kontrola RSIT

Zpráva

tkalarm · #1 Příspěvek od **tkalarm** » 19 úno 2016 17:42

Dobrý večer, před několika dny jsem chtěl nainstalovat poštovního klienta Evolution. Instalační soubor jsem stáhnul z těchto stránek: http://download.chip.eu/cz/Evolution_166356.html. Poštovní klient nainstalován nebyl, instalační program mi do PC nainstaloval prohlížeč Opera a PC se začalo chovat nestandardně (změna domovské stránky internetu, nabídky k vyčištění PC ap.). krom toho se svévolně nainstalovaly i další programy (MS Silverlifht, MS Visual C++ 2013 Redistributable...). Pokusil jsem se co neznám odinstalovat, nicméně dokonalým výsledkem si jistý nejsem, proto prosím o kontrolu RSIT, příp. další rady... Velmi děkuji, přeji hezký večer a víkend. TK

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-02-19 17:28:37
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 91 GB (59%) free of 152 GB
Total RAM: 2038 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:28:53, on 19.2.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18205)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MTV Kalinovi\Downloads\RSIT.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpnX-zdbNCsV-F2BIu4J0tZlr6VgUxmg4bjxNs4PC3nbywhIYuC-Shh7VC5iQDzMFzRNZekPY-vAVTDNOoqIJwpKQfO5w,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WinToFlash Suggestor - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1101366956-505010515-1023227618-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'MTV Kalinovi')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll
O9 - Extra 'Tools' menuitem: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ApplicationHosting - Unknown owner - C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: WdMan Service (WdMan) - TU-Funs LIMITED - C:\ProgramData\HWdMH\WdMan.exe

--
End of file - 6223 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ch87pq45.default

prefs.js - "browser.startup.homepage" - "http://www.istartpageing.com/?type=hp&t ... XX9LS32V7S"

"deskCutv2@gmail.com"=C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ch87pq45.default\extensions\deskCutv2@gmail.com

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ch87pq45.default\extensions\
deskCutv2@gmail.com

