Pomalé PC, náhlý restart

Zpráva

PaRaZel · #1 Příspěvek od **PaRaZel** » 19 zář 2013 19:05

Dobrý den, prosím o pomoc:

Logfile of random's system information tool 1.09 (written by random/random)
Run by P at 2013-09-19 19:12:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (57%) free of 40 GB
Total RAM: 3487 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:12:58, on 19.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\PDF Architect\HelperService.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\PDF Architect\ConversionService.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\WINDOWS\Explorer.EXE
D:\Download\RSIT.exe
C:\Program Files\trend micro\P.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7392244734
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 8696 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-25 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-25 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{25A3A431-30BB-47C8-AD6A-E1063801134F} - PDF Architect Toolbar - C:\Program Files\PDF Architect\PDFIEPlugin.dll [2013-04-08 654384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-07-08 1464536]
"IMSS"=C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2011-12-16 133400]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2012-01-25 143128]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2012-01-25 181528]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2012-01-25 169752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"Standby"=c:\Program Files\Common Files\Corel\Standby\Standby.exe [2010-03-18 105632]
"Seagate Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2011-06-30 395152]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2012-11-04 1851192]
"DiscWizardMonitor.exe"=C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2011-06-30 2638152]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2012-12-05 247768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2012-01-16 301568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2012-10-01 66360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\CNAB4RPK.EXE"="C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikační program HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:Síťový komunikační program HP COM (HP Photosmart Plus B210 series)"
"D:\Programs\DSAssistant_2647\DSAssistant.exe"="D:\Programs\DSAssistant_2647\DSAssistant.exe:*:Enabled:DSAssistant"
"C:\Program Files\DSAssistant_2647\DSAssistant.exe"="C:\Program Files\DSAssistant_2647\DSAssistant.exe:*:Enabled:DSAssistant"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.dvacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.FMVC"=fmcodec.dll
"vidc.XVID"=xvidvfw.dll

======List of files/folders created in the last 1 month======

2013-09-17 19:57:35 ----D---- C:\rsit
2013-09-17 19:57:35 ----D---- C:\Program Files\trend micro
2013-09-17 13:20:14 ----D---- C:\Program Files\Handbrake
2013-09-17 08:27:35 ----D---- C:\WINDOWS\Minidump
2013-09-14 20:49:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$
2013-09-14 20:49:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2013-09-14 20:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2013-08-29 17:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

