Zpomalené PC, zamrzání > podezření na vir

[Jožin36]

Tak posílám první log:

RogueKiller V8.6.2 [Jul 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : hxxp://www.adlice.com/forum/
Webové stránky : hxxp://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Jožin [Práva správce]
Mód : Odebrat -- Datum : 07/03/2013 21:15:54
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++
--- User ---
[MBR] cf3d3c332e37a629ea9d47ebbb0e2afb
[BSP] e45ef42b7d05838ae63a4be5a429fff2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_07032013_211554.txt >>
RKreport[0]_S_07032013_201702.txt;RKreport[0]_S_07032013_211436.txt

[Jožin36]

Márty84, jestliže postupuji podle Tvých instrukcí, tak po kroku "Smazat" a "zpráva" už nemůžu kliknout na " Oprava host" ,
protože je tlačítko potlačeno. Nemusím náhodou dát opět "prohledat"?
Omlouvám se , se mnou to je na déle.

[Jožin36]

Druhý log (snad správný):

RogueKiller V8.6.2 [Jul 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : hxxp://www.adlice.com/forum/
Webové stránky : hxxp://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Jožin [Práva správce]
Mód : Oprava HOSTS -- Datum : 07/03/2013 21:42:08
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončeno : << RKreport[0]_H_07032013_214208.txt >>
RKreport[0]_D_07032013_211554.txt;RKreport[0]_D_07032013_213151.txt;RKreport[0]_S_07032013_201702.txt
RKreport[0]_S_07032013_211436.txt;RKreport[0]_S_07032013_212836.txt;RKreport[0]_S_07032013_214204.txt

[Márty84]

Márty84, jestliže postupuji podle Tvých instrukcí, tak po kroku "Smazat" a "zpráva" už nemůžu kliknout na " Oprava host" ,
protože je tlačítko potlačeno. Nemusím náhodou dát opět "prohledat"?

Nekdy ano, nekdy ne, zalezi co se maze. Ale zatim vsichni pochopili, vcetne vas


Dejte novy log z RSIT

[Jožin36]

Posílám RSIT log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jožin at 2013-07-03 23:15:49
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 138 GB (29%) free of 477 GB
Total RAM: 4095 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:16:02, on 3.7.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Jožin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid ... 250&lng=cs
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... CB4E416A32}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8319 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
C:\Windows\system32\WLANExt.exe 41538192
\??\C:\Windows\system32\conhost.exe "175392704228050498013626024916461192784374841571299877192-1279454309-1040757212
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
taskeng.exe {4BD30414-85FA-46E3-B9DD-49F87EA61A0B}
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files\P4G\BatteryLife.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
Atouch64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\AsScrPro.exe"
"C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files\ASUS\Net4Switch\Net4Switch.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\Jožin\Desktop\RogueKiller.exe"
C:\Windows\system32\AUDIODG.EXE 0x718
"C:\Users\Jožin\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe30_ Global\UsGthrCtrlFltPipeMssGthrPipe30 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-01 553376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-01 211360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun64]
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2012-09-28 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-19 170624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-15 641664]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2012-09-13 1009288]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-07-03 17:04:33 ----D---- C:\Users\Jožin\AppData\Roaming\Malwarebytes
2013-07-03 17:04:11 ----D---- C:\ProgramData\Malwarebytes
2013-07-02 17:58:33 ----A---- C:\Windows\system32\FNTCACHE.DAT
2013-06-12 23:09:33 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-06-12 23:09:33 ----A---- C:\Windows\system32\mshtmled.dll
2013-06-12 23:09:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-06-12 23:09:30 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-06-12 23:09:30 ----A---- C:\Windows\system32\ieui.dll
2013-06-12 23:09:29 ----A---- C:\Windows\SYSWOW64\url.dll
2013-06-12 23:09:29 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-06-12 23:09:29 ----A---- C:\Windows\system32\url.dll
2013-06-12 23:09:29 ----A---- C:\Windows\system32\ieUnatt.exe
2013-06-12 23:09:28 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-06-12 23:09:28 ----A---- C:\Windows\system32\wininet.dll
2013-06-12 23:09:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-06-12 23:09:26 ----A---- C:\Windows\system32\urlmon.dll
2013-06-12 23:09:25 ----A---- C:\Windows\system32\jscript9.dll
2013-06-12 23:09:24 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-06-12 23:09:24 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-12 23:09:23 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-12 23:09:22 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-06-12 23:09:22 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-06-12 23:09:21 ----A---- C:\Windows\system32\vbscript.dll
2013-06-12 23:09:21 ----A---- C:\Windows\system32\jscript.dll
2013-06-12 23:09:20 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-06-12 23:09:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-06-12 23:09:20 ----A---- C:\Windows\system32\iertutil.dll
2013-06-12 23:09:17 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-06-12 23:09:14 ----A---- C:\Windows\system32\mshtml.dll
2013-06-12 23:09:13 ----A---- C:\Windows\system32\ieframe.dll
2013-06-12 23:09:12 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-06-12 14:09:14 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-06-12 14:09:13 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-06-12 14:09:13 ----A---- C:\Windows\system32\win32spl.dll
2013-06-12 13:46:08 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2013-06-12 13:46:08 ----A---- C:\Windows\system32\cryptdlg.dll
2013-06-12 13:46:03 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-06-12 13:46:03 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-06-12 13:45:55 ----A---- C:\Windows\system32\certutil.exe
2013-06-12 13:45:54 ----A---- C:\Windows\SYSWOW64\certutil.exe
2013-06-12 13:45:54 ----A---- C:\Windows\system32\crypt32.dll
2013-06-12 13:45:53 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-06-12 13:45:53 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-06-12 13:45:53 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-06-12 13:45:53 ----A---- C:\Windows\SYSWOW64\certenc.dll
2013-06-12 13:45:53 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-12 13:45:53 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-12 13:45:53 ----A---- C:\Windows\system32\certenc.dll
2013-06-12 13:45:46 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2013-06-12 13:45:46 ----A---- C:\Windows\system32\d3d11.dll
2013-06-04 21:57:24 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2013-06-04 21:42:31 ----D---- C:\ProgramData\EA Core
2013-06-04 21:42:25 ----D---- C:\ProgramData\EA Logs

