prosím o kontrolu

Zpráva

polmnji · #1 Příspěvek od **polmnji** » 23 led 2013 18:02

Zase se loudá internet a PC

Logfile of random's system information tool 1.08 (written by random/random)
Run by Uzivatel at 2013-01-23 17:48:28
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 73 GB (26%) free of 280 GB
Total RAM: 4095 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:48:32, on 23.1.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
O23 - Service: DS VIS (dsvis_service) - UltraVNC - C:\VIS\DSPRAVA\winvnc-u104.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FortKnox Personal Firewall (fortknox) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10268 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
atieclxx
C:\windows\System32\spoolsv.exe
taskeng.exe {54E72AB5-3A98-49AC-A0F9-E5670DCDA25C}
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
"taskhost.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe" -service
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe"
"C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe"
"C:\Program Files (x86)\System Control Manager\MSIService.exe"
C:\windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2500
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_000007d0
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\windows\system32\wuauclt.exe"
C:\windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="172.1.908020567\2029790430" --supports-dual-gpus=false --skip-gpu-full-info-collection --reduce-gpu-sandbox --disable-image-transport-surface --gpu-vendor-id=0x1002 --gpu-device-id=0x9553 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.700.0.0 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="172.3.45821194\406457250" --lang=cs --ignored=" --type=renderer " /prefetch:13
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/0/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_33/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="172.9.754251593\1428975117" /prefetch:3
C:\windows\system32\wbem\wmiprvse.exe
"C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Uzivatel\Desktop\internet\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\FreeFileViewerUpdateChecker.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-04-06 10144288]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-01-07 1894696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [2011-09-06 941320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNAP2 Launcher]
C:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [2010-01-11 226784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX125 Series]
C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE /FU C:\windows\TEMP\E_SE9CF.tmp /EF HKCU []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FortKnoxPersonalFirewall]
C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe [2012-10-08 2336136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2012-12-17 16328976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2010-02-05 2408448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2011-11-01 1053056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pocket Navigator Installer 6.0]
C:\Program Files (x86)\Navigator11\Setup Utility\clickertray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2012-12-11 384800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2013-01-23 17:48:28 ----D---- C:\rsit
2013-01-19 11:42:37 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-01-14 23:46:41 ----D---- C:\Program Files (x86)\Skiregion Simulator 2012
