-06 21:28 77312 ----a-w- c:\windows\system32\drivers\amdkiomd.sys
2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll
2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll
2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-12-06 20:53 . 2013-12-06 20:53 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll
2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe
2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-12-06 20:22 . 2013-12-06 20:22 96256 ----a-w- c:\windows\system32\amdave64.dll
2013-12-06 20:22 . 2013-12-06 20:22 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-12-06 20:22 . 2013-12-06 20:22 1144320 ----a-w- c:\windows\system32\atiadlxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 89088 ----a-w- c:\windows\system32\atisamu64.dll
2013-12-06 20:22 . 2013-12-06 20:22 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2013-12-06 20:22 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-12-06 20:21 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-12-06 15:49 . 2013-12-06 15:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-12-06 15:44 . 2013-12-06 15:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-12-06 15:24 . 2013-12-06 15:24 350208 ----a-w- c:\windows\system32\amdacpusl.dll
2013-12-06 15:24 . 2013-12-06 15:24 237056 ----a-w- c:\windows\SysWow64\amdacpusl.dll
2013-11-15 05:10 . 2013-11-15 05:10 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-11 1823656]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2013-09-16 800280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2013-08-27 111696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
.
c:\users\Microsheep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Microsheep\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Start8;Stardock Start8;c:\program files (x86)\Stardock\Start8\Start8Srv.exe;c:\program files (x86)\Stardock\Start8\Start8Srv.exe [x]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
R3 cpuz136;cpuz136;c:\users\MICROS~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\MICROS~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd2.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\SysWOW64\fsproflt2.exe;c:\windows\SysWOW64\fsproflt2.exe [x]
S3 amdiommu;amdiommu;c:\windows\System32\drivers\amdkiomd.sys;c:\windows\SYSNATIVE\drivers\amdkiomd.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 sthid;Splashtop Virtual Hid;c:\windows\System32\drivers\sthid.sys;c:\windows\SYSNATIVE\drivers\sthid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 23:42 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30 10:23]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30 10:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Microsheep\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2013-05-20 499712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-29 7174728]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
LSP: %windir%\system32\vsocklib.dll
TCP: Interfaces\{C7ED262C-4208-4DAB-B5D6-22DED1A98C53}: NameServer = 10.122.0.1,10.122.128.2
FF - ProfilePath - c:\users\Microsheep\AppData\Roaming\Mozilla\Firefox\Profiles\t0v5vggr.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Dishonored 1.00 - c:\hry\Dishonored\Dishonored\Dishonored\Uninstall.exe
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2014-01-25 10:30:51
ComboFix-quarantined-files.txt 2014-01-25 09:30
ComboFix2.txt 2014-01-24 10:10
ComboFix3.txt 2014-01-22 10:32
.
Před spuštěním: 334 348 369 920 bytes free
Po spuštění: 333 966 643 200 bytes free
.
- - End Of File - - DFCA345CEAF86AC81637AE83EEB0A570
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

aswMBR v nouz. režimu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\SysWow64\Drivers\atapi.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://jpshortstuff.247fixes.com/SystemLook.exe

SystemLook (64-bit)
http://jpshortstuff.247fixes.com/SystemLook_x64.exe

a ulož si ho na plochu.

Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:

Kód: Vybrat vše

:filefind
atapi.sys.*


Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)


10.122.0.1,10.122.128.2 --je to v Amarice.. znáš to?

[Microsheep]

aswMBR padá i v nouzovém režimu.
Na cestě c:\windows\SysWow64\Drivers\atapi.sys, tam ten soubor nemůžu najít, zkoušel jsem vše, ani total commander ho nevidí. Mám všechny systémové, skryté soubory odkryté, ale na té cestě takový soubor prostě není.

[Microsheep]

SystemLook 30.07.11 by jpshortstuff
Log created at 10:27 on 26/01/2014 by Microsheep
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys.*"
C:\Windows\erdnt\cache64\atapi.sys --a---- 25840 bytes [10:30 22/01/2014] [05:00 26/07/2012] A721FF570C2387E383BDDEA9632863C9
C:\Windows\System32\Drivers\atapi.sys --a---- 25840 bytes [03:11 26/07/2012] [05:00 26/07/2012] A721FF570C2387E383BDDEA9632863C9
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_69660e2be041f47b\atapi.sys --a--c- 25840 bytes [03:11 26/07/2012] [05:00 26/07/2012] A721FF570C2387E383BDDEA9632863C9
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_b733d17ea1e7f604\atapi.sys --a--c- 25840 bytes [03:11 26/07/2012] [05:00 26/07/2012] A721FF570C2387E383BDDEA9632863C9
C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_3601cf7eab4e0493\atapi.sys --a--c- 25840 bytes [03:11 26/07/2012] [05:00 26/07/2012] A721FF570C2387E383BDDEA9632863C9
C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16548_none_36311422ab29f479\atapi.sys --a--c- 25840 bytes [03:11 26/07/2012] [05:00 26/07/2012] A721FF570C2387E383BDDEA9632863C9
C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.20652_none_36a9df45c455182a\atapi.sys --a--c- 25840 bytes [03:11 26/07/2012] [05:00 26/07/2012] A721FF570C2387E383BDDEA9632863C9

-= EOF =-

[Microsheep]

Ty IP adresy neznám, ale jsou to intranetové adresy, teda vnitřní sítě, já mám síť číslovanou jinak a navíc jsem za routrem.
//Tak IP adresu 10.122.0.1 znám, je to DNS server poskytovatele, tu druhou neznám, pravděpodobně nějaký jejich router.

[Microsheep]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:54, on 26. 1. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files\Hide Folders 2012\hf.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Microsheep\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - Startup: Dropbox.lnk = Microsheep\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7ED262C-4208-4DAB-B5D6-22DED1A98C53}: NameServer = 10.122.0.1,10.122.128.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - Unknown owner - C:\Program Files (x86)\BlueStacks\HD-Service.exe (file missing)
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - Unknown owner - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FSPro Filter Service 2 (fsproflt2) - FSPro Labs - C:\Windows\SysWOW64\fsproflt2.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8378 bytes

[jaro3]

Stáhni si BlitzBlank

Na svojí plochu . Poklepej na Blitzblank.exe. Klikni na OK (pro vzetí na vědomí ,že je to velmi mocný nástroj).
Klikni na „Script“ a poté zkopíruj a vlož do okna pod Script následující text:

Kód: Vybrat vše

CopyFile:
C:\Windows\erdnt\cache64\atapi.sys c:\windows\SysWow64\Drivers\atapi.sys


Poté klikni na „Execute Now“
Program vyžaduje restart počítače pro provedení úkonu nahrazení souborů.
Po dokončení výpisu se objeví zpráva z programu v adresáři C:\ (systémový disk) pod názvem BlitzBlank(verze) .txt
Zprávu zkopíruj a vlož ji celou sem.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Google\Update
c:\program files (x86)\Skype\Updater

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.