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ch87pq45.default\searchplugins\
findit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}]
WinToFlash Suggestor - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll [2012-05-25 281424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 981688]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2015-12-08 6602152]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=iyvu9_32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-02-19 17:28:37 ----D---- C:\rsit
2016-02-19 17:28:37 ----D---- C:\Program Files\trend micro
2016-02-14 10:09:21 ----D---- C:\ProgramData\HWdMH
2016-02-14 10:09:21 ----A---- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-02-14 10:08:38 ----D---- C:\Users\Admin\AppData\Roaming\istartpageing
2016-02-14 09:56:47 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-02-13 21:28:33 ----D---- C:\Users\Admin\AppData\Roaming\dlg
2016-02-13 21:08:14 ----D---- C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2016-02-13 21:06:37 ----D---- C:\Program Files\Microsoft Silverlight
2016-02-13 21:04:12 ----D---- C:\ProgramData\Greentanlexs
2016-02-13 21:03:55 ----A---- C:\Users\Admin\AppData\Roaming\noah.dat
2016-02-13 21:03:55 ----A---- C:\Users\Admin\AppData\Roaming\Main.dat
2016-02-13 21:03:55 ----A---- C:\Users\Admin\AppData\Roaming\agent.dat
2016-02-13 21:03:25 ----A---- C:\Users\Admin\AppData\Roaming\Bamzozron.exe
2016-02-13 21:03:19 ----D---- C:\ProgramData\ApplicationHosting
2016-02-13 21:02:34 ----A---- C:\Users\Admin\AppData\Roaming\Installer.dat
2016-02-13 21:02:24 ----D---- C:\Users\Admin\AppData\Roaming\Opera Software
2016-02-13 20:56:52 ----D---- C:\Program Files\Opera
2016-02-13 19:29:44 ----A---- C:\Windows\system32\invagent.dll
2016-02-13 19:29:44 ----A---- C:\Windows\system32\generaltel.dll
2016-02-13 19:29:44 ----A---- C:\Windows\system32\devinv.dll
2016-02-13 19:29:44 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-02-13 19:29:44 ----A---- C:\Windows\system32\appraiser.dll
2016-02-13 19:29:44 ----A---- C:\Windows\system32\aeinv.dll
2016-02-13 19:29:44 ----A---- C:\Windows\system32\acmigration.dll
2016-02-13 19:29:32 ----A---- C:\Windows\system32\ole32.dll
2016-02-13 19:28:53 ----A---- C:\Windows\system32\shell32.dll
2016-02-13 19:28:52 ----A---- C:\Windows\system32\ExplorerFrame.dll
2016-02-13 19:28:52 ----A---- C:\Windows\system32\authui.dll
2016-02-13 19:28:52 ----A---- C:\Windows\explorer.exe
2016-02-13 19:28:42 ----A---- C:\Windows\system32\jnwmon.dll
2016-02-13 19:28:42 ----A---- C:\Windows\system32\InkEd.dll
2016-02-13 19:28:33 ----A---- C:\Windows\system32\EncDec.dll
2016-02-13 19:28:33 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-13 19:28:32 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-02-13 19:28:32 ----A---- C:\Windows\system32\ntdll.dll
2016-02-13 19:28:31 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-13 19:28:31 ----A---- C:\Windows\system32\kernel32.dll
2016-02-13 19:28:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-13 19:28:30 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-13 19:28:30 ----A---- C:\Windows\system32\advapi32.dll
2016-02-13 19:28:29 ----A---- C:\Windows\system32\msorcl32.dll
2016-02-13 19:28:29 ----A---- C:\Windows\system32\kerberos.dll
2016-02-13 19:28:28 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-02-13 19:28:28 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-02-13 19:28:27 ----A---- C:\Windows\system32\winsrv.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\wdigest.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\TSpkg.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\sspicli.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\srcore.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\smss.exe
2016-02-13 19:28:26 ----A---- C:\Windows\system32\schannel.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\rpcrt4.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\ncrypt.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\msv1_0.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\lsasrv.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-02-13 19:28:26 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-02-13 19:28:26 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-02-13 19:28:26 ----A---- C:\Windows\system32\csrsrv.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\cryptbase.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\conhost.exe
2016-02-13 19:28:25 ----A---- C:\Windows\system32\sspisrv.dll
2016-02-13 19:28:25 ----A---- C:\Windows\system32\srclient.dll
2016-02-13 19:28:25 ----A---- C:\Windows\system32\secur32.dll
2016-02-13 19:28:25 ----A---- C:\Windows\system32\rstrui.exe
2016-02-13 19:28:25 ----A---- C:\Windows\system32\lsass.exe
2016-02-13 19:28:25 ----A---- C:\Windows\system32\credssp.dll
2016-02-13 19:28:25 ----A---- C:\Windows\system32\apisetschema.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-13 19:28:24 ----A---- C:\Windows\system32\auditpol.exe
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-13 19:28:22 ----A---- C:\Windows\system32\msobjs.dll
2016-02-13 19:28:22 ----A---- C:\Windows\system32\msaudite.dll
2016-02-13 19:28:22 ----A---- C:\Windows\system32\adtschema.dll
2016-02-13 19:27:34 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-13 19:27:33 ----A---- C:\Windows\system32\win32k.sys
2016-02-13 19:27:27 ----A---- C:\Windows\system32\urlmon.dll
2016-02-13 19:27:26 ----A---- C:\Windows\system32\ieui.dll
2016-02-13 19:27:24 ----A---- C:\Windows\system32\ieframe.dll
2016-02-13 19:27:19 ----A---- C:\Windows\system32\mshtml.dll
2016-02-13 19:27:16 ----A---- C:\Windows\system32\iertutil.dll
2016-02-13 19:24:51 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-13 19:24:51 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-02-13 19:24:51 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-02-13 19:24:50 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-13 19:24:50 ----A---- C:\Windows\system32\iernonce.dll
2016-02-13 19:24:50 ----A---- C:\Windows\system32\ie4uinit.exe
2016-02-13 19:24:49 ----A---- C:\Windows\system32\occache.dll
2016-02-13 19:24:49 ----A---- C:\Windows\system32\jsproxy.dll
2016-02-13 19:24:49 ----A---- C:\Windows\system32\ieUnatt.exe
2016-02-13 19:24:49 ----A---- C:\Windows\system32\iedkcs32.dll
2016-02-13 19:24:48 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-13 19:24:48 ----A---- C:\Windows\system32\jscript9diag.dll
2016-02-13 19:24:48 ----A---- C:\Windows\system32\inseng.dll
2016-02-13 19:24:48 ----A---- C:\Windows\system32\ieapfltr.dll
2016-02-13 19:24:48 ----A---- C:\Windows\system32\dxtmsft.dll
2016-02-13 19:24:46 ----A---- C:\Windows\system32\webcheck.dll
2016-02-13 19:24:46 ----A---- C:\Windows\system32\msrating.dll
2016-02-13 19:24:46 ----A---- C:\Windows\system32\iesetup.dll
2016-02-13 19:24:45 ----A---- C:\Windows\system32\wininet.dll
2016-02-13 19:24:45 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-02-13 19:24:43 ----A---- C:\Windows\system32\dxtrans.dll
2016-02-13 19:24:40 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-02-13 19:24:40 ----A---- C:\Windows\system32\mshtmled.dll
2016-02-13 19:24:39 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-02-13 19:24:36 ----A---- C:\Windows\system32\jscript9.dll
2016-02-13 19:24:35 ----A---- C:\Windows\system32\vbscript.dll
2016-02-13 19:24:35 ----A---- C:\Windows\system32\jscript.dll
2016-02-13 19:21:41 ----A---- C:\Windows\system32\wuwebv.dll
2016-02-13 19:21:41 ----A---- C:\Windows\system32\wudriver.dll
2016-02-13 19:21:41 ----A---- C:\Windows\system32\wucltux.dll
2016-02-13 19:21:41 ----A---- C:\Windows\system32\wuaueng.dll
2016-02-13 19:21:41 ----A---- C:\Windows\system32\wuapi.dll
2016-02-13 19:21:40 ----A---- C:\Windows\system32\wups2.dll
2016-02-13 19:21:40 ----A---- C:\Windows\system32\wups.dll
2016-02-13 19:21:40 ----A---- C:\Windows\system32\wuauclt.exe
2016-02-13 19:21:40 ----A---- C:\Windows\system32\wuapp.exe
2016-02-13 19:21:40 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2016-02-13 19:21:40 ----A---- C:\Windows\system32\WinSetupUI.dll
2016-02-13 19:16:02 ----D---- C:\Program Files\Mozilla Firefox
2016-01-25 18:47:18 ----D---- C:\Program Files\Záchranný kruh - Dopravní výchova
2016-01-22 18:21:40 ----D---- C:\Program Files\Záhada skateparku
2016-01-22 18:21:34 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 1 month======