2013-01-11 23:03:33 ----A---- C:\windows\SYSWOW64\Wpc.dll
2013-01-11 23:03:33 ----A---- C:\windows\SYSWOW64\gameux.dll
2013-01-11 23:03:33 ----A---- C:\windows\system32\Wpc.dll
2013-01-11 23:03:33 ----A---- C:\windows\system32\gameux.dll
2013-01-11 23:03:17 ----A---- C:\windows\system32\msxml6.dll
2013-01-11 23:03:16 ----A---- C:\windows\SYSWOW64\msxml6.dll
2013-01-11 23:03:16 ----A---- C:\windows\SYSWOW64\msxml3.dll
2013-01-11 23:03:16 ----A---- C:\windows\system32\msxml3.dll
2013-01-11 23:03:12 ----A---- C:\windows\SYSWOW64\usp10.dll
2013-01-11 23:03:12 ----A---- C:\windows\system32\usp10.dll
2013-01-11 23:03:10 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2013-01-11 23:03:10 ----A---- C:\windows\system32\ncrypt.dll
2013-01-11 23:03:09 ----A---- C:\windows\SYSWOW64\win32spl.dll
2013-01-11 23:03:09 ----A---- C:\windows\system32\win32spl.dll
2013-01-11 23:03:07 ----A---- C:\windows\system32\win32k.sys
2013-01-11 23:02:54 ----A---- C:\windows\system32\KernelBase.dll
2013-01-11 23:02:52 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2013-01-11 23:02:52 ----A---- C:\windows\system32\kernel32.dll
2013-01-11 23:02:51 ----A---- C:\windows\SYSWOW64\kernel32.dll
2013-01-11 23:02:51 ----A---- C:\windows\system32\wow64win.dll
2013-01-11 23:02:51 ----A---- C:\windows\system32\wow64cpu.dll
2013-01-11 23:02:51 ----A---- C:\windows\system32\wow64.dll
2013-01-11 23:02:51 ----A---- C:\windows\system32\winsrv.dll
2013-01-11 23:02:51 ----A---- C:\windows\system32\conhost.exe
2013-01-11 23:02:50 ----A---- C:\windows\SYSWOW64\wow32.dll
2013-01-11 23:02:50 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2013-01-11 23:02:50 ----A---- C:\windows\system32\ntvdm64.dll
2013-01-11 23:02:49 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-11 23:02:48 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-11 23:02:48 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-11 23:02:48 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-11 23:02:47 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-11 23:02:47 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-11 23:02:47 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-11 23:02:47 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-11 23:02:46 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-11 23:02:45 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-11 23:02:45 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-11 23:02:45 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-11 23:02:45 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-11 23:02:45 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-11 23:02:45 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-11 23:02:45 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-11 23:02:45 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-11 23:02:44 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-11 23:02:43 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-11 23:02:43 ----A---- C:\windows\SYSWOW64\setup16.exe
2013-01-11 23:02:43 ----A---- C:\windows\SYSWOW64\instnm.exe
2013-01-11 23:02:42 ----A---- C:\windows\SYSWOW64\user.exe
2013-01-11 23:00:05 ----A---- C:\windows\system32\taskhost.exe
2013-01-08 22:05:49 ----D---- C:\Program Files (x86)\Advanced Tactical Center
2013-01-04 20:44:05 ----D---- C:\Program Files (x86)\Dokan
2012-12-24 08:21:03 ----D---- C:\ProgramData\BlueStacks
2012-12-24 08:21:03 ----D---- C:\Program Files (x86)\BlueStacks