======List of files/folders modified in the last 1 month======

2013-07-03 23:16:02 ----D---- C:\Windows\Prefetch
2013-07-03 23:16:01 ----D---- C:\Program Files\Trend Micro
2013-07-03 23:16:00 ----D---- C:\Windows\Temp
2013-07-03 21:42:02 ----D---- C:\Windows\system32\drivers
2013-07-03 21:26:11 ----D---- C:\Windows\system32\Tasks
2013-07-03 21:22:01 ----D---- C:\Windows\system32\config
2013-07-03 20:08:56 ----RD---- C:\Program Files (x86)
2013-07-03 20:03:02 ----D---- C:\Windows
2013-07-03 17:04:11 ----HD---- C:\ProgramData
2013-07-03 15:30:03 ----D---- C:\Program Files (x86)\Steam
2013-07-03 13:37:36 ----D---- C:\Windows\rescache
2013-07-03 12:24:28 ----SHD---- C:\System Volume Information
2013-07-03 12:00:52 ----D---- C:\Windows\Microsoft.NET
2013-07-03 12:00:51 ----RSD---- C:\Windows\assembly
2013-07-03 11:53:13 ----D---- C:\Windows\winsxs
2013-07-03 01:35:43 ----D---- C:\Program Files\Windows Media Player
2013-07-03 01:35:43 ----D---- C:\Program Files\DVD Maker
2013-07-03 01:35:40 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-07-03 01:35:40 ----D---- C:\Windows\SysWOW64
2013-07-03 01:35:39 ----D---- C:\Windows\system32\wbem
2013-07-03 01:35:39 ----D---- C:\Windows\system32\cs-CZ
2013-07-03 01:35:39 ----D---- C:\Windows\System32
2013-07-03 01:35:39 ----D---- C:\Windows\PolicyDefinitions
2013-07-02 23:53:35 ----D---- C:\Users\Jožin\AppData\Roaming\Seznam.cz
2013-07-02 23:43:39 ----HD---- C:\Windows\system32\GroupPolicy
2013-07-02 18:00:09 ----D---- C:\Windows\inf
2013-07-01 16:41:45 ----D---- C:\Windows\SoftwareDistribution
2013-06-29 03:16:43 ----D---- C:\Program Files (x86)\The KMPlayer
2013-06-28 19:30:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-20 15:32:18 ----D---- C:\Windows\system32\catroot2
2013-06-17 22:21:51 ----D---- C:\Windows\Logs
2013-06-17 22:21:51 ----D---- C:\Windows\debug
2013-06-17 10:18:41 ----SHD---- C:\Windows\Installer
2013-06-17 10:18:22 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-06-17 10:13:48 ----D---- C:\Windows\system32\catroot
2013-06-13 06:55:57 ----D---- C:\Program Files (x86)\Internet Explorer
2013-06-13 06:55:56 ----D---- C:\Windows\SYSWOW64\migration
2013-06-13 06:55:55 ----D---- C:\Windows\system32\migration
2013-06-13 06:55:54 ----D---- C:\Program Files\Internet Explorer
2013-06-12 23:10:54 ----D---- C:\ProgramData\Microsoft Help
2013-06-12 23:07:07 ----A---- C:\Windows\system32\MRT.exe
2013-06-12 19:58:20 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-06-10 18:11:23 ----D---- C:\Program Files (x86)\Opera
2013-06-08 20:32:38 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2013-06-07 21:53:26 ----D---- C:\Users\Jožin\AppData\Roaming\Origin
2013-06-07 21:53:26 ----D---- C:\ProgramData\Origin
2013-06-07 21:52:24 ----D---- C:\Program Files (x86)\Origin
2013-06-04 22:03:39 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2013-06-04 21:42:36 ----D---- C:\ProgramData\Electronic Arts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2000-01-01 82048]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2000-01-01 42624]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 65336]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-06-28 189936]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys [2000-01-01 16440]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-01-02 564824]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-05-02 22600]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 72016]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-06-28 1030952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-06-28 378944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 64288]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-08-22 107536]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 17464]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-05-20 1582080]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2000-01-01 231440]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-30 6038016]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-09 55296]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2000-01-01 56448]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2000-01-01 2184816]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2000-01-01 120336]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-07-09 140800]
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2013-04-12 16152]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2009-08-22 42000]
S3 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2009-08-22 258064]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2009-08-22 1883152]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 154168]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-03 359040]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-29 203264]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-15 361984]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-06-04 76888]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2000-01-01 27760]
R3 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-05-04 543656]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-08 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Márty84]