2016-02-19 17:28:52 ----D---- C:\Windows\Prefetch
2016-02-19 17:28:48 ----D---- C:\Windows\Temp
2016-02-19 17:28:37 ----RD---- C:\Program Files
2016-02-19 08:05:17 ----SHD---- C:\Windows\Installer
2016-02-19 07:59:25 ----SHD---- C:\System Volume Information
2016-02-19 07:44:07 ----D---- C:\Windows\system32\config
2016-02-17 21:03:39 ----D---- C:\Windows\system32\Tasks
2016-02-16 20:38:46 ----D---- C:\Windows\System32
2016-02-16 20:38:46 ----D---- C:\Windows\inf
2016-02-16 20:38:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-16 08:39:06 ----D---- C:\Windows\rescache
2016-02-15 21:29:27 ----D---- C:\Windows\system32\MRT
2016-02-15 21:26:05 ----A---- C:\Windows\system32\MRT.exe
2016-02-15 18:29:10 ----D---- C:\Windows\winsxs
2016-02-15 18:27:10 ----D---- C:\Windows\system32\cs-CZ
2016-02-15 18:27:08 ----D---- C:\Windows\system32\drivers
2016-02-14 14:49:48 ----D---- C:\Windows\Microsoft.NET
2016-02-14 14:49:09 ----RSD---- C:\Windows\assembly
2016-02-14 14:38:39 ----HD---- C:\ProgramData
2016-02-14 14:37:12 ----SD---- C:\Windows\system32\CompatTel
2016-02-14 14:37:12 ----D---- C:\Windows\system32\appraiser
2016-02-14 14:37:12 ----D---- C:\Windows\AppPatch
2016-02-14 14:37:10 ----D---- C:\Windows\cs-CZ
2016-02-14 14:37:10 ----D---- C:\Windows
2016-02-14 14:37:10 ----D---- C:\Program Files\Windows Journal
2016-02-14 14:37:09 ----D---- C:\Windows\system32\en-US
2016-02-14 14:37:09 ----D---- C:\Program Files\Internet Explorer
2016-02-14 10:10:16 ----D---- C:\Windows\Tasks
2016-02-14 10:04:57 ----D---- C:\Program Files\Common Files
2016-02-14 09:51:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2016-02-13 21:07:30 ----SD---- C:\Users\Admin\AppData\Roaming\Microsoft
2016-02-13 21:07:12 ----SD---- C:\ProgramData\Microsoft
2016-02-13 19:21:03 ----D---- C:\Windows\system32\catroot2
2016-02-13 18:36:28 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-01-23 22:51:53 ----D---- C:\Windows\system32\wdi
2016-01-22 18:21:51 ----D---- C:\ProgramData\Adobe
2016-01-22 18:21:35 ----D---- C:\Program Files\Adobe
2016-01-22 18:21:30 ----D---- C:\Users\Admin\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 245096]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 AR9271;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athuw.sys [2013-06-29 1763584]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2005-11-29 260224]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 ApplicationHosting;ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [2016-02-09 530944]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 22216]
R2 WdMan;WdMan Service; C:\ProgramData\HWdMH\WdMan.exe [2016-02-14 794376]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 284504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-13 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-01-22 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-02-13 146888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 19 úno 2016 18:30

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

tkalarm · #3 Příspěvek od **tkalarm** » 19 úno 2016 19:02

Dobrý večer, předně děkuji za pomoc a Vaši promptní odpověď.
Bohužel jsem asi něco udělal špatně. Body 1-4 proběhly standardně, nicméně log se neobjevil a proběhla výzva k restartu PC s tím, že po něm by se měl log automaticky vygenerovat, což se ale nestalo...
pokusil jsem se program spustit znovu, ale vyskočí jen okno Adw Cleaner found no malicious program on your computer!
Děkuji za případné další rady...