======List of files/folders modified in the last 1 months======

2013-01-23 17:48:31 ----D---- C:\Program Files\trend micro
2013-01-23 17:48:30 ----D---- C:\windows\Temp
2013-01-23 17:28:07 ----D---- C:\windows\system32\config
2013-01-23 17:17:05 ----D---- C:\Windows
2013-01-23 17:09:44 ----D---- C:\windows\inf
2013-01-23 17:07:32 ----SHD---- C:\windows\Installer
2013-01-23 17:07:31 ----SHD---- C:\Config.Msi
2013-01-23 17:07:24 ----D---- C:\windows\System32
2013-01-23 17:07:09 ----D---- C:\windows\system32\catroot2
2013-01-23 17:07:03 ----SHD---- C:\System Volume Information
2013-01-23 17:06:51 ----D---- C:\Program Files (x86)\Common Files
2013-01-23 17:06:44 ----RD---- C:\Program Files (x86)
2013-01-23 17:06:37 ----D---- C:\windows\SysWOW64
2013-01-23 16:21:17 ----D---- C:\Users\Uzivatel\AppData\Roaming\DAEMON Tools Lite
2013-01-23 16:21:07 ----D---- C:\windows\Minidump
2013-01-22 23:23:03 ----D---- C:\windows\Prefetch
2013-01-21 20:53:18 ----D---- C:\Users\Uzivatel\AppData\Roaming\Mumble
2013-01-19 13:36:31 ----A---- C:\windows\system32\PerfStringBackup.INI
2013-01-19 13:29:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-16 12:37:37 ----D---- C:\Users\Uzivatel\AppData\Roaming\BitTorrent
2013-01-16 12:37:17 ----D---- C:\windows\Logs
2013-01-16 12:37:17 ----D---- C:\windows\debug
2013-01-14 15:03:45 ----D---- C:\windows\rescache
2013-01-14 13:31:13 ----D---- C:\windows\Microsoft.NET
2013-01-14 13:29:48 ----RSD---- C:\windows\assembly
2013-01-14 07:34:50 ----D---- C:\Program Files (x86)\Farming Simulator 2013
2013-01-14 07:17:49 ----D---- C:\windows\winsxs
2013-01-14 07:14:35 ----D---- C:\windows\SYSWOW64\cs-CZ
2013-01-14 07:14:34 ----D---- C:\windows\system32\cs-CZ
2013-01-14 07:14:29 ----D---- C:\windows\AppPatch
2013-01-13 15:53:06 ----D---- C:\Program Files (x86)\rajce
2013-01-12 08:22:28 ----D---- C:\ProgramData\Microsoft Help
2013-01-12 08:21:34 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2013-01-12 08:04:46 ----A---- C:\windows\system32\MRT.exe
2013-01-11 23:02:05 ----D---- C:\windows\system32\catroot
2013-01-11 23:01:05 ----D---- C:\ProgramData\Adobe
2013-01-11 23:00:53 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2013-01-11 22:42:04 ----D---- C:\Program Files\CCleaner
2013-01-11 22:29:35 ----SHD---- C:\$Recycle.Bin
2013-01-11 22:29:21 ----RD---- C:\Users
2013-01-04 20:44:05 ----D---- C:\windows\system32\drivers
2012-12-24 08:21:03 ----HD---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys [2012-12-11 129216]
R1 avkmgr;avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-21 254528]
R1 fortknox_drv;fortknox_drv; C:\windows\system32\drivers\fortknoxfw.sys [2009-11-15 69200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 avgntflt;avgntflt; C:\windows\system32\DRIVERS\avgntflt.sys [2012-12-11 99912]
R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
R2 Dokan;Dokan; \??\C:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atipmdag.sys [2010-01-13 6327296]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-01-13 185344]
R3 Fkndisf;FortKnox Firewall NDIS Filter Service; C:\windows\system32\DRIVERS\fortknoxfw_ndisim.sys [2009-09-17 28240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-04-06 2337440]
R3 mv2;mv2; C:\windows\system32\DRIVERS\mv2.sys [2008-10-05 11712]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2010-02-08 855328]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-01-07 302128]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys []
S3 AF15BDA;AF9015 BDA Device; C:\windows\system32\DRIVERS\AF15BDA.sys [2009-06-02 507392]
S3 ALSysIO;ALSysIO; \??\C:\Users\Uzivatel\AppData\Local\Temp\ALSysIO64.sys []
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-01-13 6327296]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dot4;MS IEEE-1284.4 Driver; C:\windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS []
S3 KMWDFILTER;HIDServiceDesc; C:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
S3 MGHwCtrl;MGHwCtrl; \??\C:\Program Files (x86)\msi\msi Software Install\MGHwCtrl.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-06-04 216064]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 RtsUIR;Realtek IR Driver; C:\windows\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 Ser2pl;Prolific Serial port WDFdriver; C:\windows\system32\DRIVERS\ser2pl64.sys [2011-04-29 100864]
S3 smserial;smserial; C:\windows\system32\DRIVERS\SmSerl64.sys [2009-06-10 1227776]
S3 TFsExDisk;TFsExDisk; \??\C:\windows\System32\Drivers\TFsExDisk.sys [2009-09-21 16392]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 WinUsb;SAMSUNG Android USB Driver; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-22 814344]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-01-13 202752]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-11 109344]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
R2 DokanMounter;DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
R2 fortknox;FortKnox Personal Firewall; C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe [2011-08-16 752344]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-07-23 395416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 251400]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 dsvis_service;DS VIS; C:\VIS\DSPRAVA\winvnc-u104.exe [2008-06-25 1384448]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-06-05 651720]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 116648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-19 115608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-10-27 718384]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-03-29 1255736]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **Roli** » 23 led 2013 21:50