======List of files/folders modified in the last 1 month======

2013-09-19 19:12:04 ----D---- C:\WINDOWS\Temp
2013-09-19 19:12:04 ----D---- C:\WINDOWS
2013-09-19 19:09:46 ----A---- C:\WINDOWS\system32\log.txt
2013-09-17 23:04:28 ----N---- C:\WINDOWS\SchedLgU.Txt
2013-09-17 20:53:50 ----D---- C:\Documents and Settings\P\Data aplikací\XnView
2013-09-17 20:53:26 ----RD---- C:\Program Files
2013-09-17 20:42:48 ----D---- C:\WINDOWS\system32\drivers
2013-09-17 20:01:34 ----D---- C:\Documents and Settings\P\Data aplikací\HandBrake
2013-09-17 19:56:40 ----D---- C:\Program Files\PDFCreator
2013-09-17 19:56:40 ----D---- C:\Documents and Settings\P\Data aplikací\Media Player Classic
2013-09-17 19:56:40 ----D---- C:\Documents and Settings\P\Data aplikací\FileZilla
2013-09-17 19:56:28 ----D---- C:\WINDOWS\Debug
2013-09-17 19:55:58 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-17 19:55:53 ----D---- C:\Program Files\CCleaner
2013-09-17 19:55:52 ----D---- C:\WINDOWS\Prefetch
2013-09-17 14:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2013-09-17 13:09:49 ----D---- C:\Documents and Settings\P\Data aplikací\vlc
2013-09-15 19:17:54 ----D---- C:\WINDOWS\system32
2013-09-14 20:53:06 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-14 20:50:06 ----HD---- C:\WINDOWS\inf
2013-09-14 20:50:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-14 20:50:04 ----D---- C:\Program Files\Internet Explorer
2013-09-14 20:47:22 ----A---- C:\WINDOWS\system32\MRT.exe
2013-09-08 18:06:44 ----D---- C:\Program Files\Recuva
2013-09-08 18:01:12 ----D---- C:\Program Files\Gigabyte
2013-08-25 10:54:59 ----SHD---- C:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2013-06-18 99520]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2013-01-06 169088]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2013-01-06 601408]
R0 vididr;Acronis Virtual Disk; C:\WINDOWS\system32\DRIVERS\vididr.sys [2013-01-06 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53); C:\WINDOWS\system32\DRIVERS\vsflt53.sys [2013-01-06 83392]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2013-06-18 18528]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2013-07-08 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2013-06-18 32816]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2012-09-18 12216]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 busenum;Synology Virtual USB Hub; C:\WINDOWS\system32\DRIVERS\busenum.sys [2012-08-27 45792]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2012-01-16 2514752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-01-17 7081064]
R3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2012-09-18 43960]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2012-09-18 39608]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MEI;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\HECI.sys [2011-11-10 46080]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-12-08 327400]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Andbus;LGE Android Platform Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgandbus.sys [2012-03-02 14336]
S3 AndDiag;LGE Android Platform USB Serial Port; C:\WINDOWS\system32\DRIVERS\lganddiag.sys [2012-03-02 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port; C:\WINDOWS\system32\DRIVERS\lgandgps.sys [2012-03-02 20096]
S3 ANDModem;LGE Android Platform USB Modem; C:\WINDOWS\system32\DRIVERS\lgandmodem.sys [2012-03-02 25088]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [2012-12-05 67584]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2013-07-08 4801304]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-08 423136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-06-25 182184]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 845808]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2012-12-05 92632]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-05 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-06-18 127192]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-05 116648]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2012-10-01 295224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 19 zář 2013 19:28

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

PaRaZel · #3 Příspěvek od **PaRaZel** » 19 zář 2013 20:15

Zdravím taky, Rudy, po letech

Tady je CF:

ComboFix 13-09-19.01 - P 19.09.2013 20:47:23.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3487.2286 [GMT 2:00]
Spuštěný z: c:\documents and settings\P\Plocha\ComboFix.exe
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\P\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\1b42acb63bdb3298.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\SET211.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET21D.tmp
.
c:\windows\system32\drivers\i8042prt.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-19 do 2013-09-19 )))))))))))))))))))))))))))))))
.
.
2013-09-19 18:56 . 2008-04-14 06:51 52096 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2013-09-19 18:56 . 2008-04-14 06:51 52096 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-09-17 17:57 . 2013-09-19 17:12 -------- d-----w- c:\program files\trend micro
2013-09-17 17:57 . 2013-09-17 17:58 -------- d-----w- C:\rsit
2013-09-17 11:20 . 2013-09-17 11:20 -------- d-----w- c:\program files\Handbrake
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 17:58 . 2013-03-06 10:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-19 17:58 . 2013-03-06 10:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-02 15:59 . 2013-01-05 21:04 6266 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2013-08-09 01:56 . 2006-03-02 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2006-03-02 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-08 20:59 . 2012-12-14 19:45 587352 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-07-04 07:34 . 2006-03-02 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 07:33 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-25 18:25 . 2013-06-25 18:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 18:25 . 2013-06-25 18:25 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-25 18:25 . 2013-01-05 18:24 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 18:25 . 2013-01-05 18:24 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-12-05 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1464536]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-12-16 133400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-24 143128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-24 181528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-24 169752]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-03-18 105632]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2012-10-01 07:22 66360 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\DSAssistant_2647\\DSAssistant.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [6.1.2013 18:01 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [6.1.2013 18:01 83392]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [14.12.2012 21:45 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [14.12.2012 21:45 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [14.12.2012 21:45 32816]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [4.2.2013 16:46 67584]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [8.12.2011 17:32 423136]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [5.1.2013 15:06 161560]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [5.1.2013 20:48 12216]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [8.4.2013 18:44 1320496]
R2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [8.4.2013 18:43 799280]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [30.6.2011 15:48 845808]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [5.12.2012 14:22 92632]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [5.1.2013 15:05 363800]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [27.8.2012 11:19 45792]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 9:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 9:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 9:11 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.1.2013 12:46 22856]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [5.1.2013 15:05 46080]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.1.2013 12:46 701512]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.1.2013 15:07 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2.3.2012 17:02 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2.3.2012 17:02 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2.3.2012 17:02 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2.3.2012 17:02 25088]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [14.12.2012 21:45 127192]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-19 17:51 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-06 17:59]
.
2013-09-19 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2012-12-14 20:59]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-05 20:29]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-05 20:29]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-19 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-1GZM-AYW3-A2YA-P3M6-WGB8-P4J6GED"
"Activated"="N"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\guard32.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(872)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\CNAB4RPK.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\COMODO\COMODO Internet Security\cis.exe
.
**************************************************************************
.
Celkový čas: 2013-09-19 21:08:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-19 19:07
.
Před spuštěním: Volných bajtů: 27 223 924 736
Po spuštění: Volných bajtů: 27 324 997 632
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - EDEB8860699765B6B53F1B3E9442C91C
413FC2A0C716421B3158746D63736515

#4 Příspěvek od **Rudy** » 19 zář 2013 20:47

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

PaRaZel · #5 Příspěvek od **PaRaZel** » 19 zář 2013 21:49

Rudy, pořád se mi zdá, že je to líný, už od startu, pak dlouho trvá i otevírání třeba jenom .txt, Chrome...

ComboFix 13-09-19.01 - P 19.09.2013 22:14:48.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3487.2385 [GMT 2:00]
Spuštěný z: c:\documents and settings\P\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\P\Plocha\CFScript.txt
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-19 do 2013-09-19 )))))))))))))))))))))))))))))))
.
.
2013-09-19 18:56 . 2008-04-14 06:51 52096 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2013-09-19 18:56 . 2008-04-14 06:51 52096 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-09-17 17:57 . 2013-09-19 17:12 -------- d-----w- c:\program files\trend micro
2013-09-17 17:57 . 2013-09-17 17:58 -------- d-----w- C:\rsit
2013-09-17 11:20 . 2013-09-17 11:20 -------- d-----w- c:\program files\Handbrake
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 17:58 . 2013-03-06 10:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-19 17:58 . 2013-03-06 10:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-02 15:59 . 2013-01-05 21:04 6266 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2013-08-09 01:56 . 2006-03-02 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2006-03-02 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-08 20:59 . 2012-12-14 19:45 587352 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-07-04 07:34 . 2006-03-02 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 07:33 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-25 18:25 . 2013-06-25 18:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 18:25 . 2013-06-25 18:25 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-25 18:25 . 2013-01-05 18:24 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 18:25 . 2013-01-05 18:24 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-12-05 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1464536]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-12-16 133400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-24 143128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-24 181528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-24 169752]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-03-18 105632]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2012-10-01 07:22 66360 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\DSAssistant_2647\\DSAssistant.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [6.1.2013 18:01 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [6.1.2013 18:01 83392]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [14.12.2012 21:45 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [14.12.2012 21:45 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [14.12.2012 21:45 32816]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [4.2.2013 16:46 67584]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [8.12.2011 17:32 423136]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [5.1.2013 15:06 161560]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [5.1.2013 20:48 12216]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [8.4.2013 18:44 1320496]
R2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [8.4.2013 18:43 799280]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [30.6.2011 15:48 845808]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [5.12.2012 14:22 92632]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [5.1.2013 15:05 363800]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [27.8.2012 11:19 45792]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 9:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 9:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 9:11 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.1.2013 12:46 22856]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [5.1.2013 15:05 46080]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.1.2013 12:46 701512]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.1.2013 15:07 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2.3.2012 17:02 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2.3.2012 17:02 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2.3.2012 17:02 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2.3.2012 17:02 25088]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [14.12.2012 21:45 127192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-19 17:51 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-06 17:59]
.
2013-09-19 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2012-12-14 20:59]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-05 20:29]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-05 20:29]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-19 22:27
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-1GZM-AYW3-A2YA-P3M6-WGB8-P4J6GED"
"Activated"="N"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(3688)
c:\windows\system32\guard32.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(872)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\CNAB4RPK.EXE
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\COMODO\COMODO Internet Security\cis.exe
.
**************************************************************************
.
Celkový čas: 2013-09-19 22:32:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-19 20:32
ComboFix2.txt 2013-09-19 19:08
.
Před spuštěním: Volných bajtů: 27 282 034 688
Po spuštění: Volných bajtů: 27 269 492 736
.
- - End Of File - - F684D5B11A989AC527F283DE15B4B7C6
413FC2A0C716421B3158746D63736515

#6 Příspěvek od **Rudy** » 19 zář 2013 21:59

Log je již OK. Měl jste tam viry. CF odinstalujte pomocí T-Cleaneru: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe . Teď ještě vyházíme zbytečnosti. Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

PaRaZel · #7 Příspěvek od **PaRaZel** » 19 zář 2013 22:15

Tady to je. A Rudy, obzvlášť pomalu se po restartu natahuje Comodo firewall, pomaleji než předtím, a nějak mi z lišty vypadnul přepínač klávesnice, nevíte, čím to je? A ty viry, co to bylo, jak se dostaly? (Firewall i Antivirus přece běží...)
Zatím díky a dobrou noc!

# AdwCleaner v3.004 - Report created 19/09/2013 at 23:05:43
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : P - P1
# Running from : C:\Documents and Settings\P\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\apn
Folder Deleted : C:\Documents and Settings\P\Data aPlikací\pdfforge

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v29.0.1547.76

[ File : C:\Documents and Settings\P\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [1966 octets] - [19/09/2013 23:04:46]
AdwCleaner[S0].txt - [1925 octets] - [19/09/2013 23:05:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1985 octets] ##########

PaRaZel · #8 Příspěvek od **PaRaZel** » 19 zář 2013 22:31

Tu klávesnici už jsem vychytal...

#9 Příspěvek od **Rudy** » 20 zář 2013 17:00

OK. Dejte nový log RSIT.

PaRaZel · #10 Příspěvek od **PaRaZel** » 20 zář 2013 17:07

Tady je:
Logfile of random's system information tool 1.09 (written by random/random)
Run by P at 2013-09-20 18:06:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 26 GB (65%) free of 40 GB
Total RAM: 3487 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:06:28, on 20.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\PDF Architect\HelperService.exe
C:\Program Files\PDF Architect\ConversionService.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\WINDOWS\Explorer.EXE
D:\Download\RSIT.exe
C:\Program Files\trend micro\P.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7392244734
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 8403 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-25 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-25 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-07-08 1464536]
"IMSS"=C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2011-12-16 133400]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2012-01-25 143128]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2012-01-25 181528]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2012-01-25 169752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384]
"Standby"=c:\Program Files\Common Files\Corel\Standby\Standby.exe [2010-03-18 105632]
"Seagate Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2011-06-30 395152]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2012-11-04 1851192]
"DiscWizardMonitor.exe"=C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2011-06-30 2638152]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2012-12-05 247768]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2012-01-16 301568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2012-10-01 66360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\CNAB4RPK.EXE"="C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikační program HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:Síťový komunikační program HP COM (HP Photosmart Plus B210 series)"
"C:\Program Files\DSAssistant_2647\DSAssistant.exe"="C:\Program Files\DSAssistant_2647\DSAssistant.exe:*:Enabled:DSAssistant"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.dvacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.FMVC"=fmcodec.dll
"vidc.XVID"=xvidvfw.dll

======List of files/folders created in the last 2 months======

2013-09-20 18:06:03 ----D---- C:\rsit
2013-09-19 23:04:42 ----D---- C:\AdwCleaner
2013-09-19 22:23:50 ----D---- C:\WINDOWS\temp
2013-09-19 20:56:59 ----A---- C:\WINDOWS\system32\drivers\i8042prt.sys
2013-09-19 20:44:30 ----A---- C:\Boot.bak
2013-09-19 20:44:20 ----RASHD---- C:\cmdcons
2013-09-19 20:41:58 ----D---- C:\Qoobox
2013-09-17 19:57:35 ----D---- C:\Program Files\trend micro
2013-09-17 13:20:14 ----D---- C:\Program Files\Handbrake
2013-09-17 08:27:35 ----D---- C:\WINDOWS\Minidump
2013-09-14 20:49:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$
2013-09-14 20:49:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2013-09-14 20:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2013-08-29 17:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-15 07:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$
2013-08-15 07:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 07:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 07:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2849470$
2013-08-13 17:45:34 ----D---- C:\Program Files\DsNET Corp
2013-07-24 21:33:37 ----D---- C:\Documents and Settings\P\Data aplikací\OpenOffice
2013-07-24 21:31:04 ----D---- C:\Program Files\OpenOffice 4

======List of files/folders modified in the last 2 months======

2013-09-20 18:06:16 ----D---- C:\WINDOWS\Prefetch
2013-09-20 08:40:45 ----A---- C:\WINDOWS\system32\log.txt
2013-09-19 23:31:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-19 23:25:40 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-19 23:07:34 ----SHD---- C:\System Volume Information
2013-09-19 23:07:34 ----D---- C:\WINDOWS\system32\Restore
2013-09-19 23:03:11 ----D---- C:\WINDOWS
2013-09-19 22:26:40 ----N---- C:\WINDOWS\system.ini
2013-09-19 22:25:40 ----D---- C:\WINDOWS\system32\drivers\etc
2013-09-19 22:25:14 ----D---- C:\WINDOWS\system32\drivers
2013-09-19 22:20:38 ----D---- C:\WINDOWS\system32
2013-09-19 22:20:38 ----D---- C:\WINDOWS\AppPatch
2013-09-19 22:20:35 ----D---- C:\Program Files\Common Files
2013-09-19 20:57:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-19 20:44:30 ----RASH---- C:\boot.ini
2013-09-19 20:21:17 ----D---- C:\Documents and Settings\P\Data aplikací\HandBrake
2013-09-19 19:58:41 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-17 20:53:50 ----D---- C:\Documents and Settings\P\Data aplikací\XnView
2013-09-17 20:53:26 ----RD---- C:\Program Files
2013-09-17 20:48:06 ----D---- C:\Documents and Settings\P\Data aplikací\JAM Software
2013-09-17 19:56:40 ----D---- C:\Program Files\PDFCreator
2013-09-17 19:56:40 ----D---- C:\Documents and Settings\P\Data aplikací\Media Player Classic
2013-09-17 19:56:40 ----D---- C:\Documents and Settings\P\Data aplikací\FileZilla
2013-09-17 19:56:28 ----D---- C:\WINDOWS\Debug
2013-09-17 19:55:53 ----D---- C:\Program Files\CCleaner
2013-09-17 14:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2013-09-17 13:09:49 ----D---- C:\Documents and Settings\P\Data aplikací\vlc
2013-09-14 20:50:06 ----HD---- C:\WINDOWS\inf
2013-09-14 20:50:04 ----D---- C:\Program Files\Internet Explorer
2013-09-14 20:49:17 ----D---- C:\WINDOWS\system32\MRT
2013-09-14 20:47:22 ----A---- C:\WINDOWS\system32\MRT.exe
2013-09-08 18:06:44 ----D---- C:\Program Files\Recuva
2013-09-08 18:01:12 ----D---- C:\Program Files\Gigabyte
2013-08-25 10:54:59 ----SHD---- C:\WINDOWS\Installer
2013-08-15 21:22:56 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-15 21:22:54 ----RSD---- C:\WINDOWS\assembly
2013-08-15 07:08:07 ----D---- C:\WINDOWS\WinSxS
2013-08-15 07:08:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-13 17:45:38 ----D---- C:\Program Files\aTube Catcher 2.0
2013-08-09 03:56:34 ----A---- C:\WINDOWS\system32\themeui.dll
2013-08-08 11:35:48 ----A---- C:\WINDOWS\system32\iertutil.dll
2013-08-08 08:05:47 ----A---- C:\WINDOWS\system32\wininet.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\urlmon.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\url.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\occache.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\mstime.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\mshtmled.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\mshtml.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\msfeeds.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\licmgr10.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\jsproxy.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\iepeers.dll
2013-08-08 08:05:45 ----A---- C:\WINDOWS\system32\ieframe.dll
2013-08-08 08:05:45 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2013-08-08 08:05:45 ----A---- C:\WINDOWS\system32\corpol.dll
2013-08-08 02:02:53 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2013-08-06 20:35:45 ----D---- C:\Program Files\JDownloader
2013-08-05 15:30:13 ----A---- C:\WINDOWS\system32\ole32.dll
2013-08-03 01:48:38 -------- C:\WINDOWS\system32\wmvdecod.dll
2013-08-02 12:00:29 ----D---- C:\Program Files\CDBurnerXP
2013-07-24 21:31:17 ----RSD---- C:\WINDOWS\Fonts
2013-07-24 21:30:37 ----D---- C:\Program Files\OpenOffice.org 3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2013-06-18 99520]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2013-01-06 169088]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2013-01-06 601408]
R0 vididr;Acronis Virtual Disk; C:\WINDOWS\system32\DRIVERS\vididr.sys [2013-01-06 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53); C:\WINDOWS\system32\DRIVERS\vsflt53.sys [2013-01-06 83392]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2013-06-18 18528]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2013-07-08 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2013-06-18 32816]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2012-09-18 12216]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 busenum;Synology Virtual USB Hub; C:\WINDOWS\system32\DRIVERS\busenum.sys [2012-08-27 45792]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2012-01-16 2514752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-01-17 7081064]
R3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2012-09-18 43960]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2012-09-18 39608]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MEI;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\HECI.sys [2011-11-10 46080]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-12-08 327400]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Andbus;LGE Android Platform Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgandbus.sys [2012-03-02 14336]
S3 AndDiag;LGE Android Platform USB Serial Port; C:\WINDOWS\system32\DRIVERS\lganddiag.sys [2012-03-02 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port; C:\WINDOWS\system32\DRIVERS\lgandgps.sys [2012-03-02 20096]
S3 ANDModem;LGE Android Platform USB Modem; C:\WINDOWS\system32\DRIVERS\lgandmodem.sys [2012-03-02 25088]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [2012-12-05 67584]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2013-07-08 4801304]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-08 423136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-06-25 182184]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 845808]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2012-12-05 92632]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-05 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-06-18 127192]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-05 116648]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2012-10-01 295224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#11 Příspěvek od **Rudy** » 20 zář 2013 17:52

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:commands
[Purity]
[Emptytemp]
[Empytflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

PaRaZel · #12 Příspěvek od **PaRaZel** » 20 zář 2013 23:59

Tak nechci to zakřiknout, Comodo naběhlo mnohem rychleji, ale Chrome se pořád trochu loudá, každopádně RSIT poprvé spustil i HJT bez chybové hlášky (zatím totiž vždycky že HiJackThis nějaký error). Tady je log, co vy na to?
Logfile of random's system information tool 1.09 (written by random/random)
Run by P at 2013-09-21 00:54:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 26 GB (66%) free of 40 GB
Total RAM: 3487 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:54:28, on 21.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\PDF Architect\HelperService.exe
C:\Program Files\PDF Architect\ConversionService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\WINDOWS\Explorer.EXE
D:\Download\RSIT.exe
C:\Program Files\trend micro\P.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7392244734
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 8264 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-25 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-25 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-07-08 1464536]
"IMSS"=C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2011-12-16 133400]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2012-01-25 143128]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2012-01-25 181528]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2012-01-25 169752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384]
"Standby"=c:\Program Files\Common Files\Corel\Standby\Standby.exe [2010-03-18 105632]
"Seagate Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2011-06-30 395152]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2012-11-04 1851192]
"DiscWizardMonitor.exe"=C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2011-06-30 2638152]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2012-12-05 247768]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2012-01-16 301568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2012-10-01 66360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\CNAB4RPK.EXE"="C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikační program HP (HP Photosmart Plus B210 series)"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:Síťový komunikační program HP COM (HP Photosmart Plus B210 series)"
"C:\Program Files\DSAssistant_2647\DSAssistant.exe"="C:\Program Files\DSAssistant_2647\DSAssistant.exe:*:Enabled:DSAssistant"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.dvacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.FMVC"=fmcodec.dll
"vidc.XVID"=xvidvfw.dll

======List of files/folders created in the last 2 months======

2013-09-21 00:49:30 ----SHD---- C:\RECYCLER
2013-09-21 00:49:24 ----D---- C:\_OTM
2013-09-20 18:06:03 ----D---- C:\rsit
2013-09-19 23:04:42 ----D---- C:\AdwCleaner
2013-09-19 22:23:50 ----D---- C:\WINDOWS\temp
2013-09-19 20:56:59 ----A---- C:\WINDOWS\system32\drivers\i8042prt.sys
2013-09-19 20:44:30 ----A---- C:\Boot.bak
2013-09-19 20:44:20 ----RASHD---- C:\cmdcons
2013-09-19 20:41:58 ----D---- C:\Qoobox
2013-09-17 19:57:35 ----D---- C:\Program Files\trend micro
2013-09-17 13:20:14 ----D---- C:\Program Files\Handbrake
2013-09-17 08:27:35 ----D---- C:\WINDOWS\Minidump
2013-09-14 20:49:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$
2013-09-14 20:49:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2013-09-14 20:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2013-08-29 17:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-15 07:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$
2013-08-15 07:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 07:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 07:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2849470$
2013-08-13 17:45:34 ----D---- C:\Program Files\DsNET Corp
2013-07-24 21:33:37 ----D---- C:\Documents and Settings\P\Data aplikací\OpenOffice
2013-07-24 21:31:04 ----D---- C:\Program Files\OpenOffice 4

======List of files/folders modified in the last 2 months======

2013-09-21 00:50:52 ----A---- C:\WINDOWS\system32\log.txt
2013-09-21 00:49:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-21 00:49:29 ----D---- C:\WINDOWS\system32
2013-09-21 00:49:29 ----D---- C:\WINDOWS
2013-09-21 00:49:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-21 00:49:24 ----SD---- C:\WINDOWS\Tasks
2013-09-21 00:49:22 ----D---- C:\WINDOWS\Prefetch
2013-09-21 00:49:12 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-19 23:07:34 ----SHD---- C:\System Volume Information
2013-09-19 23:07:34 ----D---- C:\WINDOWS\system32\Restore
2013-09-19 22:26:40 ----N---- C:\WINDOWS\system.ini
2013-09-19 22:25:40 ----D---- C:\WINDOWS\system32\drivers\etc
2013-09-19 22:25:14 ----D---- C:\WINDOWS\system32\drivers
2013-09-19 22:20:38 ----D---- C:\WINDOWS\AppPatch
2013-09-19 22:20:35 ----D---- C:\Program Files\Common Files
2013-09-19 20:57:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-19 20:44:30 ----RASH---- C:\boot.ini
2013-09-19 20:21:17 ----D---- C:\Documents and Settings\P\Data aplikací\HandBrake
2013-09-19 19:58:41 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-17 20:53:50 ----D---- C:\Documents and Settings\P\Data aplikací\XnView
2013-09-17 20:53:26 ----RD---- C:\Program Files
2013-09-17 20:48:06 ----D---- C:\Documents and Settings\P\Data aplikací\JAM Software
2013-09-17 19:56:40 ----D---- C:\Program Files\PDFCreator
2013-09-17 19:56:40 ----D---- C:\Documents and Settings\P\Data aplikací\Media Player Classic
2013-09-17 19:56:40 ----D---- C:\Documents and Settings\P\Data aplikací\FileZilla
2013-09-17 19:56:28 ----D---- C:\WINDOWS\Debug
2013-09-17 19:55:53 ----D---- C:\Program Files\CCleaner
2013-09-17 14:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2013-09-17 13:09:49 ----D---- C:\Documents and Settings\P\Data aplikací\vlc
2013-09-14 20:50:06 ----HD---- C:\WINDOWS\inf
2013-09-14 20:50:04 ----D---- C:\Program Files\Internet Explorer
2013-09-14 20:49:17 ----D---- C:\WINDOWS\system32\MRT
2013-09-14 20:47:22 ----A---- C:\WINDOWS\system32\MRT.exe
2013-09-08 18:06:44 ----D---- C:\Program Files\Recuva
2013-09-08 18:01:12 ----D---- C:\Program Files\Gigabyte
2013-08-25 10:54:59 ----SHD---- C:\WINDOWS\Installer
2013-08-15 21:22:56 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-15 21:22:54 ----RSD---- C:\WINDOWS\assembly
2013-08-15 07:08:07 ----D---- C:\WINDOWS\WinSxS
2013-08-13 17:45:38 ----D---- C:\Program Files\aTube Catcher 2.0
2013-08-09 03:56:34 ----A---- C:\WINDOWS\system32\themeui.dll
2013-08-08 11:35:48 ----A---- C:\WINDOWS\system32\iertutil.dll
2013-08-08 08:05:47 ----A---- C:\WINDOWS\system32\wininet.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\urlmon.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\url.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\occache.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\mstime.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\mshtmled.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\mshtml.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\msfeeds.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\licmgr10.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\jsproxy.dll
2013-08-08 08:05:46 ----A---- C:\WINDOWS\system32\iepeers.dll
2013-08-08 08:05:45 ----A---- C:\WINDOWS\system32\ieframe.dll
2013-08-08 08:05:45 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2013-08-08 08:05:45 ----A---- C:\WINDOWS\system32\corpol.dll
2013-08-08 02:02:53 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2013-08-06 20:35:45 ----D---- C:\Program Files\JDownloader
2013-08-05 15:30:13 ----A---- C:\WINDOWS\system32\ole32.dll
2013-08-03 01:48:38 -------- C:\WINDOWS\system32\wmvdecod.dll
2013-08-02 12:00:29 ----D---- C:\Program Files\CDBurnerXP
2013-07-24 21:31:17 ----RSD---- C:\WINDOWS\Fonts
2013-07-24 21:30:37 ----D---- C:\Program Files\OpenOffice.org 3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2013-06-18 99520]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2013-01-06 169088]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2013-01-06 601408]
R0 vididr;Acronis Virtual Disk; C:\WINDOWS\system32\DRIVERS\vididr.sys [2013-01-06 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53); C:\WINDOWS\system32\DRIVERS\vsflt53.sys [2013-01-06 83392]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2013-06-18 18528]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2013-07-08 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2013-06-18 32816]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2012-09-18 12216]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 busenum;Synology Virtual USB Hub; C:\WINDOWS\system32\DRIVERS\busenum.sys [2012-08-27 45792]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2012-01-16 2514752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-01-17 7081064]
R3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2012-09-18 43960]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2012-09-18 39608]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MEI;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\HECI.sys [2011-11-10 46080]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-12-08 327400]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Andbus;LGE Android Platform Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgandbus.sys [2012-03-02 14336]
S3 AndDiag;LGE Android Platform USB Serial Port; C:\WINDOWS\system32\DRIVERS\lganddiag.sys [2012-03-02 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port; C:\WINDOWS\system32\DRIVERS\lgandgps.sys [2012-03-02 20096]
S3 ANDModem;LGE Android Platform USB Modem; C:\WINDOWS\system32\DRIVERS\lgandmodem.sys [2012-03-02 25088]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [2012-12-05 67584]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2013-07-08 4801304]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-08 423136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-06-25 182184]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 845808]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2012-12-05 92632]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-05 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-06-18 127192]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-05 116648]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2012-10-01 295224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#13 Příspěvek od **Rudy** » 21 zář 2013 09:08

Log je již OK. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Ještě zkuste u Chrome smazat cache.

PaRaZel · #14 Příspěvek od **PaRaZel** » 21 zář 2013 09:39

Rudy, je to OK! Můžete zamknout, mockrát děkuju a posílám podporu

#15 Příspěvek od **Rudy** » 21 zář 2013 10:55

Je to OK. Nemáte zač a za příspěvek děkujeme!

VIRY.CZ

Pomalé PC, náhlý restart

Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart

Re: Pomalé PC, náhlý restart