#4 Příspěvek od **Rudy** » 19 úno 2016 19:23

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Admin\AppData\Roaming\noah.dat
C:\Users\Admin\AppData\Roaming\Main.dat
C:\Users\Admin\AppData\Roaming\agent.dat
C:\Users\Admin\AppData\Roaming\Bamzozron.exe

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

tkalarm · #5 Příspěvek od **tkalarm** » 19 úno 2016 19:59

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-02-19 19:57:39
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 91 GB (60%) free of 152 GB
Total RAM: 2038 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:57:53, on 19.2.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18205)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\taskeng.exe
C:\Users\MTV Kalinovi\Downloads\RSIT.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpnX-zdbNCsV-F2BIu4J0tZlr6VgUxmg4bjxNs4PC3nbywhIYuC-Shh7VC5iQDzMFzRNZekPY-vAVTDNOoqIJwpKQfO5w,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Report] \AdwCleaner\AdwCleaner[C3].txt
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1101366956-505010515-1023227618-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'MTV Kalinovi')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - (no file)
O9 - Extra 'Tools' menuitem: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 5505 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ch87pq45.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 981688]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2015-12-08 6602152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Report"=\AdwCleaner\AdwCleaner[C3].txt [2016-02-19 769]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=iyvu9_32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-02-19 19:53:59 ----D---- C:\_OTM
2016-02-19 18:35:34 ----D---- C:\AdwCleaner
2016-02-19 17:28:37 ----D---- C:\rsit
2016-02-19 17:28:37 ----D---- C:\Program Files\trend micro
2016-02-14 09:56:47 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-02-13 21:28:33 ----D---- C:\Users\Admin\AppData\Roaming\dlg
2016-02-13 21:06:37 ----D---- C:\Program Files\Microsoft Silverlight
2016-02-13 21:04:12 ----D---- C:\ProgramData\Greentanlexs
2016-02-13 21:02:34 ----A---- C:\Users\Admin\AppData\Roaming\Installer.dat
2016-02-13 21:02:24 ----D---- C:\Users\Admin\AppData\Roaming\Opera Software
2016-02-13 20:56:52 ----D---- C:\Program Files\Opera
2016-02-13 19:29:44 ----A---- C:\Windows\system32\invagent.dll
2016-02-13 19:29:44 ----A---- C:\Windows\system32\generaltel.dll
2016-02-13 19:29:44 ----A---- C:\Windows\system32\devinv.dll
2016-02-13 19:29:44 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-02-13 19:29:44 ----A---- C:\Windows\system32\appraiser.dll
2016-02-13 19:29:44 ----A---- C:\Windows\system32\aeinv.dll
2016-02-13 19:29:44 ----A---- C:\Windows\system32\acmigration.dll
2016-02-13 19:29:32 ----A---- C:\Windows\system32\ole32.dll
2016-02-13 19:28:53 ----A---- C:\Windows\system32\shell32.dll
2016-02-13 19:28:52 ----A---- C:\Windows\system32\ExplorerFrame.dll
2016-02-13 19:28:52 ----A---- C:\Windows\system32\authui.dll
2016-02-13 19:28:52 ----A---- C:\Windows\explorer.exe
2016-02-13 19:28:42 ----A---- C:\Windows\system32\jnwmon.dll
2016-02-13 19:28:42 ----A---- C:\Windows\system32\InkEd.dll
2016-02-13 19:28:33 ----A---- C:\Windows\system32\EncDec.dll
2016-02-13 19:28:33 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-13 19:28:32 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-02-13 19:28:32 ----A---- C:\Windows\system32\ntdll.dll
2016-02-13 19:28:31 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-13 19:28:31 ----A---- C:\Windows\system32\kernel32.dll
2016-02-13 19:28:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-13 19:28:30 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-13 19:28:30 ----A---- C:\Windows\system32\advapi32.dll
2016-02-13 19:28:29 ----A---- C:\Windows\system32\msorcl32.dll
2016-02-13 19:28:29 ----A---- C:\Windows\system32\kerberos.dll
2016-02-13 19:28:28 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-02-13 19:28:28 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-02-13 19:28:27 ----A---- C:\Windows\system32\winsrv.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\wdigest.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\TSpkg.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\sspicli.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\srcore.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\smss.exe
2016-02-13 19:28:26 ----A---- C:\Windows\system32\schannel.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\rpcrt4.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\ncrypt.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\msv1_0.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\lsasrv.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-02-13 19:28:26 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-02-13 19:28:26 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-02-13 19:28:26 ----A---- C:\Windows\system32\csrsrv.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\cryptbase.dll
2016-02-13 19:28:26 ----A---- C:\Windows\system32\conhost.exe
2016-02-13 19:28:25 ----A---- C:\Windows\system32\sspisrv.dll
2016-02-13 19:28:25 ----A---- C:\Windows\system32\srclient.dll
2016-02-13 19:28:25 ----A---- C:\Windows\system32\secur32.dll
2016-02-13 19:28:25 ----A---- C:\Windows\system32\rstrui.exe
2016-02-13 19:28:25 ----A---- C:\Windows\system32\lsass.exe
2016-02-13 19:28:25 ----A---- C:\Windows\system32\credssp.dll
2016-02-13 19:28:25 ----A---- C:\Windows\system32\apisetschema.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-13 19:28:24 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-13 19:28:24 ----A---- C:\Windows\system32\auditpol.exe
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-13 19:28:23 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-13 19:28:22 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-13 19:28:22 ----A---- C:\Windows\system32\msobjs.dll
2016-02-13 19:28:22 ----A---- C:\Windows\system32\msaudite.dll
2016-02-13 19:28:22 ----A---- C:\Windows\system32\adtschema.dll
2016-02-13 19:27:34 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-13 19:27:33 ----A---- C:\Windows\system32\win32k.sys
2016-02-13 19:27:27 ----A---- C:\Windows\system32\urlmon.dll
2016-02-13 19:27:26 ----A---- C:\Windows\system32\ieui.dll
2016-02-13 19:27:24 ----A---- C:\Windows\system32\ieframe.dll
2016-02-13 19:27:19 ----A---- C:\Windows\system32\mshtml.dll
2016-02-13 19:27:16 ----A---- C:\Windows\system32\iertutil.dll
2016-02-13 19:24:51 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-13 19:24:51 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-02-13 19:24:51 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-02-13 19:24:50 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-13 19:24:50 ----A---- C:\Windows\system32\iernonce.dll
2016-02-13 19:24:50 ----A---- C:\Windows\system32\ie4uinit.exe
2016-02-13 19:24:49 ----A---- C:\Windows\system32\occache.dll
2016-02-13 19:24:49 ----A---- C:\Windows\system32\jsproxy.dll
2016-02-13 19:24:49 ----A---- C:\Windows\system32\ieUnatt.exe
2016-02-13 19:24:49 ----A---- C:\Windows\system32\iedkcs32.dll
2016-02-13 19:24:48 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-13 19:24:48 ----A---- C:\Windows\system32\jscript9diag.dll
2016-02-13 19:24:48 ----A---- C:\Windows\system32\inseng.dll
2016-02-13 19:24:48 ----A---- C:\Windows\system32\ieapfltr.dll
2016-02-13 19:24:48 ----A---- C:\Windows\system32\dxtmsft.dll
2016-02-13 19:24:46 ----A---- C:\Windows\system32\webcheck.dll
2016-02-13 19:24:46 ----A---- C:\Windows\system32\msrating.dll
2016-02-13 19:24:46 ----A---- C:\Windows\system32\iesetup.dll
2016-02-13 19:24:45 ----A---- C:\Windows\system32\wininet.dll
2016-02-13 19:24:45 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-02-13 19:24:43 ----A---- C:\Windows\system32\dxtrans.dll
2016-02-13 19:24:40 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-02-13 19:24:40 ----A---- C:\Windows\system32\mshtmled.dll
2016-02-13 19:24:39 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-02-13 19:24:36 ----A---- C:\Windows\system32\jscript9.dll
2016-02-13 19:24:35 ----A---- C:\Windows\system32\vbscript.dll
2016-02-13 19:24:35 ----A---- C:\Windows\system32\jscript.dll
2016-02-13 19:21:41 ----A---- C:\Windows\system32\wuwebv.dll
2016-02-13 19:21:41 ----A---- C:\Windows\system32\wudriver.dll
2016-02-13 19:21:41 ----A---- C:\Windows\system32\wucltux.dll
2016-02-13 19:21:41 ----A---- C:\Windows\system32\wuaueng.dll
2016-02-13 19:21:41 ----A---- C:\Windows\system32\wuapi.dll
2016-02-13 19:21:40 ----A---- C:\Windows\system32\wups2.dll
2016-02-13 19:21:40 ----A---- C:\Windows\system32\wups.dll
2016-02-13 19:21:40 ----A---- C:\Windows\system32\wuauclt.exe
2016-02-13 19:21:40 ----A---- C:\Windows\system32\wuapp.exe
2016-02-13 19:21:40 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2016-02-13 19:21:40 ----A---- C:\Windows\system32\WinSetupUI.dll
2016-02-13 19:16:02 ----D---- C:\Program Files\Mozilla Firefox
2016-01-25 18:47:18 ----D---- C:\Program Files\Záchranný kruh - Dopravní výchova
2016-01-22 18:21:40 ----D---- C:\Program Files\Záhada skateparku
2016-01-22 18:21:34 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 1 month======

2016-02-19 19:57:15 ----D---- C:\Windows\Prefetch
2016-02-19 19:56:04 ----D---- C:\Windows\Temp
2016-02-19 19:55:11 ----D---- C:\Windows\system32\config
2016-02-19 19:18:16 ----SHD---- C:\Windows\Installer
2016-02-19 18:38:33 ----D---- C:\Windows\system32\Tasks
2016-02-19 18:38:31 ----HD---- C:\ProgramData
2016-02-19 18:38:31 ----D---- C:\Windows\System32
2016-02-19 18:38:29 ----RD---- C:\Program Files
2016-02-19 07:59:25 ----SHD---- C:\System Volume Information
2016-02-16 20:38:46 ----D---- C:\Windows\inf
2016-02-16 20:38:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-16 08:39:06 ----D---- C:\Windows\rescache
2016-02-15 21:29:27 ----D---- C:\Windows\system32\MRT
2016-02-15 21:26:05 ----A---- C:\Windows\system32\MRT.exe
2016-02-15 18:29:10 ----D---- C:\Windows\winsxs
2016-02-15 18:27:10 ----D---- C:\Windows\system32\cs-CZ
2016-02-15 18:27:08 ----D---- C:\Windows\system32\drivers
2016-02-14 14:49:48 ----D---- C:\Windows\Microsoft.NET
2016-02-14 14:49:09 ----RSD---- C:\Windows\assembly
2016-02-14 14:37:12 ----SD---- C:\Windows\system32\CompatTel
2016-02-14 14:37:12 ----D---- C:\Windows\system32\appraiser
2016-02-14 14:37:12 ----D---- C:\Windows\AppPatch
2016-02-14 14:37:10 ----D---- C:\Windows\cs-CZ
2016-02-14 14:37:10 ----D---- C:\Windows
2016-02-14 14:37:10 ----D---- C:\Program Files\Windows Journal
2016-02-14 14:37:09 ----D---- C:\Windows\system32\en-US
2016-02-14 14:37:09 ----D---- C:\Program Files\Internet Explorer
2016-02-14 10:10:16 ----D---- C:\Windows\Tasks
2016-02-14 10:04:57 ----D---- C:\Program Files\Common Files
2016-02-14 09:51:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2016-02-13 21:07:30 ----SD---- C:\Users\Admin\AppData\Roaming\Microsoft
2016-02-13 21:07:12 ----SD---- C:\ProgramData\Microsoft
2016-02-13 19:21:03 ----D---- C:\Windows\system32\catroot2
2016-02-13 18:36:28 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-01-23 22:51:53 ----D---- C:\Windows\system32\wdi
2016-01-22 18:21:51 ----D---- C:\ProgramData\Adobe
2016-01-22 18:21:35 ----D---- C:\Program Files\Adobe
2016-01-22 18:21:30 ----D---- C:\Users\Admin\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 245096]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 AR9271;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athuw.sys [2013-06-29 1763584]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2005-11-29 260224]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 22216]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 284504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-13 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-01-22 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-02-13 146888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 19 úno 2016 21:15

Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?

tkalarm · #7 Příspěvek od **tkalarm** » 19 úno 2016 21:39

Myslím, že je snad vše v pořádku, jen v prohlížeči se mi při prvním spuštění stále zobrazuje tato stránka: http://search.safefinder.com/?st=sc&q=
místo té, kterou mám nastavenu... při dalších spouštěních prohlížeče se již spustí mnou nastavená domovská...

Velmi děkuji za ochotu a Váš čas

#8 Příspěvek od **Rudy** » 19 úno 2016 22:38

Udělejte ještě tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

tkalarm · #9 Příspěvek od **tkalarm** » 20 úno 2016 19:40

Dobrý večer, včera už jsem nemohl pokračovat, požadované tedy zde, děkuji.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Professional x86
Ran by Admin (Administrator) on so 20.02.2016 at 19:35:29,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\ProgramData\greentanlexs (Folder)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 20.02.2016 at 19:37:25,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Admin on p 19.02.2016 at 22:44:31,54.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\MTV Kalinovi\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19.2.2016 22:45:39 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\Admin\AppData\Roaming\dlg deleted successfully
C:\Users\Admin\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1101366956-505010515-1023227618-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4ef9-8EE7-A3C3B7D83BB0} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ch87pq45.default\prefs.js:

Added to C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ch87pq45.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\MTVKAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\dv7v0aya.default-1455914709380\prefs.js:

Added to C:\Users\MTVKAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\dv7v0aya.default-1455914709380\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\MTVKAL~1\AppData\Roaming\Thunderbird\Profiles\n2ksdbob.default\prefs.js:

Added to C:\Users\MTVKAL~1\AppData\Roaming\Thunderbird\Profiles\n2ksdbob.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ch87pq45.default

user.js not found
---- Lines suggestor removed from prefs.js ----
user_pref("extensions.WinToFlashSuggestor.aid", "10045");
user_pref("extensions.WinToFlashSuggestor.uid", "066dacd3ce4c7a1ca67ae34e2b095625");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_19.02.2016_2303_.backup

ProfilePath: C:\Users\MTVKAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\dv7v0aya.default-1455914709380

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_19.02.2016_2303_.backup

ProfilePath: C:\Users\MTVKAL~1\AppData\Roaming\Thunderbird\Profiles\n2ksdbob.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_19.02.2016_2303_.backup

==== Deleting Files \ Folders ======================

C:\istartpageing.xml deleted
C:\Users\Admin\AppData\Roaming\uninstall_temp.ico deleted
C:\PROGRA~2\Package Cache deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ch87pq45.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\MTVKAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\dv7v0aya.default-1455914709380
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\MTVKAL~1\AppData\Roaming\Thunderbird\Profiles\n2ksdbob.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\MTVKAL~1\AppData\Roaming\Thunderbird\Profiles\n2ksdbob.default
- ExQuilla for Microsoft Exchange - C:\Users\MTV Kalinovi\AppData\Roaming\Thunderbird\Profiles\n2ksdbob.default\extensions\exquilla@mesquilla.com
- Exchange EWS Provider - C:\Users\MTV Kalinovi\AppData\Roaming\Thunderbird\Profiles\n2ksdbob.default\extensions\exchangecalendar@extensions.1st-setup.nl
- Lightning - C:\Users\MTV Kalinovi\AppData\Roaming\Thunderbird\Profiles\n2ksdbob.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Exchange EWS Provider - %ProfilePath%\extensions\exchangecalendar@extensions.1st-setup.nl
- ExQuilla for Microsoft Exchange - %ProfilePath%\extensions\exquilla@mesquilla.com
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- ProfilePassword - %ProfilePath%\extensions\{b9615918-d3de-44a4-ab65-76df7ea1f1c1}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ch87pq45.default
999A833D87C8CD918B5EE8C3F8149D2B - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpnX-zdbNCsV-F2BIu4J0tZlr6VgUxmg4bjxNs4PC3nbywhIYuC-Shh7VC5iQDzMFzRNZekPY-vAVTDNOoqIJwpKQfO5w,"
"Search Page"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}"
"Search Bar"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}"
"SearchAssistant"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfELa1PmjkbxS2dBZVdr-PB0Sda8b6KBOqsJpKxrDEozTTJq0EivGGg4eNPE0JvnUM-A8r4aOMs_StgpkWQlE-5EWPZHBiNfpPIMO1epsEG0SJ0b96Y1z8KEInjxQMoEE6Yvjx5fXzxt-9jYX8zLenJJWvREXtEGMLaeflPlphg,&q={searchTerms}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{ielnksrch}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{A2E4B677-259E-4A60-9892-8BE34567878E} - https://www.google.com/search?q={search ... utEncoding?}

==== Reset Google Chrome ======================

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\MTV Kalinovi\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
C:\Users\MTV Kalinovi\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\MTV Kalinovi\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Admin\Desktop\Záchranný kruh - Dopravní výchova.lnk -
C:\Users\MTV Kalinovi\Desktop\Dokumenty.lnk - C:\Users\Admin\ownCloud\documents
C:\Users\MTV Kalinovi\Desktop\FOTKY.lnk - C:\Users\Admin\ownCloud\photos
C:\Users\MTV Kalinovi\Desktop\Internet.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\MTV Kalinovi\Desktop\Microsoft Excel.lnk - C:\Windows\Installer\{91110405-6000-11D3-8CFE-0050048383C9}\xlicons.exe
C:\Users\MTV Kalinovi\Desktop\Microsoft PowerPoint.lnk - C:\Windows\Installer\{91110405-6000-11D3-8CFE-0050048383C9}\pptico.exe
C:\Users\MTV Kalinovi\Desktop\Microsoft Word.lnk - C:\Windows\Installer\{91110405-6000-11D3-8CFE-0050048383C9}\wordicon.exe
C:\Users\MTV Kalinovi\Desktop\MONOPOLY.lnk - C:\Users\MTV Kalinovi\Documents\monopoly_19_1_2016.xls
C:\Users\MTV Kalinovi\Desktop\OwnCloud soubory.lnk - C:\Users\Admin\ownCloud
C:\Users\MTV Kalinovi\Desktop\Záchranný kruh - Dopravní výchova.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Opera.lnk - C:\Program Files\Opera\launcher.exe
C:\Users\Public\Desktop\ownCloud.lnk - C:\Program Files\ownCloud\owncloud.exe
C:\Users\Public\Desktop\Pošta.lnk -
C:\Users\Public\Desktop\Salamander (x86).lnk - C:\Program Files\Altap Salamander\salamand.exe
C:\Users\Public\Desktop\Záhada skateparku.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe %SNP%
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Mafia™.lnk -
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe %SNP%
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Mafia™.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Nový dokument Office.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Otevřít dokument Office.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altap Salamander (x86).lnk - C:\Program Files\Altap Salamander\salamand.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk - C:\Windows\Installer\{91110405-6000-11D3-8CFE-0050048383C9}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk - C:\Windows\Installer\{91110405-6000-11D3-8CFE-0050048383C9}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk - C:\Windows\Installer\{91110405-6000-11D3-8CFE-0050048383C9}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk - C:\Program Files\ownCloud\owncloud.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Záhada skateparku.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite\nLite on the Web.lnk - C:\Program Files\nLite\nlite.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite\nLite.lnk - C:\Program Files\nLite\nLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite\Uninstall nLite.lnk - C:\Program Files\nLite\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novicorp WinToFlash Lite\Bootabe USB Test.lnk - C:\Program Files\Novicorp WinToFlash\ValueAdd\Novicorp\emutest\emutest.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novicorp WinToFlash Lite\Novicorp WinToFlash Lite.lnk - C:\Program Files\Novicorp WinToFlash\WinToFlash.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novicorp WinToFlash Lite\Odinstalovat aplikaci Novicorp WinToFlash Lite.lnk - C:\Program Files\Novicorp WinToFlash\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novicorp WinToFlash Lite\WinToFlash Web Site.lnk - C:\Program Files\Novicorp WinToFlash\WinToFlash [The Bootable USB Creator] Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje sady Microsoft Office\Aktivovat produkt.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje sady Microsoft Office\Jazykové nastavení sady Microsoft Office XP.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje sady Microsoft Office\Microsoft Galerie médií.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje sady Microsoft Office\Microsoft Office Document Imaging.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje sady Microsoft Office\Microsoft Office Document Scanning.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje sady Microsoft Office\Obnovení aplikace sady Microsoft Office.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje sady Microsoft Office\Průvodce uložením nastavení.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Záchranný kruh - dopravní výchova\Uninstall Záchranný kruh - Dopravní výchova.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Záchranný kruh - dopravní výchova\Záchranný kruh - Dopravní výchova.lnk -

==== shortcuts in Quick Launch ======================

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe %SNP%
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Altap Salamander (x86).lnk - C:\Program Files\Altap Salamander\salamand.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe %SNP%
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files\Opera\launcher.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe %SNP%
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe %SNP%
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe %SNF%
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pošta.lnk -
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Salamander (x86).lnk - C:\Program Files\Altap Salamander\salamand.exe
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

==== shortcuts After Repair ======================

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\MTV Kalinovi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

==== Empty IE Cache ======================

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MTV Kalinovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\MTV Kalinovi\AppData\Local\Mozilla\Firefox\Profiles\dv7v0aya.default-1455914709380\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Admin\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\MTV Kalinovi\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=12 folders=8 6761345 bytes)

==== Empty Temp Folders ======================

C:\Users\Admin\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\MTV Kalinovi\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Admin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\MTV Kalinovi\AppData\Local\Temp\FXSAPIDebugLogFile.txt" not deleted

==== EOF on so 20.02.2016 at 19:33:08,37 ======================

#10 Příspěvek od **Rudy** » 20 úno 2016 20:14

OK. Změnilo se něco?

tkalarm · #11 Příspěvek od **tkalarm** » 21 úno 2016 11:37

Vypadá, že je všechno v pořádku. Prohížeč otevírá zvolenou stránku. Velmi děkuji za Vaši ochotu a Váš čas. TK

#12 Příspěvek od **Rudy** » 21 úno 2016 11:44

Rádo se stalo!

VIRY.CZ

kontrola RSIT

kontrola RSIT

Re: kontrola RSIT

Re: kontrola RSIT

Re: kontrola RSIT

Re: kontrola RSIT

Re: kontrola RSIT

Re: kontrola RSIT

Re: kontrola RSIT

Re: kontrola RSIT

Re: kontrola RSIT

Re: kontrola RSIT

Re: kontrola RSIT