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

polmnji · #3 Příspěvek od **polmnji** » 23 led 2013 22:50

ComboFix 13-01-23.01 - Uzivatel 23.01.2013 22:33:47.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2678 [GMT 1:00]
Spuštěný z: c:\users\Uzivatel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FortKnox Firewall *Disabled* {D706C250-E69C-F021-BA79-86E338E2273B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\ST6UNST.000
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-23 do 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 21:44 . 2013-01-23 21:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 16:48 . 2013-01-23 16:48 -------- d-----w- C:\rsit
2013-01-14 22:46 . 2013-01-14 22:48 -------- d-----w- c:\program files (x86)\Skiregion Simulator 2012
2013-01-11 22:02 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-11 22:00 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-11 21:29 . 2013-01-11 21:29 -------- d-----w- c:\users\vojta
2013-01-08 21:05 . 2013-01-08 21:05 -------- d-----w- c:\program files (x86)\Advanced Tactical Center
2013-01-04 19:44 . 2013-01-04 19:44 -------- d-----w- c:\program files (x86)\Dokan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 07:04 . 2011-03-29 15:19 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-11 22:00 . 2012-05-23 22:13 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-11 22:00 . 2012-01-22 21:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-23 16:26 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-23 16:25 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 16:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-23 16:26 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-11 13:10 . 2012-10-21 22:13 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 13:10 . 2012-10-21 22:13 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-30 04:45 . 2013-01-11 22:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 13:18 . 2012-12-21 16:45 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-11-28 13:17 . 2012-11-28 13:17 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-11-28 13:17 . 2012-11-28 13:17 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-11-28 13:17 . 2012-11-28 13:17 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-11-28 13:17 . 2012-11-28 13:17 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-11-28 13:17 . 2012-11-28 13:17 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-11-28 13:17 . 2012-11-28 13:17 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-11-28 13:17 . 2012-11-28 13:17 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-11-28 13:17 . 2012-11-28 13:17 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-11-28 13:17 . 2012-11-28 13:17 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-11-28 13:17 . 2012-11-28 13:17 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-11-28 13:17 . 2012-11-28 13:17 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-11-28 13:17 . 2012-11-28 13:17 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-11-28 13:17 . 2012-11-28 13:17 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-11-28 13:17 . 2012-11-28 13:17 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-11-28 13:17 . 2012-11-28 13:17 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-11-28 13:17 . 2012-11-28 13:17 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-11-28 13:17 . 2012-11-28 13:17 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-11-28 13:17 . 2012-11-28 13:17 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-11-28 13:17 . 2012-11-28 13:17 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-11-28 13:17 . 2012-11-28 13:17 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-11-28 13:17 . 2012-11-28 13:17 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-11-28 13:17 . 2012-12-21 16:44 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-11-14 07:06 . 2012-12-18 18:57 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-18 18:57 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-18 18:57 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-18 18:57 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-18 18:57 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-18 18:57 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-18 18:57 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-18 18:57 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-18 18:57 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-18 18:57 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-18 18:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-18 18:57 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-18 18:57 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-18 18:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-18 18:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-18 18:57 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-18 18:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-18 18:57 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-18 18:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-18 18:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-18 18:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-18 18:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-18 18:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-18 18:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-18 18:53 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-18 18:53 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
R3 ALSysIO;ALSysIO;c:\users\Uzivatel\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 dsvis_service;DS VIS;c:\vis\DSPRAVA\winvnc-u104.exe [2008-06-25 1384448]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter\DUMETR64.SYS [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files (x86)\msi\msi Software Install\MGHwCtrl.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-04 216064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-09-21 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-29 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-21 254528]
S1 fortknox_drv;fortknox_drv;c:\windows\system32\drivers\fortknoxfw.sys [2009-11-15 69200]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-21 814344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 202752]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
S2 fortknox;FortKnox Personal Firewall;c:\program files\NETGATE\FortKnox Personal Firewall\FortKnox.exe [2011-08-16 752344]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\fortknoxfw_ndisim.sys [2009-09-17 28240]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2008-10-05 11712]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-02-08 855328]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 22:44 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 22:00]
.
2013-01-11 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-10-15 13:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 213.226.240.126 192.168.0.254
FF - ProfilePath - c:\users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7vjph.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-12-28 00:59; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7vjph.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{96AE7E41-E34E-47D0-AC07-1091A8127911} - c:\program files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-01-23 22:47:41
ComboFix-quarantined-files.txt 2013-01-23 21:47
.
Před spuštěním: Volných bajtů: 75 684 261 888
Po spuštění: Volných bajtů: 75 558 821 888
.
- - End Of File - - 288CD92789C7D519FC1EDF0E350655B2