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
AdobeARMservice
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:otl
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1619438207-2844375399-1164555158-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1619438207-2844375399-1164555158-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[21 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\bbe0294f55923618944aeb5c3877f84c\*.tmp files -> C:\Windows\SoftwareDistribution\Download\bbe0294f55923618944aeb5c3877f84c\*.tmp -> ]
[82 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D3D233D5-9F6D-436C-B6C7-E63F77503B30}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] /64
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-
"Adobe ARM"=-

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[Jožin36]

Tak zde je nový log po restartu:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jožin

User: Jo§in

User: Jožin
->Temp folder emptied: 13974970 bytes
->Temporary Internet Files folder emptied: 550122 bytes
->Google Chrome cache emptied: 819568 bytes
->Opera cache emptied: 56483182 bytes
->Flash cache emptied: 1141 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1128283 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46357113 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 114,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jožin

User: Jo§in

User: Jožin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1619438207-2844375399-1164555158-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1619438207-2844375399-1164555158-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C60.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E87.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA063.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADAD.tmp\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADAD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP16C1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP280.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2A69.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2C7C.tmp\System.Data.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2C7C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2E13.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP31AC.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP35A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4CE7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5E03.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6431.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP722.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7723.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7F7C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP98C6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9F3C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA5E0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC91A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDCE6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDE6C.tmp\Microsoft.VisualC.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDE6C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\Installer\MSI45D6.tmp deleted successfully.
C:\Windows\Installer\MSI564.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\bbe0294f55923618944aeb5c3877f84c\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\bbe0294f55923618944aeb5c3877f84c\$dpx$.tmp folder deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\GoogleCrashHandler.exe deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\GoogleCrashHandler64.exe deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\GoogleUpdate.exe deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\GoogleUpdateBroker.exe deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\GoogleUpdateHelper.msi deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\GoogleUpdateOnDemand.exe deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\GoogleUpdateSetup.exe deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdate.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_am.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_ar.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_bg.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_bn.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_ca.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_cs.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_da.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_de.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_el.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_en-GB.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_en.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_es-419.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_es.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_et.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_fa.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_fi.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_fil.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_fr.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_gu.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_hi.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_hr.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_hu.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_id.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_is.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_it.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_iw.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_ja.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_kn.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_ko.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_lt.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_lv.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_ml.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_mr.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_ms.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_nl.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_no.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_pl.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_pt-BR.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_pt-PT.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_ro.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_ru.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_sk.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_sl.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_sr.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_sv.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_sw.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_ta.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_te.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_th.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_tr.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_uk.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_ur.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_vi.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_zh-CN.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\goopdateres_zh-TW.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\npGoogleUpdate3.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\psmachine.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp\psuser.dll deleted successfully.
C:\Program Files (x86)\GUM4A29.tmp folder deleted successfully.
C:\Program Files (x86)\GUT4A3A.tmp deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 07032013_235416

Files\Folders moved on Reboot...
C:\Users\Jožin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[Jožin36]

Zdravím Márty84,
omlouvám se, ale musel jsem ve čtvrtek ráno nutně odjet a dostal jsem se k PC až dnes ráno.
Klikl jsem na odkaz http://vyosek.ic.cz/pro_usery/T-Cleaner.exe a při načítání odkazu se zobrazí chyba 503 Service Unavailable
No server is available to handle this request.. Nejsou ty odkazy časově omezené? Nicméně budu zkoušet dál a dám vědět.
Zatím díky a ahoj. Jožin.

[Márty84]

Zkuste tento odkaz http://tharifas.sweb.cz/T-Cleaner.exe

[Jožin36]

Tak jsem provedl defragmentaci. PC se celkově zrychlilo, ale při startu OS nabíhá cca 2-3 min.

[Márty84]

Obavam se, ze je to tim diskem. Ale zkusime zapatrat jeste hloubeji



Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Jožin36]

Tak konečně jsem dokončil zálohu. Chci se zeptat jestli nevadí, když jsem nechal při scanu připojený externí HDD?

Zde je log z ComboFixu:

ComboFix 13-07-07.01 - Jožin 07.07.2013 19:11:55.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2453 [GMT 2:00]
Spuštěný z: c:\users\Jo×in\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-07 do 2013-07-07 )))))))))))))))))))))))))))))))
.
.
2013-07-07 17:18 . 2013-07-07 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-06 07:41 . 2013-07-06 07:41 -------- d-----w- c:\program files\Defraggler
2013-07-06 06:44 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4848AF89-BFDB-4ACD-9EA2-4262087877C6}\mpengine.dll
2013-07-03 15:04 . 2013-07-03 15:04 -------- d-----w- c:\users\Jožin\AppData\Roaming\Malwarebytes
2013-07-03 15:04 . 2013-07-03 15:04 -------- d-----w- c:\programdata\Malwarebytes
2013-06-12 12:09 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 12:09 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 12:09 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 11:46 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 11:46 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 11:46 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 11:46 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 11:45 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 11:45 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 11:45 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 11:45 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 11:45 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 11:45 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 11:45 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 11:45 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 11:45 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 11:45 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 11:45 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 11:45 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 22:44 . 2013-03-27 17:04 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 22:44 . 2012-06-03 20:31 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 22:44 . 2012-06-03 20:31 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-12 21:07 . 2012-06-11 20:00 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 17:58 . 2012-06-08 07:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 17:58 . 2012-06-08 07:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-08 18:32 . 2012-12-29 12:48 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-07 19:57 . 2012-12-29 13:28 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-07 19:57 . 2012-12-29 12:48 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-06-04 20:03 . 2012-12-29 12:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-06-01 13:59 . 2013-06-01 13:59 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-01 13:59 . 2013-06-01 14:00 311200 ----a-w- c:\windows\system32\javaws.exe
2013-06-01 13:59 . 2013-06-01 13:59 188832 ----a-w- c:\windows\system32\javaw.exe
2013-06-01 13:59 . 2013-06-01 14:00 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-01 13:59 . 2013-06-01 14:00 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-01 13:59 . 2013-06-01 13:59 188320 ----a-w- c:\windows\system32\java.exe
2013-05-09 08:59 . 2013-03-27 17:04 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-06-03 20:31 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-06-03 20:31 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-06-03 20:31 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-06-03 20:31 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-06-03 20:29 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-06-03 20:31 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2012-06-03 19:03 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 23:34 . 2013-05-05 14:20 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-04-13 05:49 . 2013-05-16 09:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 09:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 09:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 09:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 09:21 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 09:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 17:12 . 2012-06-03 19:46 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-04-12 14:45 . 2013-04-23 18:47 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 09:21 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 09:21 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 09:21 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
.
c:\users\Jožin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys;c:\windows\SYSNATIVE\DRIVERS\tmpreflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-06 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2013-04-19 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=250&lng=cs
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5E599EF2-29B1-11E2-AA85-E0CB4E416A32}
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-07-07 19:21:09
ComboFix-quarantined-files.txt 2013-07-07 17:21
.
Před spuštěním: Volných bajtů: 154 925 883 392
Po spuštění: Volných bajtů: 154 768 175 104
.
- - End Of File - - 3198CFD68769ED49A5ACFD19D2238830
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Chci se zeptat jestli nevadí, když jsem nechal při scanu připojený externí HDD?

Nevadi


Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )!
Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\Defraggler Volume C Task.job

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid ... 250&lng=cs
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5E599EF2-29B1-11E2-AA85-E0CB4E416A32}

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku



Spustte CCleaner jako spravce.
Kliknete na Nastroje
Kliknete na Start.
Oznacte programy, ktere nepotrebujete, aby startovaly automaticky hned pri startu systemu a kliknete na Zakazat
Zavrete CCleaner a restartujte pc.

[Jožin36]

Druhý log:

ComboFix 13-07-07.01 - Jožin 07.07.2013 20:16:39.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2673 [GMT 2:00]
Spuštěný z: c:\users\Jo×in\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Defraggler Volume C Task.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-07 do 2013-07-07 )))))))))))))))))))))))))))))))
.
.
2013-07-07 18:23 . 2013-07-07 18:23 -------- d-----w- c:\users\Jo§in\AppData\Local\temp
2013-07-07 18:23 . 2013-07-07 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-06 07:41 . 2013-07-06 07:41 -------- d-----w- c:\program files\Defraggler
2013-07-06 06:44 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4848AF89-BFDB-4ACD-9EA2-4262087877C6}\mpengine.dll
2013-07-03 15:04 . 2013-07-03 15:04 -------- d-----w- c:\users\Jožin\AppData\Roaming\Malwarebytes
2013-07-03 15:04 . 2013-07-03 15:04 -------- d-----w- c:\programdata\Malwarebytes
2013-06-12 12:09 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 12:09 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 12:09 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 11:46 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 11:46 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 11:46 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 11:46 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 11:45 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 11:45 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 11:45 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 11:45 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 11:45 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 11:45 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 11:45 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 11:45 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 11:45 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 11:45 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 11:45 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 11:45 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 22:44 . 2013-03-27 17:04 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 22:44 . 2012-06-03 20:31 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 22:44 . 2012-06-03 20:31 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-12 21:07 . 2012-06-11 20:00 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 17:58 . 2012-06-08 07:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 17:58 . 2012-06-08 07:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-08 18:32 . 2012-12-29 12:48 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-07 19:57 . 2012-12-29 13:28 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-07 19:57 . 2012-12-29 12:48 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-06-04 20:03 . 2012-12-29 12:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-06-01 13:59 . 2013-06-01 13:59 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-01 13:59 . 2013-06-01 14:00 311200 ----a-w- c:\windows\system32\javaws.exe
2013-06-01 13:59 . 2013-06-01 13:59 188832 ----a-w- c:\windows\system32\javaw.exe
2013-06-01 13:59 . 2013-06-01 14:00 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-01 13:59 . 2013-06-01 14:00 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-01 13:59 . 2013-06-01 13:59 188320 ----a-w- c:\windows\system32\java.exe
2013-05-09 08:59 . 2013-03-27 17:04 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-06-03 20:31 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-06-03 20:31 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-06-03 20:31 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-06-03 20:31 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-06-03 20:29 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-06-03 20:31 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2012-06-03 19:03 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 23:34 . 2013-05-05 14:20 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-04-13 05:49 . 2013-05-16 09:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 09:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 09:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 09:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 09:21 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 09:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 17:12 . 2012-06-03 19:46 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-04-12 14:45 . 2013-04-23 18:47 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 09:21 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 09:21 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 09:21 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
.
c:\users\Jožin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys;c:\windows\SYSNATIVE\DRIVERS\tmpreflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-06 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2013-04-19 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5E599EF2-29B1-11E2-AA85-E0CB4E416A32}
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
**************************************************************************
.
Celkový čas: 2013-07-07 20:29:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-07-07 18:29
ComboFix2.txt 2013-07-07 17:21
.
Před spuštěním: Volných bajtů: 154 842 980 352
Po spuštění: Volných bajtů: 154 760 802 304
.
- - End Of File - - E44FBCEE34F28E8778CDC03E26BCDC5D
A36C5E4F47E84449FF07ED3517B43A31