#4 Příspěvek od **Roli** » 24 led 2013 19:43

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

polmnji · #5 Příspěvek od **polmnji** » 24 led 2013 20:06

ComboFix 13-01-23.01 - Uzivatel 24.01.2013 19:51:35.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2928 [GMT 1:00]
Spuštěný z: c:\users\Uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Uzivatel\Desktop\CFScript.TXT
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FortKnox Firewall *Disabled* {D706C250-E69C-F021-BA79-86E338E2273B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-24 do 2013-01-24 )))))))))))))))))))))))))))))))
.
.
2013-01-24 19:00 . 2013-01-24 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-24 14:42 . 2013-01-24 18:51 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6E2FE93-9750-44EA-8EE5-868EF082E688}\offreg.dll
2013-01-24 14:37 . 2013-01-15 01:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6E2FE93-9750-44EA-8EE5-868EF082E688}\mpengine.dll
2013-01-23 23:00 . 2013-01-23 23:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-23 22:59 . 2013-01-23 22:59 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-23 22:59 . 2013-01-23 22:59 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-23 22:59 . 2013-01-23 22:59 -------- d-----w- c:\program files (x86)\Java
2013-01-23 16:48 . 2013-01-23 16:48 -------- d-----w- C:\rsit
2013-01-14 22:46 . 2013-01-14 22:48 -------- d-----w- c:\program files (x86)\Skiregion Simulator 2012
2013-01-11 22:02 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-11 22:00 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-11 21:29 . 2013-01-11 21:29 -------- d-----w- c:\users\vojta
2013-01-08 21:05 . 2013-01-08 21:05 -------- d-----w- c:\program files (x86)\Advanced Tactical Center
2013-01-04 19:44 . 2013-01-04 19:44 -------- d-----w- c:\program files (x86)\Dokan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-23 22:59 . 2011-04-09 11:17 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-12 07:04 . 2011-03-29 15:19 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-11 22:00 . 2012-05-23 22:13 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-11 22:00 . 2012-01-22 21:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-23 16:26 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-23 16:25 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 16:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-23 16:26 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-11 13:10 . 2012-10-21 22:13 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 13:10 . 2012-10-21 22:13 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-30 04:45 . 2013-01-11 22:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 13:18 . 2012-12-21 16:45 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-11-28 13:17 . 2012-11-28 13:17 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-11-28 13:17 . 2012-11-28 13:17 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-11-28 13:17 . 2012-11-28 13:17 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-11-28 13:17 . 2012-11-28 13:17 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-11-28 13:17 . 2012-11-28 13:17 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-11-28 13:17 . 2012-11-28 13:17 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-11-28 13:17 . 2012-11-28 13:17 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-11-28 13:17 . 2012-11-28 13:17 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-11-28 13:17 . 2012-11-28 13:17 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-11-28 13:17 . 2012-11-28 13:17 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-11-28 13:17 . 2012-11-28 13:17 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-11-28 13:17 . 2012-11-28 13:17 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-11-28 13:17 . 2012-11-28 13:17 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-11-28 13:17 . 2012-11-28 13:17 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-11-28 13:17 . 2012-11-28 13:17 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-11-28 13:17 . 2012-11-28 13:17 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-11-28 13:17 . 2012-11-28 13:17 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-11-28 13:17 . 2012-11-28 13:17 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-11-28 13:17 . 2012-11-28 13:17 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-11-28 13:17 . 2012-11-28 13:17 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-11-28 13:17 . 2012-11-28 13:17 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-11-28 13:17 . 2012-12-21 16:44 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-11-14 07:06 . 2012-12-18 18:57 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-18 18:57 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-18 18:57 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-18 18:57 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-18 18:57 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-18 18:57 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-18 18:57 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-18 18:57 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-18 18:57 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-18 18:57 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-18 18:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-18 18:57 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-18 18:57 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-18 18:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-18 18:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-18 18:57 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-18 18:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-18 18:57 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-18 18:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-18 18:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-18 18:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-18 18:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-18 18:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-18 18:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-18 18:53 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-18 18:53 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
R3 ALSysIO;ALSysIO;c:\users\Uzivatel\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 dsvis_service;DS VIS;c:\vis\DSPRAVA\winvnc-u104.exe [2008-06-25 1384448]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter\DUMETR64.SYS [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files (x86)\msi\msi Software Install\MGHwCtrl.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-04 216064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-09-21 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-29 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-21 254528]
S1 fortknox_drv;fortknox_drv;c:\windows\system32\drivers\fortknoxfw.sys [2009-11-15 69200]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-21 814344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 202752]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
S2 fortknox;FortKnox Personal Firewall;c:\program files\NETGATE\FortKnox Personal Firewall\FortKnox.exe [2011-08-16 752344]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\fortknoxfw_ndisim.sys [2009-09-17 28240]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2008-10-05 11712]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-02-08 855328]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-23 23:15 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 22:00]
.
2013-01-11 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-10-15 13:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 213.226.240.126 192.168.0.254
FF - ProfilePath - c:\users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7vjph.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-12-28 00:59; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7vjph.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{96AE7E41-E34E-47D0-AC07-1091A8127911} - c:\program files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-01-24 20:03:52
ComboFix-quarantined-files.txt 2013-01-24 19:03
ComboFix2.txt 2013-01-23 21:47
.
Před spuštěním: Volných bajtů: 73 634 344 960
Po spuštění: Volných bajtů: 73 326 481 408
.
- - End Of File - - 577128DE03869F38CE581174668429DC

#6 Příspěvek od **Roli** » 24 led 2013 22:12

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

polmnji · #7 Příspěvek od **polmnji** » 25 led 2013 19:43

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2012.12.14.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uzivatel :: UZIVATEL-MSI [administrátor]

Ochrana: Povolena

25.1.2013 19:40:49
mbam-log-2013-01-25 (19-40-49).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 233945
Uplynulý čas: 1 minut, 12 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

#8 Příspěvek od **Roli** » 25 led 2013 21:45

Bezva jako poslední stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo dole klikni na Search.

Po té proběhne sken a po jeho skončení na Tebe vypadne log, který mi sem zkopíruj.

polmnji · #9 Příspěvek od **polmnji** » 26 led 2013 08:02

# AdwCleaner v2.108 - Logfile created 01/26/2013 at 08:00:18
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Uzivatel - UZIVATEL-MSI
# Boot Mode : Normal
# Running from : C:\Users\Uzivatel\Desktop\internet\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\Trymedia

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (cs)

File : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7vjph.default\prefs.js

[OK] File is clean.

File : C:\Users\vojta\AppData\Roaming\Mozilla\Firefox\Profiles\wrqsgkav.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1653 octets] - [26/01/2013 08:00:18]

########## EOF - C:\AdwCleaner[R1].txt - [1713 octets] ##########

#10 Příspěvek od **Roli** » 26 led 2013 21:13

Znovu spusť AdwCleaner ale tentokrát klikni na Delete,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té na Tebe opět vypadne log který mi sem zkopíruj.

polmnji · #11 Příspěvek od **polmnji** » 27 led 2013 23:37

# AdwCleaner v2.109 - Logfile created 01/27/2013 at 23:33:43
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Uzivatel - UZIVATEL-MSI
# Boot Mode : Normal
# Running from : C:\Users\Uzivatel\Desktop\internet\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Trymedia

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457a

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (cs)

File : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\d8h7vjph.default\prefs.js

[OK] File is clean.

File : C:\Users\vojta\AppData\Roaming\Mozilla\Firefox\Profiles\wrqsgkav.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1776 octets] - [26/01/2013 08:00:18]
AdwCleaner[S1].txt - [1731 octets] - [27/01/2013 23:33:43]

########## EOF - C:\AdwCleaner[S1].txt - [1791 octets] ##########

#12 Příspěvek od **Roli** » 28 led 2013 20:07

Uklizeno, jaký je tedy stav PC ?

polmnji · #13 Příspěvek od **polmnji** » 29 led 2013 15:33

Supr ,děkuji moc

#14 Příspěvek od **Roli** » 29 led 2013 22:14

Není zač a

VIRY.CZ

prosím o kontrolu

prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu